̽��ֱ�� of Cambridge - cybercrime

Opinion: I spent three years in a paedophile hunting team – here’s what I learned

Anonymous — Wed, 11 May 2022 23:00:02 +0000

By the time you finish reading this article, at least one new case of child sexual abuse will have been reported. In the US, a child is sexually assaulted every nine minutes. In the UK, this figure is closer to one every seven minutes. ̽��ֱ��sexual abuse of children is a horrifying and widespread problem that police admit they cannot arrest their way out of.

High-profile cases of systemic child sexual abuse – Jimmy Savile, Jeffrey Epstein, Larry Nassar, cardinals, bishops and priests – have placed the threat front of mind and led members of the public to take matters into their own hands. Social media has given them the means to do so effectively.

Pretending to be children online, hunters wait for predators to initiate sexual communications. When predators ignore reminders that they are talking to “children”, hunters expose them in livestreamed “stings” once they have sufficient evidence of grooming. Several cases have shown that talking to decoys as though they were a real child can be grounds enough for sentencing.

These stings take place in public (where a predator has asked a child to meet him in a park or shopping mall) or at the predator’s home. In the UK alone, over 150 hunting teams were collectively responsible for 1,148 confrontations with suspected paedophiles in 2021. Their evidence helped secure prosecutions in hundreds of cases.

I spent three years embedded with one of the UK’s most prolific hunting teams. An analysis of 356,799 words of private, online team chats during this period, and 831 pages of field notes and interviews, offers unique insights into what it’s like to hunt another human being.

For many involved in these groups, there’s the thrill of the chase. But some also found a deep sense of purpose in confronting a moral pandemic. Many hunters themselves have experienced abuse, and this colours how they view their hunting activities. “So many in this community have been deeply affected by these scum”, one said. “If I can save one child from seeing the world through a survivor’s life then I am blessed”, another added.

Hunters spend nearly as much time judging each other’s stings as they do baiting predators. They do so to reaffirm the purity of their motive – to keep children safe – compared to other teams they accuse of hunting purely for entertainment by poking fun at predators or being physically or verbally abusive.

Still, almost all teams value viewing figures and having an audience. As one explained: " ̽��ֱ��two we did this weekend have some great exposure: a quarter of a million and 200,000 [viewers]."

̽��ֱ��hero’s journey

̽��ֱ��way paedophile hunters talk about their work follows a narrative akin to the hero’s journey found in tales like Batman. A selfless hero saves his community from an evil threat when formal institutions (police, politicians) fail to do so. Having restored the moral order, the superhero recedes into obscurity.

Hunters refer to sexual predators as “monsters” and “vile beasts” that prey on “the innocent”. They constantly remind each other to “keep safe” during stings, even as hunters outnumber predators four or more to one.

This attitude offers a logic and a moral justification for what hunters do. Believing that “police should be grateful we are doing their job for them”, they position themselves as society’s last line of defence.

These characters feed off each other: the more impotent the police or parents are perceived to be, the more vulnerable the child, the more beastly the monster, the more heroic the hunter.

Relationship with police

While police broadly welcome citizen involvement in fighting crime, they think hunters unhelpful, even given the role of the evidence they collect. ̽��ֱ��police accuse hunters of acting on insufficiently robust evidence and jeopardising ongoing investigations. They also say hunters fail to safeguard suspects with learning difficulties who may prove difficult to prosecute, nor do they take sufficient action to protect suspects and their families from reprisals by neighbours and psychological injury.

It can be difficult to understand why hunting teams persist with live streaming stings when less harmful alternatives are easily available. They could, for example, simply hand any evidence to police, upload sting footage only after convictions are secured in court or avoid filming the target’s face to not reveal his identity online.

Since predators are typically released on bail following arrest, hunters argue that live streaming alerts the public of a predator in their midst. Parents deserve to know “there’s a nonce roaming the neighbourhood”, they reason.

My experience suggests that hunters persist with live streaming stings not because they are not aware of less harmful alternatives, but because it is the apotheosis of their quest. ̽��ֱ��sting is the final battle between good and evil that tests the character of a hunter and must be played out before a live audience – any subsequent convictions in court are, for some teams, neither here nor there. What police presume is a means to an end is, for hunters as heroes, an end itself.

Mark de Rond, Professor of Organisational Ethnography, Cambridge Judge Business School

This article is republished from ̽��ֱ��Conversation under a Creative Commons license. Read the original article.

Professor Mark de Rond from Cambridge Judge Business School discusses his three years embedded with one of the UK's most prolific paedophile hunting teams, in this article for ̽��ֱ��Conversation.

iStock / Getty Images Plus

Hooded figure using a laptop computer

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. Images, including our videos, are Copyright © ̽��ֱ�� of Cambridge and licensors/contributors as identified. All rights reserved. We make our image and video content available in a number of ways – as here, on our main website under its Terms and conditions, and on a range of channels including social media that permit your use and sharing of our content under their respective Terms.

