Cyber Crime Task Force Plan

Cyber Crime Task Force

"Are computer vulnerabilities growing faster than measures to reduce them? Carelessness in protecting oneself, tolerance of bug-filled software, vendors selling inadequately tested products, or the unappreciated complexity of network connectivity has led to…abuse…" (Lukasik, 2011).

The evidence is overwhelming that cyber crimes are not only increasing each year, but the sophistication of the attacks is greater each year and the impacts of attacks are more severe each year as well. While cyber criminals' activities are taking a greater toll around the world -- and in St. Louis -- there is a great need to organize a Cyber Crime Task Force that incorporates appropriate private and public agencies, including law enforcement, the FBI, the U.S. Attorney's Office in St. Louis, and other relevant organizations. Thesis: Cyber crimes are happening at a faster rate than ever before and the attacks are taking a greater impact each year. Unless strategies and policies are put in place, cyber criminals will continue to severely impact web-based organizations, businesses, and governments as well.

Current Cyber Crime Threats in the United States -- Update

"The Internet has turned reputation on its head. What was once private is now public. What was once local is now global. What was once fleeting is now permanent. And what was once trustworthy is now unreliable" (Lipton, 2001).

According to a 2013 study referenced by the news channel CNBC.com, one-third of businesses and private organizations saw an increase in cyber attacks in 2013. The report cited by CNBC.com -- presented by the consultancy EY -- reports that thirty-one percent of the senior executives (in 64 countries) that responded to EY's survey had increases in cyber security incidents of at least 5% over the previous dozen months. That said, some 83% of the 1,900 executives surveyed indicated that their security preventative measures "…do not meet their needs" (CNBC.com, 2014).

About half of the 1,900 companies surveyed indicated that they suffered from a "…lack of skilled resources toward innovating solutions that can protect them against the great unknown" (CNBC.com, p. 1). Eleven percent of the 1,900 global companies polled indicated that their companies suffered from "…a lack of executive awareness or support for fighting cyber security" (CNBC.com, p. 1).

The list of companies and organizations that have been compromised by cyber crime is long and the damage is severe. The Reuters' sources that were referenced by RT.com indicate that besides Target "…at least three other well-known national retailers" were attacked by the same virus.

In fact, the same virus that attacked Target's servers also attacked Neiman Marcus group (and stole personal data from Neiman Marcus customers); that virus is named KARTOKHA (means "potato" in Russian) and hence there is a strong suspicion at the U.S. Department of Homeland Security -- and its "National Cybersecurity and Communications Integration Center" -- that "Russian speaking codeheads from the former Soviet Union" were responsible (RT.com).

The Biggest Cybersecurity Threats of 2013 and 2014 for St. Louis

Security "evangelist and researcher" Tomer Teller asserts that cyber criminals are using "social engineering" tactics to steal information from citizens. That is, users of Facebook and Linked In and other social media sites are being targeted because their personal information is so readily available. The second kind of cybersecurity threats Teller warns about involved "Advanced Persistent Threats" (APTs); these are highly sophisticated and "carefully constructed" threats to corporations and governments in which a "low-and-slow" approach is used so they are difficult to detect (Teller, 2013). These APTs offer a chance for criminals to steal information quietly -- and not all APT attacks are used against giants like Microsoft Word, Teller continues. The APTs attack embedded systems as well, that have Internet protocol addresses, which means that "building security into these systems has never been more important" (Teller, p. 2).

Internal threats are also considered dangerous by Teller; they can be "…the most devastating" of all security threats because an insider can obtain a tremendous amount of data in preparation for the attack. The CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute -- and the U.S. Secret Service -- believe that "malicious insiders" in the banking and financial industry can "typically" get away with fraud and theft for "nearly 32 months" prior to being detected (Teller, p. 1).

The fourth ongoing threat to citizens of St. Louis and elsewhere is the opportunity for criminals to hack into personal devices. In fact the huge growth in the use of iPhones, Android Phones and other personal devices open the door as a "potential gateway for attackers" (Teller, p. 2). Web-based attacks can hit personal devices the same way they can access personal desktop computers, Teller goes on; and because smart phones are now used in the workplace, the criminals can likely circumvent the "detection mechanisms mobile vendors use") (p. 2).

The fifth threat that Teller talks about is "cloud security," the trend that companies use to store information in public cloud services; the cloud services are "juicy targets" for criminals, and can easily represent "…a single point of failure for the enterprise" (p. 3). Also, the author warns that the growth of HTML5 -- the sixth serious threat he presents -- is very real in 2014. HTML5 is the system that allows for "…the integration of various technologies" in cross-platform services, and no doubt as developers of HTML5 systems "a bound to make mistakes" attackers will surely "take advantage" (Teller, p. 3). The author also warns that botnets can be compromised and attackers are creating software that allows their malware attacks harder to detect. Malware appears disguised as a form of code, scripts, or active content but it is malicious software; it may be a virus, a worm, a Trojan horse, spyware, adware or simply rouge software disguised as security software. "Millions of malicious URLs are used as distribution channels to propagate malware all over the web… [and] victim systems fall in the control of the attackers" (Chang, et al., 2013). Firewalls and other digital security technologies "have only limited capability to mitigate this new problem," Chang explains.

What are the Greatest Cyber Crime Threats in St. Louis County?

"We need to abandon the belief that better defenses alone will be sufficient. Instead of just building better defenses, we must build better relationships. If we do these things, and if we bring to these tasks the sense of urgency that this threat demands, I am confident that we can and will defeat cyber threats, now and in the years to come…" (FBI Director Robert S. Muller).

The cyber crime threats in St. Louis County in a very real way mirror the cyber crime threats elsewhere in the United States. It is likely that the most prolific cyber crime in the St. Louis area is child pornography, "obscenity toward children," and "enticement of children for sexual conduct" (Gilbreth, 2012).

