How Interpol is hunting down cybercriminals with data

Craig Jones, Director of Cybercrime at Interpol, discusses how it's working with countries to fight cybercrime.

The 1989 book, The Cuckoo’s Egg, details systems administrator Clifford Stoll’s ten-month hunt for a state-sponsored hacker. Stoll slept under his desk at the lab; programmed his pager to alert him when the hacker logged into the network; and set up dozens of printers that tracked everything the hacker typed in real-time.

Cybersecurity today is still much like a game of cat-and-mouse, and the world needs all the information possible to apprehend malicious actors. Interpol is partnering its 194 member countries and the private sector to use data to hunt down cyber criminals.

GovInsider caught up with Craig Jones, Interpol’s Director of Cybercrime, to find out more.
 

Apprehending cyber criminals with data

Cybercrime has a “very dispersed crime scene”, Jones says. Malicious actors can commit crime around the world from one location, using infrastructure in another country. This borderless nature of cybercrime can make it difficult to track down criminals.

To tackle this, Interpol is working to aggregate data from different countries and companies on a “cyber fusion” platform, he says. The platform collects data on where the victims are and how they have been attacked.

If victims’ data was harvested, for instance, Interpol tracks down where the data ends up. If they paid a ransomware, Interpol determines the location of the bitcoin wallet that receives the funds.

Pulling together this data gives Interpol an “overarching view” of the whole crime. It can then narrow down the investigation, find out where the criminals are, and work with member countries to take action.

Interpol can also use the platform to identify the region with the most victims, and work with those countries to reduce the impact and frequency of cybercrime, Jones says.

The organisation recently took down an organised crime group in Africa that was carrying out a global phishing campaign, he says. It worked with Group-IB, a private cybersecurity partner, and Nigerian police to arrest those actors.

Interpol also partnered America and Russia to take down Joker’s Stash, the world’s largest illicit marketplace for stolen credit card information. It worked with law enforcement in both countries to seize the servers used by the forum, and shut it down.

Creating a ‘cyber Wikipedia’

Interpol has a knowledge exchange platform with its 194 member countries and private partners, Jones says. It shares information on the latest threats, prevention strategies, detection and investigation techniques. It’s “a bit like a ‘cyber Wikipedia,’” he adds.

Interpol recently set up a cybercrime desk in the Africas region, and plans to do it in the Americas region as well, he says. It is also planning to expand the ASEAN desk and bring in China, Australia and New Zealand.

Jones hopes to bring different countries and companies together more to tackle transnational cyber crime. Policing can be “very immediate”, but cyber policing is different. “This is where Interpol can be really instrumental in that international police cooperation,” he says.
 

Covid-19 related cybercrimes

Cyberattacks spiked during the pandemic, with the FBI reporting 3,000 to 4,000 cybersecurity complaints a day - a three to fourfold increase from pre-pandemic days.

While cyber criminals have changed the way they work, the actual crime types haven’t changed much, Jones says. Interpol still saw email fraud, phishing campaigns, and ransomware attacks happen. “What changed was how a lot of it became very Covid-related”, he adds.

Criminals were sending out phishing emails on Covid-19 heat maps, for instance. This piqued people’s interest, and once they clicked on the links, malware was downloaded onto their devices and networks.

Criminals also set up fake websites selling personal protective equipment. As countries rollout Covid-19 vaccines, fake websites selling vaccines have also emerged, he says.

Covid-19 has really highlighted the threat areas facing different member countries, Jones says. But it has also made countries realise the need to coordinate a global response to cyber crime, and provided opportunities for countries to work closely together.

Cybercrime is only set to increase in scale and intensity. International collaborations and data may just make all the difference in this game of cat-and-mouse.

Image of Craig Jones by Interpol