Yes

Honour among thieves: the study of a cybercrime marketplace in action

Anonymous — Fri, 06 Nov 2020 16:19:06 +0000

Having seen a large rise in illegal transactions during the first national lockdown last spring, the researchers warned that the second lockdown is likely to result in another surge in cybercrime activities. But they also offer insights on how such activity can be disrupted.

̽��ֱ��researchers have been collecting the data on illicit trades from HackForums – the world’s largest and most popular online cybercrime community. Two years ago, it set up a market where contracts had to be logged for all transactions as an attempt to protect members of the community from scamming and frauds.

̽��ֱ��contract system was introduced in 2018, and then made mandatory in spring 2019, for all market users. It logged all the illicit buying and selling of – among other things – malicious software (malware), currencies including Bitcoin and gift vouchers, eWhoring ‘packs’ (e.g. of photos and videos with sexual content), hacking tutorials and tools that allow users illegally to access or control remote servers.

Ironically, HackForums had introduced the contract logging system in response to its members’ concerns that trades were being abused and they were being scammed. But in doing so, it unwittingly lifted the lid on the way such underground markets operate.

̽��ֱ��data the contract logging generated has been collected by researchers here. And after analysing it and using statistical modelling approaches, the researchers have been able to shed important new light on the way a cybercrime market operates, hopefully to the benefit of the security community.

̽��ֱ��researchers watched the market initially function as a forum where many individual users conducted one-off transactions. Then it changed. As the contract system became mandatory, within a few months, the market was becoming concentrated around a small group of ‘power-users’ offering goods and services that were attractive to many.

“This small group of users – representing about 5 per cent of all users – are involved in around 70 per cent of all the transactions,” said Anh Vu, a research assistant in the Cambridge Cybercrime Centre and co-author of the paper the Centre has just produced, ‘Turning Up the Dial: the Evolution of a Cybercrime Market through Set-up, Stable, and Covid-19 Eras’ .

And then came the global declaration of the coronavirus pandemic in March 2020. ̽��ֱ��research team saw the virus and the resulting lockdowns that were introduced significantly “turn up the dial” on the number of market transactions.

“There was a big rise in transactions in what we call the ‘Covid-19 era’,” said Anh. “Looking at the discussion forums, we could see that a period of mass boredom and economic change – when presumably some members were not able to go to school and others had lost their jobs – really stimulated the market.

“Members needed to make money online and they had a lot of time on their hands, and so we saw a rise in trading activity. We expect to see another rise during the second lockdown, but we don’t think it will be as large as during the first.”

̽��ֱ��increase in business during the pandemic also meant that contracts for transactions were concluded much faster. Where in the early months of the market, the completion time for contracts was around 70 hours, during the pandemic it dropped to less than 10 hours.

Online underground forums like HackForums are communities used for trading in illicit material and sharing knowledge. ̽��ֱ��forums support a plethora of cybercrimes, allowing members to learn about and engage in criminal activities such as trading virtual items obtained by illicit means, launching denial of service attacks, or obtaining and using malware. They facilitate a variety of illicit businesses aiming at making easy money.

̽��ֱ��Cambridge Cybercrime Centre researchers have done some previous work looking at underground forums. “But this is the first dataset we are aware of that provides insights about the contracts made in these forums,” says Anh. Previously, while traders might meet online in a forum, they would likely trade offline via private messaging. But the introduction of the contract system means all trades are now logged – and can therefore be tracked.

Using the data, the researchers looked at a variety of trading activities taking place in the market. ̽��ֱ��largest activities were currency exchanges and payments – for example, exchanging Bitcoin (a very popular currency in illicit trading because people believe that it leaves no trace) for PayPal funds.

This activity was followed by trades in gift cards (including Amazon gift cards) and software licences. “When you install a software package like Windows,” Anh said. “You have to input a key to activate it. People often buy software keys illegally in a market like this because it is cheaper for them than purchasing it officially from Microsoft – and sometimes they can obtain it for free in exchange for other items.”

Other products and services they found being traded in the underground market were hacking tutorials, remote access tools and eWhoring materials – photos and videos with sexual content that are sold to a third party, who pays for them believing that they are paying for an online sexual encounter.

They used several methods to try and estimate the values of trades taking place via HackForums and concluded that taking both public and private transactions into account and extrapolating by each contract type, the lower bound total of trades was in excess of $6 million.

What the researchers learned about the operation of an underground cybercrime market is valuable, they believe, to the security community. ̽��ֱ��logging of contracts when goods were traded has allowed users to build up a form of trust and reputation and this in turn led to the rise of the ‘power-users’ in the market.

