Meet the Cybercriminals - Victoria Baines

foreign criminals who on Earth are they are they evil masterminds bent on world domination or are they awkward teenagers in Gloomy bedrooms could they possibly be people like me or you it depends on what we mean by cyber crime and it depends on who is asking popular culture tells us that the typical cyber criminal looks like this and the eagle-eyed amongst you will recognize this as one of the images used to promote this lecture one would hope that if we were to turn this person around we might

find out more about them but no as often as not and as we explored in last year's lectures cyber criminals are curiously faceless techno grim reapers so this set me thinking what could I do to uncover these faces for you I have cases that I've worked on but I'm not allowed to tell you about those well I could tell you but I'd have to kill you how else then can we shed light on these evidently Shady characters we at least need some kind of starting point a stereotype that we can either confirm or

shoot down well it's become very fashionable to use generative AI to produce content so I asked darlie to a model that generates images from natural language descriptions to give me a typical cyber criminal and this is what it generated what do you think in my opinion this is a pretty good effort it certainly seems to conform to The Stereotype we see in movies and TV series that of a young white male now I am not suggesting for a second that generative AI knows the answer to the question what d

o cyber criminals look like the chances are that young white guys in hoodies were prominent in the set of images used to train it but at least now we have a visual representation of our expectations as shaped by our exposure to mainstream media the sensible scientific Next Step would be to test this using good solid data but there is I'm afraid spoiler alert no Global database of cyber criminals not even of those who have been caught a further complication is that very often evidence of a cyber

crime is not easily linked to a human at least not in the first instance in that respect it's unlike a murder investigation where you can immediately interview people in the victim's family or their acquaintances it's unlike an assault where victim and eyewitness statements can help to identify a suspect and it's unlike a burglary where CCTV fingerprints and even shoe prints can provide vital Clues in comparatively simple cases like unauthorized access to a Facebook account the available data do

esn't directly identify a potential suspect on screen is real data showing IP addresses and session cookies for a device logged into an account an investigator can take those IP addresses to an internet provider or a mobile operator and they can ask them to identify the account holder for that internet connection at that particular time but without further investigation they can't say who the likely offender is law enforcement cannot or at least should not go around simply arresting the person w

ho pays the internet bill when any number of people in a household or a business or an internet cafe might share that access so in their quest to identify human suspects analysts and investigators use a combination of technical Clues and intelligence for example from Criminal forums where people do like to talk about themselves Hawk their Wares and brag about their exploits the more sophisticated cyber criminals are inevitably better at concealing their true identities state-sponsored groups or

apts standing for advanced persistent threat they can operate for several years before any of their members are identified by name in the meantime groups are given alternative monikers which are sometimes based on a numerical system starting at apt one at others on a taxonomy of animal species that's partly based on National associations I've been musing on these classifications for some time now and I'm not altogether convinced that they're entirely helpful but let's see what you think and let'

s again Ask generative AI to help us visualize some of the world's most notorious cyber criminals well first off the rather Dapper looking character on the left is Dali 2's depiction of fancy bear also known as apt-28 this group's targets have reportedly included European governments domestic political opponents of the Russian government French television station tave sank Monde the world anti-doping agency the U.S Democratic National Committee and the Ukrainian military and on the right is Cozy

Bear implicated in attacks on the U.S during the 2016 presidential elections on the Norwegian and Dutch governments and in the theft of government data related to covert vaccines and treatments in several States both groups are believed to have close links with or to be employees of Russia's foreign intelligence service the svr next up do we have any guesses for these two thinking of animals National associations yes indeed they are two faces of Chinese cyber crime so allow me to introduce you

to vertigo panda AKA Red Delta a state-sponsored group believed to be behind attacks on the Vatican and the Catholic church in Hong Kong and as I'm sure will be obvious from the buoyancy Aid on the right is aquatic Panda AKA Earth lusker and red Dev 10 known for its attacks on a range of organizations of interest to the Chinese government but also on cryptocurrency payment platforms and exchanges at this point it all starts to get rather tenuous here we have Dali 2's depictions of cosmic wolf a

