The future of policing in the cyber world

By Yun Xuan Poon

Interview with Craig Jones, Cybercrime Director, INTERPOL.

It is “hunt or be hunted” in the world of cybercrime, says Craig Jones, Cybercrime Director at INTERPOL.

Police and criminals are constantly trying to stay one step ahead of each other. How has the cyber threat landscape evolved over the years, and what can police officers do to fight new threats?

Jones spoke to GovInsider at the recent CyberCrimeCon 2019 about the challenges police forces have to overcome to combat cyber criminals; the rising trends in cybercrime; and how INTERPOL can help.

Challenges in policing the cyber world

Every country faces a unique set of challenges in tackling cyber threats. “We see real regional differences in the types of cybercrimes,” says Jones. For instance, America faces cyber threats from hackers in Russia, Pakistan and Iran, while Singapore’s attackers are mainly based in North Korea and China, reports cybersecurity company Group-IB. In their forecast, they reported that the energy sector in the Middle East can expect “heavy destruction as a result of cyber weapons”.

At least 50 percent of all crime is now committed online, but this figure is “under-reported”, says Jones. “We can’t demonstrate the true picture of solid criminality and the impact it’s having,” he notes. This means the police can’t allocate resources to tackle cybercrime effectively.

The borderless nature of cybercrime poses another challenge for the police. “The police are not set up historically to deal with the challenges” of protecting the community from crime that could have originated from any corner of the world. “There’s no agreement on how the police operate in a virtual environment,” says Jones.

On top of that, legislation has not yet caught up with the nature of cybercrime. “In the UK, we don’t arrest people for committing a cybercrime. Instead, we charged people for a Computer Misuse Act offense, so we had to use the legislation that is available to us in the country,” says Jones.

Rising cyber threats

Jones pointed out three rising cyber threats that governments should pay attention to. First, new tech such as 5G and IoT have become “enablers for cybercrime”, says Jones. The pervasiveness of such tech opens up more opportunities for cyber criminals to attack. “We’ve got to understand these enablers, how they can be increased in volume and the surface of attack,” he shares.

Next, ransomware is becoming more targeted and has become “one of the main areas where criminals are looking to make money,” shares Jones. In a ransomware attack, hackers threaten to release confidential data or block a company’s access to crucial information until they pay a ransom. Cyber criminals are targeting specific companies that they know have more on the line if they are unable to access their data.

Third, business email compromise fraud has been on the rise. This occurs when criminals hack into a company’s server and send out bill notices from executive-level staff, which are linked to fake bank accounts. INTERPOL recently launched a month-long campaign to raise awareness about this type of fraud.

How INTERPOL helps

INTERPOL can help with tackling these pressing cyber threats by pooling together datasets from member countries and vendors to identify “investigator opportunities”, says Jones. This means INTERPOL can suggest the next steps for a country’s police force to take when a cybercrime incident occurs. The police could go after the criminals, the infrastructure, or the stolen money, for example.

Next, INTERPOL helps with coordinating efforts amongst different countries. “Globally, when there’s a plane crash, or when a bomb goes off, INTERPOL coordinates activities with the affected member countries and supports them with experts,” explains Jones. “We can do the same in the cyber sphere as well.”

Crime can never be completely eliminated, but when it comes to bringing down virtual crime that crosses international borders, the police have a marked advantage in staying one step ahead - they work together. “Cyber criminals often work alone and in smaller groups,” said Jones.

International organisations like INTERPOL work with individual countries to piece together the big picture on cybercrime, and that can make all the difference between hunting or being hunted.