“And now we know a small group of power-users are responsible for a large number of transactions, it would make sense to focus interventions on them,” Anh said. “As that will have a much bigger impact than going after a large number of individuals.”

In their paper they suggest interventions to undermine the perceived reputations and trustworthiness of the big players – for example by posting false negative reviews of them and using other methods, known as Sybil attacks, that disrupt the market’s reputation systems.

And the researchers are continuing to watch the market. “We’re interested to know how the marketplace evolves during this second lockdown and afterwards,” said Anh. “And will be looking to see whether any new trading activities emerge.”

Reference:
‘Turning Up the Dial: the Evolution of a Cybercrime Market through Set-up, Stable, and Covid-19 Eras’ was presented at a seminar series of the 2020 Internet Measurement Conference. It was also presented at the Workshop on Security and Human Behaviour taking place on Thursday 5 November 2020.

Researchers at the Cambridge Cybercrime Centre have revealed what they’ve learned from analysing hundreds of thousands of illicit trades that took place in an underground cybercrime forum over the last two years.

We’re interested to know how the marketplace evolves during this second lockdown and afterwards, and will be looking to see whether any new trading activities emerge

Anh Vu

Mika Baumeister on Unsplash

Someone programming a website in HTML

Yes

Lockdown 'helps fuel rise in cybercrime'

rg580 — Wed, 03 Jun 2020 10:24:06 +0000

That’s the warning from a team of researchers including Dr Ben Collier from the Cambridge Cybercrime Centre, part of Cambridge's Department of Computer Science and Technology.

̽��ֱ��researchers have been analysing data collected by the Centre from underground forums, chat channels and marketplaces used by cybercrime communities. And in a briefing paper they have just written for Police Scotland, they say it indicates that the social changes put in place in response to the coronavirus pandemic 'have stimulated… the cybercrime economy.'

Some of the cybercrimes taking place are new. For example, early in the lockdown, some scammers sent fake texts, purporting to come from the UK's HM Revenue & Customs, telling recipients they were going to be fined £250 for leaving their homes more than once a day.

And the researchers are also concerned that the rollout of the prospective NHS contact-tracing app has the potential to generate clear risks for those vulnerable to fraud. They warn that such people may be conned into handing over sensitive personal information by fake apps or scam texts purporting to be from the NHS.

“We’re also seeing some general repurposing of existing cybercrime,” said Collier. “For example, there have long been fake online shops, but now instead of selling clothes, they are selling face masks or bogus ‘cures’ for the coronavirus.”

And meanwhile, there has been a general rise in the levels of cybercrime. ̽��ֱ��Cambridge Cybercrime Centre has tracked a three-fold increase in ‘denial of service’ attacks from around 12,000 per day to close to 30,000 attacks per day. These attacks – which can be purchased for small amounts of money from specialised online services – can be used to knock others offline, often opponents in online games.

Such attacks, the report says, have serious implications beyond being a nuisance for gamers, as many of these children and young people will be sharing internet connections with siblings engaged in online or blended learning and parents working from home.

We are vulnerable to such risks, Collier and his colleagues say, because we are spending much more time online as we work, or school our children, from home. And it is partly happening because “many internet users, including adolescents and young adults, are currently confined to home with no school or work for much of the day. ̽��ֱ��increased boredom they feel may well be a key driver of online petty crime.”

“Anxiety over serious economic problems – such as job losses and business closures – may be prompting some people to step up existing harmful online activity as a means of generating income,” said Collier.

In their paper, the research team – Dr Collier, Dr Shane Horgan from Edinburgh Napier ̽��ֱ��, Dr Richard Jones from the ̽��ֱ�� of Edinburgh and Dr Lynsay Shepherd from Abertay ̽��ֱ�� – also voice their concerns about the potential for a steep rise in the volume of other online harms. These include online bullying, stalking and harassment of minority groups and victims of domestic abuse.

Their paper is a rapid response briefing aimed at offering guidance on the policing of cybercrime to Police Scotland. But its findings have relevance across the UK.

It says that while the UK has a sophisticated cybersecurity apparatus particularly at the national level, it currently lacks sufficient capability at the local level to police a significant increase in ‘volume’ cybercrime offences.

And it recommends that with levels of such crimes increasing, police forces need to engage more with their local communities and work with them on measures to prevent such crimes.

̽��ֱ��paper also recommends that police forces, including Police Scotland, immediately undertake a wide-ranging review of their cybercrime policing and prevention practices and capabilities to assess their current adequacy and potential future resilience in the event that the number of cybercrime offences increases significantly in the near future.

̽��ֱ��implications of the COVID-19 pandemic for cybercrime policing in Scotland: A rapid review of the evidence and future considerations’ is published by the Scottish Institute for Policing Research.