group that reportedly conducts targeted attacks in support of Turkish State intelligence gathering and my personal favorite an Iranian hacktivist group known to the cyber security Community as Frontline jackal you can see currently how generative AI came up with this particular image now these naming conventions came about as a practical workaround a means for Defenders and investigators to refer to cyber criminals prior to their identification as individuals but I would argue that styling them

as Fantastic Beasts mythologizes them it presents prevents us from getting the measure of them as humans it bestows on Cyber criminals precisely the kind of Kudos many of them seek unless of course they are unfortunate enough to be in the crack Iranian unit known as banished kitten over time law enforcement can get closer to identifying individual members of these groups and the international dimension of cyber crime the extent to which offenders are very often in a different country to their vi

ctims is evidence in some lists of Persons of Interest now this is the FBI's cyber most wanted list and it's publicly available on the internet and this names 15 suspected members of that Russian group fancy bear and these three North Korean Nationals are believed to be members of Stardust cholimar AKA apt-38 they're popularly known and you will probably know them as the Lazarus group in case you're wondering because I certainly did a cholama is a mythical winged horse rather like Pegasus Lazaru

s has been active since at least 2009. it's believed to be behind the hack of Sony pictures in 2014 the theft in 2016 of close to a billion US dollars from the Central Bank of Bangladesh and the 2017 wannacry Global ransomware attacks that impacted the UK National Health Service among others when we review all of these mug shots on the FBI's website we can see that ethnically they're quite diverse not necessarily however in other respects which we will come to shortly so how does this compare wi

th national statistics on people who make it to court here in the UK the ministry of Justice publishes statistical data on criminal prosecutions in England and Wales under the computer misuse act and this covers unauthorized access to computer material that is hacking and interference but also writing and selling tools to help cyber criminals and when we look at the data for the last three years we see that 85 percent of defendants are white which is not too far off they're 82 representation in

the UK population as a whole this is however quite a small data set of just 441 prosecutions and there are so many things it doesn't tell us it tells us nothing at all about the Cyber criminals who get away with it and inevitably it tells us nothing about cyber criminals in the rest of the world rather frustratingly for us researchers many countries simply don't publish criminal justice statistics for cybercrime and in their absence law enforcement operations can be quite informative what we ten

d to find is that press releases from law enforcement in other countries mostly feature their own Nationals and the images you see on screen here are taken from the Facebook page of the cyber crime unit in Cote d'Ivoire most if not all of those arrested are ivorian why is this why don't we see the ethnic diversity so evident on the FBI's most wanted list it's largely a question of jurisdiction law enforcement has the authority primarily to pursue criminals who are physically located within their

National borders so if there is a suspect in another country it's often more practical to pass the information to the authorities there so that they can arrest and prosecute extraditions do happen but rarely and they are even less likely when the suspect is working for the government consequently many wanted cyber criminals are destined to remain just that now you may have noticed that not a single one of the 119 individuals on the FBI's list appeared to be female what could account for the com

plete absence of half the world's population from the ranks of the world's most sought after cyber criminals as you can see women represent 12 of cyber crime offenders in the criminal justice data set for England and Wales and it may be tempting to see this as confirming the belief of some that they are simply less technical than men leaving aside the extent to which the Assumption of technical incapability can actually exclude girls from an education in stem subjects that's a a discussion for a

nother time perhaps or the question and answer session afterwards this explanation ignores several other possible factors among them an increased likelihood that state-sponsored cyber criminals either work or have worked for the military and a hypothesis that links male dominance of cybercrime to a higher prevalence of autism when we look to other less technical online offenses for comparisons such as trolling and hate speech under the malicious Communications act we see a similar gender distrib

ution although I should state that this is a smaller data set of just 153 prosecutions in those three years and I should also clarify that the data here currently provides for only two genders in England and Wales between a fifth and a quarter of all people in the criminal justice system are women and this suggests that there may be other factors at play here than technical skill alone and just because women are not dominant in cyber crime that doesn't mean that they are absent people who identi

