Understanding Human Element in Cybercrime is Key to Stemming the Problem

 

Summit Keynote Speaker Dr. Shima Keene presented The Nexus of Cybersecurity, Crime and Terrorism. She is a Director of the Conflict Studies Research Centre, Oxford, UK, and is affiliated with many law enforcement intelligence organizations. She advises on matters relating to national and global security including terrorism, organized crime, economic crime, cyber-crime and governance. She is the author of “Threat Finance: Disconnecting the Lifeline of Organized Crime and Terrorism.” Dr. Keene holds a Ph.D. in International Criminal Law. She currently lectures at the University of Cambridge, and the University of St. Thomas in Minnesota.

Her role is intervention in cyberterrorism, she told her audience at Cyber Security Summit 2016. In contrast to focusing on technology, she approaches cybercrime as a criminologist, examining and analyzing the human element, paying particular attention to specific attacker behaviors that are at work in a cyberattack.

Predatory crime relies on the convergence of three elements, she said. A predator meets a vulnerable target in a setting where there is no guardian. Easy targets invite attacks based on the ease and low risk, “even if the haul isn’t large — quantity versus quality.”

She works to discover the nature of the parties involved in an incident seeking to answer several questions. What is the profile of the attacker, and how sophisticated is the attack? Why is a particular intended victim attractive to the attacker? How is the human element employing the technical tools?

In the UK, victims of cybercrime go to the police. The police, overwhelmed, adopt a triage approach to help citizens. “The key challenge is getting people to see that they have a part to play (to avoid becoming victims of cybercrime.)” People need to take responsibility for cyber safety, she said. Insurance offers an avenue to adopt a carrot-and-stick system that can reward consumers who adopt safe computing standards.

Cybercrime is a mixture of interconnectivity and unintended consequences. Disconnects between policy and principle, and limitations of the law, especially internationally, complicate matters, she said. Uneven processes from country to country hamper efforts to curb activities. Legal systems in some countries are developed, while others may not have addressed the problem in their legal system.

“Cybercrime is a big problem – a case of when, not if.”

Attacks are constantly evolving. The proliferation of devices introduced as IoT progresses form an epidemic that potentially confronts every business in the world and all essential services in society are vulnerable to being hacked, she said. The speed of technological innovation actually helps criminals while defenders and potential victim entities struggle to adapt to the bewildering rate of change.

Another wrinkle is that criminals often pretend to be someone else when communicating over social media. For instance, a supposed 13-year-old boy in a chat room really may be a pedophile. Social media is particularly perilous for those who share information that gives leverage to criminals. For instance, unsophisticated use of social media occurs when someone posts and chats about vacation photos, readily suggesting that their home is unguarded and ripe for sacking.

And, it’s not only citizens who have shared too much on social media. Dr. Keene said there are cases when members of the military have unwittingly given away too much information in chat rooms or on dating sites.

A chilling dynamic lies in the intersection of cyberspace and the connection to actual physical things that terrorist may exploit, Dr. Keene said. Terrorists use the Internet for a variety of reasons. They collect information to identify potential targets and learn about their vulnerabilities. Documents copied from the Internet may be altered into convincing forgeries. They recruit sympathizers through empowerment propaganda and employ immersion campaigns to rile up and rally into action sympathetic subgroups. Terrorists also use fake social movement websites to solicit donations from consumers deceived by deliberately misleading content.

“We must understand the complexity of the problem in order to understand it, “ Dr. Keene said.