Take extra care before buying face masks or testing kits online, or responding to texts apparently sent to you by the UK Government or the NHS. Because while lockdown has helped reduce the spread of the coronavirus, it is also helping fuel a rise in cybercrime.

Anxiety over serious economic problems – such as job losses and business closures – may be prompting some people to step up existing harmful online activity as a means of generating income

Ben Collier

Photo by Philipp Katzenberger on Unsplash

Closeup of laptop computer

Yes

Prevention better than cure at keeping young users from getting involved in cybercrime

sc604 — Sun, 20 Oct 2019 23:20:52 +0000

̽��ֱ��study, by researchers from the ̽��ֱ�� of Cambridge and ̽��ֱ�� of Strathclyde, looked at four different types of law enforcement interventions, the first evaluation of the their effectiveness for this particular type of cybercrime.

They found that while high-profile arrests and sentencing of cybercriminals only lead to a short drop in the number of attacks taking place, the takedown of infrastructure and targeted messaging campaigns were strongly associated with a sharper and longer-term reduction in attack numbers. ̽��ֱ��results will be presented today (21 October) at the ACM Internet Measurement Conference in Amsterdam.

For just a few dollars, almost anyone can become involved in cybercrime through the use of ‘booter’ service websites, where users can purchase targeted denial of service (DoS) attacks. A DoS attack generates large amounts of traffic which overwhelm end users or web services, taking them offline.

DoS attacks have been used in the past as a protest tactic, but because of booter services and the relative ease of using them, they are commonly used by users of gaming sites, as a form of retaliation against other users – the largest booter provider carries out between 30,000 and 50,000 such attacks every day.

While DoS attacks are usually targeted at a specific end users, they can often cause collateral damage, knocking out other users or systems.

“Law enforcement are concerned that DoS attacks purchased from a booter site might be like a ‘gateway drug’ to more serious cybercrime,” said Ben Collier from Cambridge’s Department of Computer Science & Technology, the paper’s first author. “A big problem is that there is still relatively little evidence as to what best practice looks like for tackling cybercrime.”

“Even people running booter services think that booting is lame,” said Dr Daniel Thomas from Strathclyde’s Department of Computer and Information Sciences. “This makes the market particularly vulnerable to disruption.”

Collier and his colleagues from the Cambridge Cybercrime Centre used two datasets with granular data about the attacks from booter sites, and modelled how the data correlated with different intervention tactics from the National Crime Agency (NCA) in the UK, the Federal Bureau of Investigation (FBI) in the US, and other international law enforcement agencies.

While operating a booter service or purchasing a DoS attack is illegal in most jurisdictions, earlier research has found that most booter operators were unconcerned about the possibility of police action against them.

̽��ֱ��researchers found that arrests only had a short-term effects on the volume of DoS attacks – about two weeks – at which point activity went back to normal. Sentencing had no widespread effect, as attackers in one country weren’t affected by sentences in another country.

Taking down infrastructure – as the FBI did at the end of 2018 – had a far more noticeable effect, and suppressed the booter market for months. “This FBI action also reshaped the market: before, it was what you’d expect in a mature ecosystem, where there several large booter services and lots of smaller ones,” said Collier. “But now there’s really just one large booter service provider, and you’re starting to see a few smaller ones start to come back.”

̽��ֱ��most interesting results were around targeted messaging. From late December 2017 to June 2018, the NCA bought targeted Google adverts aimed at young men in the UK. When a user searched for booter services, a targeted advert popped up, explaining that DoS attacks are illegal.

“It’s surprising, but it seems to work, like a type of digital guardianship,” said Collier. “At the exact moment you get curious about getting involved in cybercrime, you get a little tap on the shoulder.

“It might not work for people who are already involved in this type of cybercrime, but it appeared to dramatically decrease the numbers of new people getting involved.”

While the researchers say this evidence suggests that targeted online messaging has the potential to be a potent tool for preventing crime, it also poses questions about what accountability structures might be required for its wider use as a police tactic.

This has already had direct policy impact, and the FBI and NCA have used this research to inform their strategies for dealing with booter services.

̽��ֱ��research was supported by the Engineering and Physical Sciences Research Council.

Reference:
Ben Collier, Daniel Thomas, Richard Clayton and Alice Hutchings. ‘Booting the Booters: Evaluating the Effects of Police Interventions in the Market for Denial-of-Service Attacks.’ Paper presented at the ACM Internet Measurement Conference 2019. Amsterdam, the Netherlands.

Highly-targeted messaging campaigns from law enforcement can be surprisingly effective at dissuading young gamers from getting involved in cybercrime, a new study has suggested.