fy as women do write malicious software as demonstrated by the conviction of alavita in the top left here for creating the trickbot banking Trojan and ransomware Suite they do gain unauthorized access Paige Thompson top right was found to have compromised an Amazon web server containing the data of a hundred million Capital One customers they've also been active in ensuring that cyber Crime Pays Christina's fetchinskaya bottom left as a money mule for a group operating this use banking Trojan an

d in July of this year Heather Morgan in the bottom right aka the rapper Razzle calm pleaded guilty to money laundering and conspiracy to defraud the United States for her part in the hack of four and a half billion US dollars worth of bitcoin from a cryptocurrency Exchange then we have Bulgarian national Russia ignativa AKA crypto Queen she may not have made it onto the FBI's cyber Most Wanted but she is in its top 10 of most wanted fugitives for her alleged participation in the fraudulent onec

oin cryptocurrency scheme that resulted in investors all over the world losing billions of dollars in the Cyber criminal ecosystem the people who can dupe victims and turn data into Hard Cash are not bit players they are Central to the business model researchers at cyber security firm Trend Micro analyzed visits and posts to five English language and five Russian language cyber criminal forums they used marketing tools and textual analysis and they found that around 40 of visitors and 30 percent

of active participants were women they advertise their services and they talk about their exploits just as the male contributors do so this prompts us to consider further intriguing questions how are we to explain the gap between female representation in the Cyber criminal ecosystem and criminal justice statistics are UK women simply less present in the 10 forums that were analyzed by Trend Micro it's possible might women show up less frequently in criminal justice data because they're less lik

ely to get caught we shouldn't rule it out at this stage it may be the case that women are more successful cyber criminals better at avoiding law enforcement detection could it be that law enforcement doesn't catch many women because it's not expecting to find them we would need a lot of additional data in order to answer any of these with any level of confidence at the moment I'm afraid we just don't know what about the third attribute of The Stereotype of the young white male popular culture d

oes tend to associate technical ability with youth hackers are often portrayed on screen as boyish Whiz Kids younger in years and less mature than other underground types so we may be surprised to find that under 18s represent just three percent of cyber crime defendants in England and Wales now the way the ministry of Justice sets the age ranges here is a little misleading as you might be able to see they're not all the same length in years in fact the largest proportion of those prosecuted for

computer misuse offenses in blue are actually in their 20s it's those two here adding up to 35 percent you may also be able to see that there is no one in the data who is under 15. the age of criminal responsibility in England and Wales is just 10. it's among the lowest in the world the complete absence of 10 to 14 year olds here would suggest either that they aren't coming to the attention of law enforcement or that any charges against them do not go to court and to that end offenders who are

under 18 may be given a youth caution for a first offense having said all of that when we add malicious Communications offenses to the mix here in Orange we can see the prosecutions for the more technical cyber crime offenses do appear to have something of a younger demographic than those for cyber-enabled trolling and hate offenses that tiny Blue Block towards the far right of the chart just before the final orange one that represents just one offender in the 60 to 69 age range and we don't hav

e any 70 plus for cyber crime earlier I use the phrase business model which rather suggests doesn't it that all cyber crime is motivated by financial gain we might assume for instance that organized crime is driven by profit governments and activists by ideology and teen hackers by the esteem and satisfaction that comes from Beating A system that is designed to keep them out in reality it's not always that clear-cut a court in the UK recently heard how two teenage boys both diagnosed autistic we

re part of the lapsis international gang of cyber criminals the Elder of the two gained access to servers belonging to telecoms company BT and mobile operator EE and he demanded a ransom of 4 million US Dollars on pain of deleting the data the boys also stole close to a hundred thousand pounds from a number of cryptocurrency accounts the prosecution cited quote a juvenile desire to stick two fingers up to those they were attacking but clearly the prospects of huge sums of money was something of

