Strengthening our cyber defences

Governments and corporations need each other's support

Mr Nakatani and Mr Wilson opening the Fourth Interpol-Europol Cybercrime Conference, held at the Interpol Global Complex for Innovation last month.
Mr Nakatani and Mr Wilson opening the Fourth Interpol-Europol Cybercrime Conference, held at the Interpol Global Complex for Innovation last month. ST PHOTO: JAMIE KOH

The strongest hint about what governments feel is the most effective way to fight borderless cybercrime can be found right here in Singapore - in a wave-shaped building off Orchard Road, where the former Tanglin Police Division Headquarters once stood.

Called the Interpol Global Complex for Innovation (IGCI), the year-old building represents the collective efforts of the organisation's 190 member countries to come together and pool resources to bring down cybercrime syndicates.

Like a clearing house, the centre provides a platform for law enforcement agencies worldwide to share sensitive information about attacks in a trusted setting, coordinate their response and learn from each incident, says IGCI executive director Noboru Nakatani.

The centre also has a strong research priority: Where criminals use technologies such as encryption and virtual currencies to commit attacks, the IGCI has tapped technology to create forensic tools that can trace the source of an attack and analyse malware, he notes.

"What we need to do to catch up with criminals using the latest services and technology and bring them to justice is enhance our cooperation mechanisms, such that members know what information needs to be shared, with whom, how often and how," he says.

"We must also be using more or less the same technology, which is why research is very important."

With the sheer number of novel and successful attacks in recent years, law enforcement agencies have recognised that they do not have the expertise or cutting-edge tools that large IT firms and security companies have, he adds. So the IGCI fosters closer cooperation between the public and private sectors.

BEATING THE BOTNETS

This approach has already achieved measurable success: Working with global IT firms such as Microsoft, Trend Micro and Kaspersky, Interpol has helped take down globe-spanning botnets - armies of infected computers that lie dormant until they are activated to commit cyber attacks.

Such public-private alliances have been strengthened as companies realise that defeating the threat posed by cybercrime requires a mixture of technical know-how, legal expertise and law enforcement measures.

Earlier this month, Microsoft launched its Transparency Centre and Cybercrime Centre for the Asia-Pacific in Singapore with precisely this idea - to work more closely with governments in the region to dismantle online threats.

While a firm like Microsoft has access to troves of customer data that can help it understand and fight cyber threats, defeating the masterminds in the real world requires government support, says the regional director of its digital crime unit, Mr Keshav Dhakad.

"We couldn't have dismantled the botnet chains alone," he says. "Law enforcement brought us the muscle to drive actual enforcement, raids and seizures."

Organisations that are frequently the target of cyber attacks, such as banks, are beginning to realise the importance of sharing information with the authorities in a timely manner, says Mr Steven Wilson, who heads Europol's European Cybercrime Centre.

Such companies have traditionally been tight-lipped about acknowledging attacks, fearful of reputational damage, legal repercussions and losing ground to competitors.

But such a mindset works to the attacker's advantage, as the same attack methods and tools can then be reused against other companies in the same sector.

Mr Wilson recounts how European banks and law enforcement officials had a much testier relationship as recently as two years ago, with each side faulting the other when breaches occurred.

Fortunately, as the number of cases cracked through close cooperation goes up, the virtues of cooperation have become more apparent, he says, with more banks now participating in similar information-sharing mechanisms, such as the international Cyber Defence Alliance.

But experts in both law enforcement and the cyber security field say much more needs to be done to build on the small successes achieved so far.

ASEAN: LACK OF PRIORITY

As with any other voluntary international platform, an organisation such as the IGCI can be effective only if member countries are willing to provide timely and consistent input.

That almost every case cracked by the centre was outside South-east Asia might point to a lack of prioritisation by countries in the region to fight cyber threats.

Minister-in-charge of Cyber Security Yaacob Ibrahim hinted as much when he urged his counterparts at the first Asean Ministerial Conference on cyber security to support the IGCI, for instance, by seconding more law enforcement officers to the organisation.

"While the IGCI has made a promising start, countries have to actively support the IGCI for its continued success and effectiveness," he said, as he called on Asean members to partner Interpol and conduct more joint operations against cyber criminals to enhance the collective security of the region.

Also, a centre such as the IGCI is focused largely on the criminal aspects of cyber attacks.

While this covers areas such as credit-card fraud, phishing scams, theft of personal data, and syndicates and terror groups using the Internet to communicate and broadcast their messages, its ambit does not extend to cyber warfare or espionage when state or state-sponsored groups are involved.

"When we talk about cyber security, one part of it is cybercrime, but the issue also relates to cyber warfare, cyber espionage, trade and intellectual property - relevant to many other domains of government services," says Mr Nakatani.

It would be "challenging" to try to get countries to cooperate over policies to govern cyberspace, he says. "We are not given the mandate to formulate the policy which will be applicable to all member countries."

He notes: "We try to maximise international police cooperation through existing laws and regulations in different countries."

But any attempt to draw a line between hacking by governments and hacking by criminal groups is becoming increasingly artificial, since conventional weapons are stored securely and are largely well-guarded, but the same cannot be said of cyber weapons.

At a cybercrime conference held at the IGCI last month that brought together 200 cyber experts from around the world, Mr Freddy Dezeure, who heads the European Union's Computer Emergency Response Team (CERT-EU), touched on the subject.

He shared how two powerful tools used by states to spy on other states were leaked onto the Internet in August alone: one designed to defeat firewalls; the other to attack Apple products such as iPhones and Macintosh computers.

"In effect, these sophisticated tools used by intelligence agencies are now available in the wild, and these tools expose the whole world to vulnerabilities," he said.

"They are functional and documented, and any criminal can just download them and use them against any organisation, not necessarily sophisticated states any more: It could be an energy supplier, a water supplier, a bank or a political office."

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Sunday Times on October 23, 2016, with the headline Governments and corporations need each other's support. Subscribe