A big problem is that there is still relatively little evidence as to what best practice looks like for tackling cybercrime

Ben Collier

Photo by Kevin Ku on Unsplash

Eyeglasses

Yes

Cambridge to host transatlantic cyber security competition

Anonymous — Thu, 20 Jul 2017 08:55:49 +0000

̽��ֱ��“Cambridge2Cambridge” cyber security competition, backed by government and industry, is the brainchild of the ̽��ֱ�� of Cambridge and the Massachusetts Institute of Technology (MIT) in the US, and will see talented students pitted against each other in a three-day showdown.

In total, 110 students from 25 universities from the UK and USA will form mixed transatlantic teams and battle against a fictional rogue state in the life-like cyber security competition backed by the National Cyber Security Centre (NCSC) and Cabinet Office.

̽��ֱ��annual event is now in its second year with prize money up for grabs for the winners. It will be held from 24-26 July at Trinity College, Cambridge.

With major cyber-attacks on the increase, according to the NCSC, the need for cyber security experts is more important than ever before.

Professor Frank Stajano, Head of the Academic Centre of Excellence in Cyber Security Research at Cambridge’s Computer Laboratory and the co-founder of Cambridge2Cambridge, said that the competition has been designed to promote greater cyber security collaboration between the UK and USA, and to give students the platform to explore creative ways to combat global cyber-attacks.

“ ̽��ֱ��aim of the competition is also to bring together different individuals in a fun and inclusive environment, where they can apply their cyber security abilities in a collaborative and competitive setting, allowing students to implement the skills they have been taught, while learning new ones in the process,” he said.

It also gives budding cyber enthusiasts the opportunity to meet like-minded individuals, and learn more about careers in the sector by introducing them to key players in the industry and government.

https://cambridge2cambridge.csail.mit.edu/

A major cyber security challenge, aimed at educating and inspiring the next generation of cyber defenders from across the UK and US, will be held at the ̽��ֱ�� of Cambridge next week.

̽��ֱ��aim of the competition is to bring together different individuals in a fun and inclusive environment, where they can apply their cyber security abilities in a collaborative and competitive setting.

Frank Stajano

Inter-ACE Cyber Challenge 2017

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. For image use please see separate credits above.

Yes

Combating cybercrime when there's plenty of phish in the sea

sc604 — Fri, 21 Oct 2016 07:51:23 +0000

We’ve all received the emails, hundreds, maybe thousands of them. Warnings that our bank account will be closed tomorrow, and we’ve only got to click a link and send credit card information to stop it from happening. Promises of untold riches, and it will only cost a tiny fee to access them. Stories of people in desperate circumstances, who only need some kind soul to go to the nearest Western Union and send a money transfer to save them.

Tricking people into handing over sensitive information such as credit card details – known as ‘phishing’ – is one of the ways criminals scam people online. Most of us think we’re smarter than these scams. Most of us think that we could probably con the con artist if we tried. But we would be wrong.

Across the world, cybercrime is booming. When the UK government included cybercrime in the national crime statistics for the first time in 2015, it doubled the crime rate overnight. Millions of people worldwide are victimised by online scams, whether it’s blocking access to a website, stealing personal or credit card information, or attempting to extort money by remotely holding the contents of a personal computer hostage.

“Since 2005, the police have largely ignored cybercrime,” says Professor Ross Anderson of Cambridge’s Computer Laboratory. “Reported crime fell by as much as a half in some categories. Yet, now that online and electronic fraud are included, the number of reported crimes has more than doubled. Crime was not falling; it was just moving online.”

In 2015, computer scientists, criminologists and legal academics joined forces to form the Cambridge Cybercrime Centre, with funding from the Engineering and Physical Sciences Research Council. Their aim is to help governments, businesses and ordinary users to construct better defences.

To understand how the criminals operate, researchers use machine learning and other techniques to recognise bad websites, understand what kinds of brands tend to be attacked and how often, determine how many criminals are behind an attack by looking at the pattern of the creation of fake sites and how effective the various defence systems are at getting them taken down.

One way in which studying cybercrime differs from many other areas of research is that the datasets are difficult to come by. Most belong to private companies, and researchers need to work hard to negotiate access. This is generally done through nondisclosure agreements, even if the data is out of date. And once researchers complete their work, they cannot make the data public, since it would reduce the competitive advantage of corporate players, and it may also make it possible for criminals to reverse engineer what was detected (and what wasn’t) and stay one step ahead of law enforcement.

One of the goals of the Cambridge Cybercrime Centre is to make it easier for cybercrime researchers from around the world to get access to data and share their results with colleagues.

To open up cybercrime research to colleagues across the globe, the team will leverage their existing relationships to collect and store cybercrime datasets, and then any bona fide researcher can sign a licence with the Centre and get to work without all the complexity of identifying and approaching the data holders themselves.