a draw we've also seen state-sponsored cyber criminals using ransomware to extort money North Korea reportedly uses this business model to fund its Espionage operations and its nuclear weapons proliferation the bank of Korea in Seoul estimates that in 2020 Pyongyang derived at eight percent of its GDP from cyber crime so just think if you've ever paid a ransom to cyber criminals you could have chipped in for a missile for King Jong-Un one would naturally expect the spread of fake news and disinf

ormation to have purely political objectives government agencies who want to influence the outcome of an election or so Discord in a community may well be ideologically motivated but the grunt work of spreading false information is often outsourced to private companies and individuals whose motivation is financial when the Russian government wanted to spread fake news during the 2016 U.S presidential campaign to the effect that the pope was backing Trump that Hillary Clinton had sold arms to Isi

s and that Michelle Obama was a man they reportedly paid young people in North Macedonia to do it the town of velas there that you can see highlighted southeast of the capital Skopje has since become synonymous with the disinformation industry speaking to channel 4 news in 2016 a 16 year old contractor said he was doing it out of boredom and because there wasn't much for kids to do around there in 2018 another explained to France 24 that creating fake news websites allowed him to buy some new tr

ainers sneakers for our International audience and to go on holiday to Greece now in my lectures last year we explored how cybercrime can be prevented through digital hygiene measures the basic steps members of the public can take to protect themselves their friends and family their businesses and The Wider community and we considered how the sheer scale of cyber crime its International reach and its pervasiveness in society make it a suitable Public Health response with a focus on prevention at

a population level but also targeted interventions for at-risk and affected groups in order to counteract cybercrime effectively what we need to do is engage not only potential victims but also potential offenders and to understand that their motivations are several not confined to a particular demographic and not always distinct we can't always say with confidence that a cyber criminal is motivated solely by money or ideology or kudos timing is also key some government programs seek to raise a

wareness among young people that hacking is illegal others seek to harness their abilities and their need for achievement for good for which read government approved activity these initiatives depend on diverting young people before they commit a crime that comes to the attention of law enforcement and to ensure that they follow the path of the white hat instead of going over to the dark side with the black hats but once an individual has been convicted of an offense it can be challenging legall

y and practically to integrate them into the cyber security Workforce and this means that the very people who can be of most use to a company or a country are often those who have previously been identified as a threat equally there are cyber criminals whose motivations don't quite fit the archetypes um this is generative ai's depiction of Insider threat and it's fair to say if you look closely and there are a few things that are not quite right with this image perhaps the most obvious and unner

ving being the two neckties one of which is protruding directly from this object's flesh now Insider threat can present itself in a number of different ways career cyber criminals May apply for jobs at organizations that they wish to infiltrate existing employees may go Rogue because they have money troubles or a grievance or both well-meaning employees may fall for phishing attacks and social engineering because it can take time to establish whether a breach is accidental or deliberate some cyb

er security Specialists prefer to see all employees as potential threats until proven otherwise we are all then to some degree Under Suspicion everything we've considered so far presumes that people engage in cyber crime willingly albeit not always wittingly but the last few years have seen the emergence of a new Criminal business model in which people from East Africa the Middle East and South America have been deceived into traveling to Southeast Asia where they are then forced to work as onli

ne scammers according to the United Nations this Bears all the Hallmarks of human trafficking and the UN estimates that a hundred and twenty thousand people in Myanmar and a further 100 000 in Cambodia are currently being forced to work in this way are these people cyber criminals or trafficking victims or are they both should they be prosecuted or rescued duress under threat of death or Serious injury is a recognized defense in a court of law but how should Society treat cyber criminals who are

economic captives it can also happen that people who are motivated by ideology do not consider themselves to be criminals even while they may actively engage in stealing data disabling Digital Services and interfering with Communications you may recall that in 2013 Edward Snowden removed and leaked highly classified information from the U.S National Security Agency about its online surveillance operations whether you think he is a dangerous criminal or a public servant depends to some extent on

