How UN law enforcement tracks global cybercriminals

Cybercrime, often powered by cryptocurrency, is a global problem. Neil Walsh, chief of the UN Office on Drugs and Crime Global Cybercrime Program, explains how law enforcement catches crooks.

Cyberthreats vary from country to country. And can even vary in different areas from the same country. TechRepublic's Dan Patterson spoke with the United Nation's Neil Walsh to discuss emerging cyber trends and what steps governments should take before an attack.

Patterson: As cybercrime proliferates, almost every company, government organization, NGO, and consumer will be impacted by one form or another, whether it's massive ransomware or DDoS attacks, cybercrime is a reality of digital life. For TechRepublic and ZDNet, I'm Dan Patterson with Neil Walsh. He is the chief of the United Nations Office on Drugs and Crime, that's UNODC, Global Cybercrime Program in Vienna.

Neil, thanks once again for your time today. I'd like to talk a little bit about the process of law enforcement, how we track and catch criminals. I know that that is your entire area of study and it's hard to kinda squeeze that in to a succinct précis. But let's start with a crime. Let's say a company has been hacked and data has been exfiltrated. What's a law enforcement agency's the first step? And what is the trail that law enforcement agencies follow?

Walsh: Hi Dan, thanks again for giving us your time. You and your viewers will understand that we're not gonna go into any classified detail here, or detail that would help the opposition to do their work.

But like everything, like any crime the first point is recognition that it's actually happened. And everything we see around the world, especially in cybercrime is that that often takes a large amount of time. In fact, there's some statistics out there that say that before a cybercrime, for example, an infiltration of the system, is detected could be 13, 14, 15 months, maybe even longer. So a start point is recognition that something has happened, and then if you're a business, what do you do? Do you call the police, or do you not? And some places just choose not to call in law enforcement because they're concerned about their share value, others will then make that call. And then that's where the investigative start point will come to look at what's happened, how has it happened, what are the indicators of compromise, how have cyber criminals or those associated with them done their business?

SEE: Cyberwar and the Future of Cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Patterson: So what types of crimes do you investigate and the United Nations see as a top priority?

Walsh: Sure. So within the UN we don't run any investigations, but we certainly mentor the capability of law enforcement prosecutors and judges in different bits of the world. So for the moment my staff are based in Central America, Northeast Asia, North Africa, sorry - Southeast Asia, North Africa, and East Africa as well. And it very much depends on what's happened where at what point in time. And you'll understand that in each country, even in different areas of the same country, very much it may depend on the capability and the skill level of law enforcement.

I think of some of the bigger operations and the bigger results we've seen over the past year or two, we've had significant impact on online pedophiles who have been active in Guatemala and El Salvador with really good convictions of highly predatory pedophiles who have offended against many, many children. Right away through the other parts of the world where we've have online banking compromises where we've helped to recover the proceeds of crime, we've helped identify where evidence may sit, so it really depends on where it's happened.

Patterson: Do you see trends emerging ... obviously there are always consistent forms of cyberattacks, I'm thinking specifically about maybe DDoS or attacks that take less sophistication, but do you see as web tools become easier to use and as the world undergoes digital transformation, do you see particular trends emerging that are our top priority?

Walsh: Again I think we've seen differences in different parts of the world. Last week we saw some stuff from open sources about a highly capable, highly technical nuclear system compromise that was simply sitting there on the internet and as you know and a lot of your viewers will know, that we see the context of cybercrime as a service where you have a highly skilled, highly technical crime group who will offer their service to criminals, to terrorists, and to offensive host-nation capabilities as well, so that's one thing.

I think what we continue to see as well, and if you look at the data that we see coming from Interpol, from Europol, we see the risk of chief executive officer fraud, where somebody may compromise my email or create an email that looks like me, send that to one of my staff to get them to move a large amount of money out of an official bank account, and then we lose control of those funds. And we see that continuing to happen around the world per respective jurisdiction.

SEE: Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)

Patterson: And how do you then advise policymakers and business leaders to proceed? Again without giving away your specific methods, but what is good advice?

Walsh: Our key advice is that you have to have a government-led or a national cybersecurity strategy and actually make sure that that's implemented and that a government knows at a high level how to respond.

So you might have seen actually, in the press, the past couple of days the head of the UK National Cybersecurity Center saying that it's only a matter of time until the UK government faces a critical cyberattack. I think that that's something we can see reflected across the world. If you recall one of the times we spoke last year just after the WannaCry ransomware attacks happened, we saw the impact that that had on government, on healthcare, on banking systems.

So have a strategy, have it in place, and actually know what we do when the wheel comes off. There's no point in having a strategy written that hasn't been through a tabletop exercise, that hasn't been war gamed.

Patterson: That's good advice, and it's good advice to reiterate as we move into the new year. And Neil Walsh, what can be anticipate? Obviously we see the rise of cryptocurrency, but what about attacks that target critical infrastructure or serve to undermine government and established agencies in the next year? If I'm in charge of something, no matter how big or small that thing is, what should I be worried about this year?

Walsh: I think we're going to continue to see a proliferation of attacks that are through Internet of Things—IOT compromises. We keep seeing hundreds of thousands of devices that are being compromised and turned into a BoP net or a BoPic network, and it would seem to me that if we can buy any sort of connected device online and the username is "login" and the password is "password," then that's going to continue to make things hard.

We can't be in a position where it's down to the consumer or the user to put cybersecurity onto their devices, that has to come from standard because you wouldn't buy a car and then decide for yourself how many seat belts you need or where you think the airbags ought to be. That has to be the same for a connected device, that you buy it and it's in a position to safeguard your data and safeguard your cybersecurity.

I think at a government level we're going to continue to see the impact of ransomware, be it as ransomware for genuinely making money or we've seen the wiperware and the sort of WannaCry attacks that again look like a probable state-based attack as well. That will continue to increase. But remember like all types of crime and terrorism, criminals will seek to infiltrate and exploit weakness. So if you have weakness in your cybersecurity, you have weakness in your legislation, you have weakness in the capability of your policing and law enforcement to respond, criminals will target that and try to exploit it.

Also see

Image: iStock/Tashka

About Dan Patterson

Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.

Editor's Picks

Free Newsletters, In your Inbox