“Right now, getting access to data in this area is incredibly complicated,” says Dr Richard Clayton of Cambridge’s Computer Laboratory, who is also Director of the Centre. “But we think the framework we’ve set up will create a step change in the amount of work in cybercrime that uses real data. More people will be able to do research, and by allowing others to work on the same datasets more people will be able to do reproducible research and compare techniques, which is done extremely rarely at the moment.”

One of the team helping to make this work is Dr Julia Powles, a legal researcher cross-appointed between the Computer Laboratory and Faculty of Law. “There are several hurdles to data sharing,” says Powles. “Part of my job is to identify which ones are legitimate – for example, when there are genuine data protection and privacy concerns, or risks to commercial interests – and to work out when we are just dealing with paper tigers. We are striving to be as clear, principled and creative as possible in ratcheting up research in this essential field.”

Better research will make for better defences for governments, businesses and ordinary users. Today, there are a lot more tools to help users defend themselves against cybercrime – browsers are getting better at recognising bad URLs, for example – but, at the same time, criminals are becoming ever more effective, and more and more people are getting caught in their traps.

“You don’t actually have to be as clever as people once thought in order to fool a user,” says Clayton when explaining how fake bank websites are used to ‘phish’ for user credentials. “It used to be that cybercriminals would register a new domain name, like Barclays with two Ls, for instance. But they generally don’t do that for phishing attacks anymore, as end users aren’t looking at the address bar, they’re looking at whether the page looks right, whether the logos look right.”

̽��ֱ��Centre is also looking at issues around what motivates someone to commit cybercrime, and what makes them stop.

According to Dr Alice Hutchings, a criminologist specialising in cybercrime, cybercriminals tend to fall into two main categories. ̽��ֱ��first category is the opportunistic offender, who may be motivated by a major strain in their lives, such as financial pressures or problems with gambling or addiction, and who uses cybercrime as a way to meet their goals. ̽��ֱ��second type of offender typically comes from a more stable background, and is gradually exposed to techniques for committing cybercrime through associations with others.

Both groups will usually keep offending as long as cybercrime meets their particular needs, whether it’s financial gratification, or supporting a drug habit, or giving them recognition within their community. What often makes offenders stop is the point at which the costs of continuing outweigh the benefits: for instance, when it takes a toll on their employment, other outside interests or personal relationships.

“Most offenders never get caught, so there’s no reason to think that they won’t go back to cybercrime,” says Hutchings. “They can always start again if circumstances in their lives change.

“There is so much cybercrime happening out there. You can educate potential victims, but there will always be other potential victims, and new ways that criminals can come up with to social engineer somebody’s details, for example. Proactive prevention against potential offenders is a good place to start.”

Criminologist Professor Lawrence Sherman believes the collaboration between security engineering and criminology is long overdue, both at Cambridge and globally: “Cybercrime is the crime of this century, a challenge we are just beginning to understand and challenge with science.”

“We’re extremely grateful to the people giving us this data, who are doing it because they think academic research will make a difference,” says Clayton. “Our key contribution is realising that there was a roadblock in terms of being able to distribute the data. It’s not that other people couldn’t get the data before, but it was very time-consuming, so only a limited number of people were doing research in this area – we want to change that.”

“Our Cybercrime Centre will not only provide detailed technical information about what’s going on, so that firms can construct better defences,” says Anderson. “It will also provide strategic information, as a basis for making better policy.”

As more and more crime moves online, computer scientists, criminologists and legal academics have joined forces in Cambridge to improve our understanding and responses to cybercrime, helping governments, businesses and ordinary users construct better defences.

You don’t actually have to be as clever as people once thought in order to fool a user

Richard Clayton

LastHuckleBerry

TeQi's Graffitti Phish

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. For image use please see separate credits above.

Yes

Licence type:

Attribution-ShareAlike

UK’s top student hackers compete for cyber security

sc604 — Fri, 22 Apr 2016 11:08:10 +0000

̽��ֱ��best student hackers in the UK will take place in a cyber security competition this weekend, in order to demonstrate and improve their skills both as attackers and defenders in scenarios similar to the TalkTalk hack and the leak of the Panama Papers.

̽��ֱ��event, hosted by the ̽��ֱ�� of Cambridge Computer Laboratory in partnership with Facebook, will bring together 10 of the UK’s Academic Centres of Excellence in Cyber Security Research – the first time they have taken part in such an event together. ̽��ֱ��hacking event will take place on Saturday, 23 April.

Cyber security is considered one of the biggest threats facing our economy and infrastructure today, and talented hackers are being recruited by government and other agencies to fight cyber criminals. This hacking event will showcase the best student hackers in the country.