your personal evaluation of the trustworthiness of governments but what about where many thousands of otherwise law-abiding citizens participate in cyber attacks because they believe it's the right thing to do people from all over the world have joined the volunteer I.T Army of Ukraine its telegram Channel boasts a quarter of a million subscribers and a bilingual website provides Attack instructions suggested targets command tools and Bots for distributed denial of service attacks aimed at disa

bling Russian government's infrastructure several governments have warned their citizens against getting involved because there is no legal protection for civilians who conduct cyber attacks even if the cause is widely held to be just cyber crime is cyber crime is cyber crime or is it in the first lecture of last year's series who owns the internet we discovered that definitions of what constitute cyber crime can differ from one country to another in the ongoing negotiations for a un cyber crime

treaty several states have proposed that certain types of speech be criminalized worldwide Belarus Burundi China Nicaragua Russia and Tajikistan want to Outlaw quote the distribution of materials that call for a legal acts motivated by political ideological social racial ethnic or religious hatred or enmity advocacy and justification of such actions or to provide access to such materials by means of ICT Egypt has called for criminalization of the spreading of strife sedition hatred or racism Jo

rdan hate speech or actions related to the insulting of religions or States using information networks or websites with such elastic terms as enmity strife and insult there is a risk that many more of us could be branded cyber criminals in the not too distant future simply for expressing our political views or criticizing someone in authority balances need to be struck carefully between on the one hand minimizing the use of I.T to incite physical harm and on the other ensuring that our freedoms

of speech and assembly are not unduly restricted so are we all cyber criminals now we clearly don't all commit technically sophisticated offenses on a regular basis but an appreciable minority of us actively bend the rules and even break the law when using I.T a survey conducted by Forbes found that 42 percent of respondents used their work virtual private networks to bypass geographical restrictions on streaming services You Know Who You Are extensive sharing of passwords led to Netflix changin

g its policy in an effort to combat Mass freeloading in a 2021 survey of nearly 8 000 European youth aged 16 to 19. one in eight reported engaging in money muelling or laundering the same proportion in online harassment one in ten in hate speech hacking and cyber bullying respectively and one in 11 for each of fishing non-consensual sharing of intimate images online fraud and identity theft the signs are then that the Cyber criminal population is diverse it spans all age groups all ethnicities a

nd all genders at the same time not all cyber criminals are stereotypical Geeks not all are driven by a lust for profit an extreme ideology or Devotion to a motherland this matters for several reasons a diverse population Demands a range of prevention disruption and enforcement measures someone who is motivated by an extreme ideology may require de-radicalization to desist from offending while someone who is driven into criminality by poverty may be better served by alternative employment opport

unities a deeper appreciation of cyber criminal demographics and criminogenic factors should result in better defense and better enforcement the assumption that cyber criminals are male May well reflect male dominance in the cyber security industry and in law enforcement cyber crime units it may also lead to missed opportunities to profile suspects and defend against them effectively here too we really do need more data but it's reasonable to infer that the more representative they are of the of

fender population the better the insights and responses Defenders can provide now you'll be unsurprised to hear that there is growing concern about cyber criminal misuse of artificial intelligence and yes this is what Dali 2 generated when I asked it for a robot cyber Criminal still wearing a hoodie you notice cyber attacks are already automated to some degree automation is what enables scammers to Target many thousands of victims at once and criminals can already use chat GPT to generate scam m

arketing content and code tools that scan for vulnerabilities in networks and systems remove the need for a human to do so manually and they enable tasks to be completed more quickly and at scale the potential for AI powered self-learning malware has been recognized but so far September 2023 in case you're listening after the fact we haven't seen it in the wild at some point we may need to entertain the prospect of machines as Bad actors cyber criminals in their own right which will then prompt

some interesting legal questions among them if AI commits a criminal offense and it is ostensibly autonomous is it criminally responsible or would the authorities always pursue a natural person for creating it and deploying it would we need to prove that that human had knowledge of ai's criminality or would we hold the human responsible simply because the offense happened on their watch much as we do CEOs for the misdemeanors of their employees as the images generated for this lecture demonstrat

