Knowledge is power in fighting cybercrime
By Peter Small, AdvocateDaily.com Contributor
As the battle against cybercrime heats up, it is increasingly important for law enforcement agencies to collaborate with skilled specialists in the private sector, says Ryan Duquette, principal of Oakville-based Hexigent Consulting.
“We see government agencies collaborating more with private companies, asking their advice,” he tells AdvocateDaily.com. “It is a trend that is starting to come to fruition.”
In the recent past, technological crime units in police services mainly looked for evidence on specific devices such as computers, hard drives and cellphones, says Duquette.
Over the last few years, however, cybercrimes like ransomware and data breaches have increased in frequency and severity, he says. These multifaceted attacks affect whole networks rather than just individual devices, Duquette says. A phishing email, for instance, can plant malware on a network that can only be counteracted by reverse engineering it to see how it gained entry, he says.
“It can be challenging for law enforcement to investigate these cases, and as we know, they are often complex, time-consuming and can take a great deal of technical knowledge," Duquette says.
A former Peel Regional Police digital forensics specialist, Duquette compares battling cybercrime to the relative simplicity of investigating a break and enter.
In a typical home B&E, he says, “a victim calls the police, and can provide details such as the point of entry, what areas within the house the criminal went to, an approximate time frame as to when it happened and the cost of damage and what was stolen."
He contrasts this classic burglary scenario to a cyber breach in a small business.
"Often the victim cannot provide any particulars as to how and when the attack happened, what areas af the network were affected, nor any of the costs associated to the breach," Duquette says.
There are many unknowns that the police then have to investigate, which can be challenging, he adds.
“Many organizations we deal with that have been a victim of ransomware didn’t even know that there was also company data stolen from the network," Duquette says. "We had to assist them thorough this process.”
In the last few years, several law enforcement agencies have created dedicated cybercrime units, he says.
“They're fairly new and they're having to train their officers in the latest ways to investigate and prevent these types of attacks,” Duquette says.
However, many medium-sized or small police services don’t have the resources or skills to set up such units, he says, noting that the Canadian Police College only recently began offering a course on cybercrime.
Smaller agencies usually rely on larger forces, like the RCMP or Ontario Provincial Police, to assist them in their cyber investigations, Duquette says. But there is a limit to how much even the best-resourced police services can help, he adds.
And cybercriminals are clever about keeping the amount they are demanding relatively low, which often results in being placed lower on the investigatory priority lists, Duquette says.
Ransomware perpetrators, in particular, make their payment demands fairly low, at roughly half to a single Bitcoin — worth $1,500 up to $10,000, depending on the market, he says.
Meanwhile, police are dealing with other frauds worth tens of thousands, even hundreds of thousands of dollars, Duquette says.
“That’s just the reality of the world we live in. There are priority backlogs,” he says. “Therefore, a $2,000 fraud might be placed low on that list, unfortunately.”
The cumulative value of such small ransomware frauds, however, can be billions of dollars a year.
And it can be just as difficult and time-consuming to investigate a $2,000 fraud as one worth hundreds of thousands of dollars, Duquette adds.
“That’s where law enforcement agencies need to start collaborating more with each other and with the private sector,” he says.
Many specialists with the high-level skills required to battle cybercrime work in the private sector, where compensation is higher than in taxpayer-funded organizations, Duquette says. “It can be challenging for law enforcement to retain people with these strong skills.”
Police are reaching out to private sector specialists, either to collaborate or simply share knowledge, he says.
Partnerships between police services and private consultants are common in other parts of the world, notably in the United Kingdom, and are growing across Canada, Duquette notes, adding that police officers often tell him they would welcome more public-private collaboration.
Duquette recalls when he was an officer in the Peel Police technological crimes unit he formed a small think tank for law enforcement investigators and private sector specialists.
“We met quarterly and shared advice and knowledge,” he says. “It was a really good initiative, at least from my perspective. I can see things like that being very valuable — just the sharing of knowledge.
"Public-private partnerships can be extrememly valuable in not only sharing of information, but also in investigating cybercrimes, and helping to make sure that victims of such crimes have their cases dealt with in a quick and efficient manner."