̽��ֱ��students will be working on challenges which require them to exploit some common vulnerabilities - the very type that underpinned recent high-profile hacking incidents.

Each of the 10 universities is sending a team of four students to this ‘Capture the Flag’-themed event. Throughout the afternoon, the hackers will attempt to solve a series of puzzles, with the winners gaining points; and compete in a series of challenges by attempting to hack the other teams.

An example of the type of challenges the hackers may face is to hack into a server and attempt to keep the other teams from getting in for as long as they can. ̽��ֱ��Panama Papers hack likely involved exploiting vulnerabilities in Wordpress and Drupal and the competitors may be tasked with finding similar holes in other software.

Facebook has chosen to visualise the progress of the game on a board loosely based on the classic game Risk. ̽��ֱ��goal is to conquer the world, with points awarded for each country that is captured. Each country has a couple of challenges based on different areas of cyber security, and students must be able to extract the ‘flag’ to claim the points for that country.

In addition to the teams taking part in the event in Cambridge, other students from the participating universities will also be able to take part in the event remotely, in order that additional students can polish their hacking skills.

“We have a huge cyber security skills gap looming in the UK, and we need to close it,” said Dr Frank Stajano of Cambridge’s Computer Laboratory, Head of the Cambridge Academic Centre of Excellence in Cyber Security Research. “Training our students for those challenges closes the gap between theory and practice in cyber security education. With any type of security, you can’t develop a strong defence against these types of attacks if you’re not a good attacker yourself – you need to stay one step ahead of the criminals.”

These hacking events also help highlight the different challenges involved in attack and defence. “Attacking is more difficult in general because there is no guaranteed recipe for finding a vulnerability, but in many ways it’s actually easier,” he said. “If you’re defending something, you have to keep absolutely everything safe all the time, but if you’re attacking, all you’ve got to do is find the one weak point and then you’re in – like finding the one weak point in the Death Star that allowed it to be destroyed. When attackers and defenders run on similar platforms it is also the case that, if you attack your opponents, they may reverse-engineer your attack and reuse it against you.”

In a meeting last year, Prime Minister Cameron and President Obama agreed to strengthen the ties between the UK and the US, and to cooperate on matters of cyber security affecting both countries.

A ‘Cambridge 2 Cambridge’ cyber security competition, held last month at MIT, was one of the outcomes of the meeting between the two leaders, who also expressed a desire that part of this cooperation should include an improvement in cyber security teaching and training for students.

From next year, some of the exercises prepared for these events will be part of the undergraduate teaching programme at Cambridge.

“Our team was able to gel well together, and that feeling of being ‘in the zone’ and working seamlessly together in attacking other teams, scripting our exploits and rushing to patch our services was fantastic,” said computer science undergraduate Daniel Wong, following last month’s Cambridge 2 Cambridge event.

“Maybe somewhat surprisingly for a computer hacking competition, the Cambridge 2 Cambridge event was also an exercise in interpersonal skills, since effectively collaborating with people you have just met under significant time pressure in a generally stressful environment does not come naturally, but I was very fortunate to have had teammates that really made this aspect feel like a walk in the park,” said fellow computer science undergraduate Gábor Szarka, a co-winner of the $15,000 top team prize at the Cambridge 2 Cambridge event.

̽��ֱ��Academic Centres of Excellence in Cyber Security Research (ACE-CSR) scheme is sponsored by the Department for Business, Innovation and Skills, the Centre for the Protection of National Infrastructure, Government Communications Headquarters, the Office of Cyber Security and Information Assurance and Research Councils UK.

̽��ֱ��10 universities sending a team to Saturday’s event are: Imperial College London, Queens ̽��ֱ�� Belfast, Royal Holloway ̽��ֱ�� of London, ̽��ֱ�� College London, ̽��ֱ�� of Birmingham, ̽��ֱ�� of Cambridge, ̽��ֱ�� of Kent, ̽��ֱ�� of Oxford, ̽��ֱ�� of Southampton, and ̽��ֱ�� of Surrey.

Students from the UK’s top cyber security universities will compete in Cambridge this weekend, in part to address the country’s looming cyber security skills gap.

We have a huge cyber security skills gap looming in the UK, and we need to close it.

Frank Stajano

Colin via Wikimedia Commons

A backlit laptop computer keyboard

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. For image use please see separate credits above.

Yes

Licence type:

Attribution-ShareAlike

Opinion: FBI backs off from its day in court with Apple this time – but there will be others

Anonymous — Wed, 30 Mar 2016 12:57:18 +0000

After a very public stand-off over an encrypted terrorist’s smartphone, the FBI has backed down in its court case against Apple, stating that an “outside party” – rumoured to be an Israeli mobile forensics company – has found a way of accessing the data on the phone.