es I think we have a way to go yet for the time being at least there is still a person behind every cyber crime a human operator understanding their thoroughly human attributes and impulses is challenging because we don't have those large international data sets that we would need to match the huge scale and the global reach of the crime what we're able to glean from National Data research with limited sample sizes and media coverage provides an incomplete picture but also some fascinating insig

hts that can test our assumptions and it sets us thinking about how the Cyber criminal population might evolve in the future the Cyber criminals we know are getting older the hackers and social Engineers of the 70s and 80s are already dying out and if indeed it is the case that a large number of cyber criminals are motivated by the challenge of gaining unauthorized access to data and systems well then we shouldn't necessarily expect them to hang up their black hats as soon as they reach the nati

onal retirement age not least because they don't have workplace pension schemes so we should probably prepare ourselves for a larger number of computer misuse offenders over 60 years of age then that lonely one that we saw earlier when we look at Cyber criminal demographics and motivations we're forced to conclude that keeping an open mind and continuing to question that stereotype of the young white male gives us a better chance not only of preventing as many people as possible from becoming of

fenders but also of stopping them reoffending and as digital technology presents us with a plethora of Temptations to misuse it as governments increasingly seek to Define Cyber crimes any misuse of I.T there is a real risk that even more of us will be cyber criminals hoodies of course will always be compulsory but the world's most notorious cyber Outlaw could turn out to be an elderly woman perhaps even a middle-aged one imagine that thank you very much right I have a couple of questions online

I'm so glad you're taking it I'm so glad you're taking these questions not me um now are there any Martin asks are there any statistics on accidental cyber criminals I.E the prevalence of people without man intent being taken to court for cyber crimes so the short answer is statistics no know um perhaps information case studies do something people exist um so I think where we have that Insider threat is really where we see you know most opportunity for that to happen um we also have you know whe

n I think about high-profile prosecutions across National borders for um people with autism that's not accidental necessarily but the the extent to which you can say that someone exerted their own impulse control made an informed decision to commit a crime is called into question and is frequently called into questioning courts of law I'd love to find some statistics on accidental I think one of the problems we have with that is responsible breach disclosure so a lot of the time if a company is

breached and that's happened on wittingly or because someone's been tricked that will stay in-house or in the UK it will be reported to the information Commissioner's Office the Ico but you wouldn't necessarily have that person named and shamed in the public um because from my perspective what I want to do is is encourage a responsible culture where people feel it's safe to come forward and say I'm really sorry I clicked on that email I know I wasn't supposed to but it you know I thought it was

from my boss Etc so statistics not necessarily we do have a few cases people tend I would like to think in Democratic countries not to go for prison for things that they've done by accident in the cyber crime world but I'm not ruling it out yeah there's a PhD thesis absolutely absolutely yeah okay um oh good lord suddenly we've got millions of questions um this person is interested in what can be done about state-sponsored I'm paraphrasing the question here because it's rather long but what can

be done about State actors oh gosh it's at what level I'll try and break it is there any hope for dealing with um right goodness cyber criminals who are essentially shielded by the state I'm going to try and break this down in a number of levels but try and do it as quickly as possible so apologies if we fly through this okay um so um if you came to see my um fake news lecture last year then you'll know a little bit about this if you didn't then please listen to it I thought it was quite good um

and well we talk about state-on-state influence operations and disinformation campaigns um and I think the short answer is there will always be espionage even quote unquote good countries like the US hack German Chancellor's phones and things like that allegedly um so you know Espionage isn't going to go away anytime soon propaganda isn't going to go away anytime soon but what we saw certainly around 2016 with those influence operations those disinformation campaigns is that you and I became th

e front line of that because when we fell for it and when we shared those posts about Michelle Obama being a man Etc um we were doing their work for them we were sharing we were becoming part of the machine so for all of us in this room and listening at home the thing we can do is we can by keeping ourselves safe and secure online and you know going through those basic digital hygiene measures that I outlined last year um by you know not becoming a victim of ransomware Etc you know we're actuall