Meanwhile, the St. Louis Chapter of InfraGard -- an information sharing and analysis organization that combines knowledge of cyber threats with hands-on experience in criminal detection -- is a partnership between the Federal Bureau of Investigation and businesses, academic institutions, law enforcement groups and other private organizations. The role of the St. Louis Chapter of InfraGard is to acknowledge and response to denial of service attacks, network intrusions, and state-sponsored hackers that are "bent on compromising national security" and on stealing personal data of consumers from corporate websites (InfraGard, 2013).

Monitoring the training / seminar sessions that the St. Louis Chapter of InfraGard has provided to private industry and other members of the organization gives the researcher an idea of the greatest threats to St. Louis County.

For example, in 2013 the Chapter brought in two fraud investigators from MasterCard to review the need to protect citizens' credit cards in St. Louis County. The Chapter has also zeroed in on the vulnerability of mobile devices (smartphones), on social network vulnerabilities (due to personal and professional information being readily available).

Which three types of cyber crime should the task force prioritize?

First, child pornography and solicitation of children for sexual acts (over the Internet) should be at or near the top of the list. Second, Internet criminals who hack into company and government websites to steal personal data (where a person lives; where a person works; what activities the person engages in) is a vitally important component of a future task force in the St. Louis area. And third, credit card fraud -- which includes those criminals that hack into commercial websites and steal debit and credit card information -- is a big problem in St. Louis and should be an important part of the business of a task force for this area.

As to the child pornography and solicitation issue, there are so many instances of inappropriate behaviors vis-a-vis children online that Missouri was obliged to pass a new law in 2012 (statute 565.090). That legislation includes a "…new criminal provision for recklessly frightening, intimidating, or causing emotional distress to another…" who is seventeen or younger (Gilbreth, p. 16).

The Internet crime that also needs far more attention from a task force is credit card fraud, which is designed to stop hackers from going into commercial websites and stealing credit card information. In fact Schnucks Fresh Goods & Pharmacy in St. Louis was victimized by criminals in 2013. This is a classic example of how the task force can become effective, because the commercial stores (like Target and other retail firms) are vulnerable. Schnucks was attacked in 2013 and an estimated 2.4 million debit and credit card information were compromised between December 2012 and March, 2013, according to a story in the St. Louis Post-Dispatch (Gustin, 2013). How this works for the criminals -- and why the task force is so important in this aspect of cyber criminality -- is they hack into a vulnerable site where credit and debit cards are available. Then they insert "random access malware" into the site, which steals credit and debit card information.

Cyber Crime Task force Structure

It should be modeled after other similar task forces, notably the Missouri Internet Crimes Against Children Task Force (ICAC) -- a joint effort of St. Louis area sheriff and police department partnerships, along with 63 agencies in Missouri -- and the InfraGard task force, identified earlier in this paper. It should embrace all local law enforcement groups, the FBI, the U.S. Attorney's Office in St. Louis, key educational institutions, and private citizens (published authors and other experts) with knowledge of cyber crime. It should not be so wieldy that it becomes a bureaucratic monster, and it should select individual committee members for research and action.

What personnel and skills will be needed to investigate cyber crimes?

Computer forensics -- dealing with evidence and legal processes -- must be a key part of the task force's efforts. A computer forensics specialist "…will take several careful steps to identify & #8230;and retrieve possible evidence" and also he or she will locate "hidden" or "deleted" or "encrypted" files (Osuagwu, et al., 2010). Personnel that are familiar with intelligence, security, and investigations will be needed as well. Personnel with experiencing in rooting out those engaged in child pornography and credit card theft -- and those familiar with how to protect against unlawful intrusion into computers -- will be critical to the success of the task force.

What kind of equipment needs to be available for the task force?

What is needed to develop a cyber crime lab that can do forensics?

A computer forensics lab will be necessary for the task force to be effective. Clearly there needs to be better protection for credit card and debit card holders, and one solution that the task force could promote is the use of "chip and pin" as a replacement for magnetic stripe cards (Buck, 2014). The tiny microchip on cards prevents theft in most cases, but only 1% of U.S. credit cards in the U.S. use this technology (Buck). . And some of the software that should be in place includes the DIBS Mobile Forensic Workstation and DIBS Rapid Action Imaging Device (RAID) (Dibsforensics.com). Also, according to Greg Dominquez, the lab should include: a) an autopsy and sleuth kit; b) Technology Pathways (ProDiscover); c) WinHex; d) Unix, Linux, and Mac OS work "very well for forensics"; e) Blackbag technologies; f) ASRData; SubRosaSoft; g) Paraben; and h) Guidance software (Dominquez, 2007). These systems are needed because: hackers and other cyber criminals are often one step ahead of law enforcement and other agencies; it should be the goal of the task force to get a step ahead of cyber criminals.

What federal agencies in the St. Louis area should be involved in the task force?

Of course the FBI should be heavily involved as a resource in the task force that this paper is reviewing and creating. The existing Cybercrime Task Force in the Eastern District of Missouri is an arm of the United States Attorney's office. The U.S. Attorney's office prosecutes computer hackers under Title 18, U.S. Code, Section 1030 (sentences range up to 20 years in prison). Theft of information from illegal intrusions into computers is prosecuted by the U.S. Attorney's Office under Title 18, U.S. Code, Section 2319 (infringement of copyright); Section 2320 (trafficking in counterfeit goods and trademark violations); and Section 1832 (theft of trade secrets). The Cybercrime Task Force in the Eastern District of Missouri (including St. Louis) also prosecutes those who attempt (or commit) to engage in sexual acts with children (through the use of the Internet).