̽��ֱ��exact method is not known. Forensics experts have speculated that it involves tricking the hardware into not recording how many passcode combinations have been tried, which would allow all 10,000 possible four-digit passcodes to be tried within a fairly short time. This technique would apply to the iPhone 5C in question, but not newer models, which have stronger hardware protection through the so-called secure enclave, a chip that performs security-critical operations in hardware. ̽��ֱ��FBI has denied that the technique involves copying storage chips.

So while the details of the technique remain classified, it’s reasonable to assume that any security technology can be broken given sufficient resources. In fact, the technology industry’s dirty secret is that most products are frighteningly insecure.

Even when security technologies are carefully designed and reviewed by experts, mistakes happen. For example, researchers recently found a way of breaking the encryption of Apple’s iMessage service, one of the most prominent examples of end-to-end encryption (which ensures that even the service provider cannot read the messages travelling via its network).

Most products have a much worse security record, as they are not designed by security experts, and often contain flaws that are easily found by attackers. For example, internet-connected baby monitors that could be hacked and allow strangers to talk to their child at night. Insecure cars that could be controlled via an internet connection while being driven. Drug infusion pumps at US hospitals that could be hacked by an attacker to manipulate drug dosage levels.

Even national infrastructure is vulnerable, with software weaknesses exploited to cause serious damage at a German steel mill, bring down parts of the Ukrainian power grid, and alter the mix of chemicals added to drinking water. While our lives depend more and more on “smart” devices, they are frequently designed in incredibly stupid ways.

Insecure by design

̽��ֱ��conflict between Apple and the FBI was particularly jarring to security experts, seen as an attempt to deliberately make technology less secure and win legal precedent to gain access to other devices in the future. Smartphones are becoming increasingly ubiquitous, and we know from the Snowden files that the NSA can turn on a phone’s microphone remotely without the owner’s knowledge. We are heading towards a state in which every inhabited space contains a microphone (and a camera) that is connected to the internet and which might be recording anything you say. This is not even a paranoid exaggeration.

So, in a world in which we are constantly struggling to make things more secure, the FBI’s desire to create a backdoor to provide it access is like pouring gasoline on the fire.

̽��ֱ��problem with security weaknesses is that it is impossible to control who can use them. Responsible researchers report them to the vendor so that they can be fixed, and sometimes receive a bug bounty in return. But those who want to make more money may secretly sell the knowledge to the highest bidder. Customers of this dark trade in vulnerabilities often include governments with repressive human rights records.

If the FBI has found a means of getting data off a locked phone, that means the intelligence services of other countries have probably independently developed the same technique – or been sold it by someone who has. So if an American citizen has data on their phone that is of intelligence interest to another country that data is at risk if the phone is lost or stolen.

Most people will never be of intelligence interest of course, so perhaps such fears are overblown. But the push from governments, for example through the pending Investigatory Powers Bill in the UK, to allow the security services to hack devices in bulk – even if the devices belong to people who are not suspected of any crime – cannot be ignored.

Bulk hacking powers, taken together with insecure, internet-connected microphones and cameras in every room, are a worrying combination. It is a cliche to conjure up Nineteen Eighty-Four, but the picture it paints is something very much like Orwell’s telescreens.

Used by one, used by all

To some extent law enforcement has historically benefited from poor computer security, as hacking a poorly secured digital device is easier and cheaper than planting a microphone in someone’s house or rifling their physical belongings. No wonder that the former CIA director loves the Internet of Things.

This convenience often tempts governments to deliberately weaken device security – the FBI’s case against Apple is just one example. In the UK, the proposed Investigatory Powers Bill allows the secretary of state to issue “technical capability notices”, which are secret government orders to demand manufacturers make a device or service deliberately less secure than it could be. GCHQ’s new MIKEY-SAKKE standard for encrypted phone calls is also deliberately weakened to allow easier surveillance.

But a security flaw that can be used by one can be used by all, whether legitimate police investigations or hostile foreign intelligence services or organised crime. ̽��ֱ��fears of criminals and terrorists “going dark” are overblown, but the risk to life from insecure infrastructure is real: fixing these weaknesses should be our priority, not striving to make devices less secure for the sake of law enforcement.

Martin Kleppmann, Research associate, ̽��ֱ�� of Cambridge

This article was originally published on ̽��ֱ��Conversation. Read the original article.

̽��ֱ��opinions expressed in this article are those of the individual author(s) and do not represent the views of the ̽��ֱ�� of Cambridge.

Martin Kleppmann (Computer Laboratory) discusses how vulnerable security technologies really are, and how these vulnerabilities could be exploited by both law enforcement and criminals.

Nicolas Nova

Smartphone rituals

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. For image use please see separate credits above.

Yes

Licence type:

Attribution-Noncommerical