y starving North Korea of Revenue that feels pretty cool to me so you know that's that's the front line then there is of course the Diplomatic aspect of this and I said didn't I that extraditions happen very rarely they do happen but they happen between countries like the UK and the US that already work with each other one of the reasons why there are still so many people on the FBI's most wanted list is that the prospect of Russia and China and North Korea turning around and going actually you

can have those guys we'll send them over to you and you can lock them in prison a very very slim but what we do sometimes have also in the context of the UN cyber crime treaty is people negotiating and navigating around each other to come to an agreement about how they deal with state-sponsored attacks because state-sponsored attacks are a problem for everybody it's not just Russia and China doing it it's the I.T Army of Ukraine you know kind of getting all these volunteers everybody's at it nob

ody wants it but it's a little bit like brinkmanship and I mean one of the problems is of course scale I imagine you know when a state gets involved in some of those numbers seem very large to me large numbers of Bad actors there's a question here which I think is rather interesting which asks you to talk a little bit about bellingcat and or citizen investigation of cyber crime because presumably that's the way you can get scale of Investigation on the other side is that a realistic yes so um if

anyone is sitting in here and sitting at home thinking I'd like to become a civilian cyber crime investigator I've had to have this conversation with my mum she's the daughter of a police officer she's very very good at open source investigation but I've had to say to her no stop it right because as I pointed out with the I.T Army of Ukraine unless you work for law enforcement unless you work for the government it's a little bit like The Accidental question you don't have any legal protection t

o do this what you can do is look into information that everybody can access publicly and that's where bellingcat I think has been absolutely fantastic um so you can do that and there are some operational security tools that I would recommend everybody uses like virtual private networks to mask your IP addresses mask your identity so that you can do that safely without being outward or doxed to use cyber terminology yourself because it's not fun being outed as somebody who does these kind of Inv

estigations um what I would advise you against doing is setting up fake profiles to go and pretend to be somebody else to go and interact with criminals um you know people do do they send and for really really good reasons and they mean very very well but you can suddenly find yourself in a space where you're having you're being forced to commit criminal act you know criminal offenses and I don't want you to be in that situation um what I do think is that bellingcat and others have been fantasti

cally useful in getting some of this data out and I think one of the things we started to see as well um is you know more technical means of scraping data that help us understand um cyber criminal forums a lot better um but scraping data I mean we've talked about this before scraping data is good when the good guys do it and scraping data is not great when the bad guys do it so double-edged sword as ever so I thought I've got loads of questions here which is great so you mentioned forums and um

this question says that there are many Forums on the internet full of cyber criminals and they're not trying to hide themselves why do you think that no action is taken about the forums I think not the crimes but the chat between them so you've got I mean we stop the track stop the crime and I think part of the problem is we talk about the dark web as a single thing but actually you know the the person asking this question is absolutely right there are spaces where people are saying I've got cre

dit card details and I would like to buy them and you can just go and look at that and it's quite scary um scale is one thing we've mentioned scale there is so much cyber crime that ordinary law enforcement agencies will struggle to deal with it so we need technical means to deal with that that's why when we've talked about cyber security before that's why cyber security companies and vendors get so involved in threat intelligence because they have resources that law enforcement doesn't so scale

is certainly one aspect of that um I think it's also the international Dimension again so if you think about a website where people will paste a load of stolen data or say I write malware would anybody like to hire me and actually that Trend Micro report that I mentioned is just one of you know those those forums are exactly that people even Pro post profile photos of themselves and they have certain badges about you know things they can do I can write ransomware Etc um that there are people wh

o've got their own photos up yeah or you should have a look at that gender reports it's fun it's fantastic it's almost like um top trumps cards really sticking two fingers up to law enforcement when you do that certainly certainly and and so the international dimension of this is is really tricky I mentioned five of those forums are Russian language so they're probably in Russia or Belarus or somewhere you know Russian speaking um and you know the prospects of UK or U.S law enforcement dealing w

ith those are quite limited what they can do is they can work with the hosting companies if they're legitimate hosting companies to get the websites taken down but you know um the bad guys learned from this quite a long time ago and they set up their own criminal hosting networks this is going back almost 20 years so you know you have things like bulletproof hosting which is designed to be safe from law enforcement so it is that cat and mouse game of every time we develop a solution to deal with

a problem there's a work around that the bad guys do it's not hopeless but it does mean that you know law enforcement is constantly having to play catch-up and there's a related question here which says and why is it taking so long for the the platforms to take responsibility I'm not quite sure what is meant by the platforms but possibly it's Facebook and then okay yeah yeah and it depends responsibility for what I suppose they might you know but let's let's try and break that down yeah so the

first question I guess is are those platforms a major source of communication between hackers or cyber criminals um so it depends whether you're talking about technical cyber criminals or cyber-enabled crime and it varies a great deal from platform to platform um so if we're thinking about dark web forums quite often they're not indexed by Google so you wouldn't necessarily stumble across them in a in a in a Google search um but you know some of the most um persistent techniques for criminals of

all flavors to communicate with each other is to just use web-based email like we do um but rather than sending an email saving a draft email in your drafts folder which means it's not intercepted in transit it stays in your email drafts folder so that's quite low-tech isn't it it seems quite low-fi but some of those things still occur so um at the same time they share the address and they all log in yeah and you just log into the same account at the same time um there were services like encro

chat that criminals develop themselves to be an encrypted messaging system because they didn't trust that WhatsApp as soon as it was bought by now meta as was Facebook that it would still be secure for criminals so there are you know specifically criminal designed communication systems um I mean with something with a service like Facebook it depends whether you're talking about frauds counterfeits child abuse if we're looking narrowly at cyber crime um really that's where the victim pool is is o

n social media um more sophisticated cyber criminals will tend to keep themselves in proprietary spaces so that coordination tends not to happen I would say so much on mainstream platforms um but we're there and we're rich pickings if we don't protect ourselves right so as an attack platform a place where they can be attacked it remains a problem yeah and I didn't quite tease out of you whether they were being too slow or not I mean that was the number of the question I think I think that's a re

ally really difficult one to answer and not simply because for those of you who don't know me I did used to work for Facebook in their law enforcement liaison quite a few years ago and what I saw was that they were doing a lot and I and I was part of that you know working with law enforcement cyber crime units um but with you know however many I think we had two billion users at the time developing tools at scale meant that you had to have automated Solutions there weren't there literally weren'

t enough people in the world to work those cues to keep people safe on those platforms which raises another question of well are some of these platforms just too big to be safe that's a philosophical question I think that it might take a little bit longer to answer but it's it's challenging and I think the short answer is that it's they must and they should always do more and whatever they possibly can I'm going to sneak in one more yeah that's all right yeah I know I'm putting you on the spot t

o what extent has our culture of immediacy facilitated cyber crime should we just slow down and introduce more air gap systems that's a fantastic question whoever whoever asked that yes absolutely um so as you know I'm quite a fan of looking at Social Engineering and the psychological and the emotional side of that you know what do most scams have in common they say to you you have won a massive prize you have five seconds to claim it what so it's really heightening that sense of urgency and of

course our use of technology that is to a certain extent promoting a feedback loop of instant gratification I think we should you know that we keep ourselves safe by going oh that doesn't look quite right I'll just put that down and go and make a cup of tea and come back and if the free iPad offer is no longer there oh well it's gone now when we talk about the metaverse and when we talk about um things like heads up displays and displays that are delivered in our line of sight rather than on a s

creen at arm's length we may have a bit of a problem with air gapping because if something if a piece of fake news or an offer is displayed here and it runs as a ticker tape in front of your eyes or in the air you don't have that opportunity to have that same critical physical critical distance um and I wonder what we're going to need to develop as the human race to make sure that we still have that emotional air gap without having to take everything off we need slow I.T don't we lower it tight

time is pressing upon us and on the topic of immediacy well that was actually for me instant gratification so uh Victoria thank you very much thank you [Applause]