What are the main future cybercrime threats on the horizon? And how has the European Cybercrime Center (EC3) contributed to protect European citizens and businesses since its launch in January 2013?
These questions are at the core of an EC3 report presented today, and discussed at a conference organised by the Commission, with participants from law enforcement authorities, national and EU institutions and the private sector.
“Criminal behaviour is changing fast, exploiting technological developments and legal loopholes. Criminals will continue to be creative and deploy sophisticated attacks to make more money, and we must be able to keep up with them. The expertise of the EC3 is helping us to fight this battle and boost European cooperation. Through several successful, far-reaching operations in the past year, the European Cybercrime Centre has already earned well-deserved fame amongst law enforcement agencies”, said Commissioner for Home Affairs Cecilia Malmström.
Troels Örting, Head of the European Cybercrime Centre added: “In the 12 months since EC3 opened we have been extremely busy helping EU law enforcement authorities to prevent and investigate cross-border cybercrime. I am proud and satisfied with our results so far, however we cannot rest on our laurels. I am especially worried about the increasingly complex forms of malware that are surfacing, along with more technologically advanced cyber-scams, and the so-called ‘sextortion’ of minors. We have only seen the tip of the iceberg, but EC3, backed by our valued stakeholders and partners, is dedicated to supporting Member States’ future frontline cybercrime operations.”
According to a recent Eurobarometer, 12% of European internet users have had their social media or email account hacked. 7% have been the victim of credit card or banking fraud online.
EC3 achievement highlights
The main task of the European Cybercrime Centre is to disrupt the operations of organised crime networks that commit serious and organised cybercrime (for more details, see MEMO/13/6 and infographics).Concretely, the EC3 supports and coordinates operations and investigations conducted by Member States’ authorities in several areas. Recent examples include:
High-tech crimes (cyber-attacks, malware)
In its first year, the EC3 assisted in the coordination of 19 major cybercrime operations, for instance:
- Two major international investigations (Ransom and Ransom II) were concluded, related to so-called Police Ransomware – a type of malware that blocks the victim’s computer, accusing the victim of having visited illegal websites containing child abuse material or other illegal activity. Criminals request the payment of a “fine” to unblock the victim’s computer, making the Ransomware look as if it comes from a legitimate law enforcement agency. Cybercriminals convince the victim to pay the ‘fine’ of around €100 through two types of payment gateways – virtual and anonymous. The criminals investigated by EC3 infected tens of thousands of computers worldwide, bringing in profits in excess of one million euros per year. 13 arrests were made (mainly in Spain) and the networks were broken up.
- EC3 has also supported several international initiatives in the areas of botnet takedowns, disruption and investigation of criminal forums and malware attacks against financial institutions, such as the recent takedown of the ZeroAccess botnet together with Microsoft and high-tech crime units from the German BKA, Netherlands, Latvia, Luxembourg and Switzerland.
Online child sexual exploitation
At present, EC3 supports 9 large child sexual exploitation police operations within the European Union. In the first year of EC3, significant efforts – jointly with many Member States and non-EU cooperation partners – were put into combating the illegal activities of paedophiles engaged in the online sexual exploitation of children using hidden services.
EC3 is involved in many operations and joint investigations targeting the production and distribution of child abuse material on various internet platforms. It is providing ongoing operational and analytical support to investigations on the dark net, where paedophiles trade in illicit child abuse material in hidden forums, as well as to investigations into ‘sextortion’. Sextortion is the term given to the phenomenon where child abusers gain access to inappropriate pictures of minors and use the images to coerce victims into further acts or the abuser will forward the images to family and friends of the victim.
The EC3 is currently providing operational and analytical support to 16 investigations, regarding payment fraud. In 2013 it supported investigations resulting in three different international networks of credit card fraudsters being dismantled:
- One operation led to the arrest of 29 suspects who had made a 9 million Euro profit by compromising the payment credentials of 30,000 credit card holders.
- The second network that was tackled resulted in 44 arrests during the operation (which followed 15 previous arrests; 59 arrests in total) in several Member States, two illegal workshops for producing devices and software to manipulate Point-of-Sale terminals dismantled, illegal electronic equipment, financial data, cloned cards, and cash seized. The organised crime group had affected approximately 36.000 bank/credit card holders in 16 European countries.
- The third operation targeted an Asian criminal network responsible for illegal transactions and the purchasing of airline tickets. Two members of the criminal gang, travelling on false documents, were arrested at Helsinki airport. Around 15,000 compromised credit card numbers were found on seized computers. The network had been using card details stolen from cardholders worldwide. In Europe, over 70,000 euros in losses were suffered by card holders and banks.
- An operation against airline fraudsters using fraudulent credit cards to purchase airline tickets was coordinated by the EC3 in 38 airports from 16 European countries. During the operation, more than 200 suspicious transactions were reported by the industry and 43 individuals were arrested (followed by another 74 arrests after the action day; 117 arrests in total). These were all found to be linked to other criminal activities, such as the distribution of credit card data via the internet, intrusions into financial institutions’ databases, other suspicious transactions, drug trafficking, human smuggling, counterfeit documents including IDs, and other types of fraud. Some of those detained were already wanted by judicial authorities under European Arrest Warrants.
Future threats and trends in cybercrime
Currently, around 2, 5 billion people worldwide have access to the internet and estimates suggest that around another 1, 5 billion people will gain access in the next four years. As our online life, with all its immense advantages, will continue to grow, so will our exposure to online crime. In its first yearly report, the EC3 looks at future cybercrime threats and trends. Among others, it points to the following:
Growing ranks of criminals. The threshold for stepping into the business of cybercrime is becoming very low. Already now, a complete underground economy has developed, where all sorts of criminal products and services are traded, including, drugs, weapons, hired killings, stolen payment credentials and child abuse. Any kind of cybercrime can be procured even without technical skills – password cracking, hacking, tailor-made malware or DDoS attacks.
More demand. It is expected that the demand for and use of cybercrime services will increase, resulting in an even stronger growth of the development, testing and distribution of malware; building and deployment of botnets; theft and trade in payment credentials as well as money laundering services.
Increased sophistication. The development of more aggressive and resistant types of malware is expected. This includes ransomware with more advanced encryption complexity; more resilient botnets; and banking malware and Trojans with advanced sophistication, in order to circumvent protection measures by financial institutions.
Even more global. Due to rapidly spreading internet connectivity, cybercrime originating in Southeast Asia, Africa and South America will grow.
Going mobile. A shift of malware development is expected towards the operation on, and distribution through, mobile devices.
Smarter distribution. New ways of distributing aggressive and resistant types of malware are expected in the coming years. There is also an increasing, worrying trend of offering child abuse through live streaming, which leaves police without evidence unless intercepted at the time of transmission.
Increased need for money-laundering. Criminals will seek easy ways of cashing and laundering profits. Targeting large numbers of citizens and small to mid-sized companies for relatively small amounts is a scenario likely to continue. But also the use of payment credentials for online purchases will grow. The demand for e-currencies and other anonymous payment systems will rise further.
Targeting of cloud services. The hacking of cloud services becomes more and more interesting for criminals. It is expected that criminals will increasingly aim at hacking such services for the purpose of spying, retrieval of credentials and extortion.
To address these developments and fight a crime that by its very nature knows no borders or jurisdictions, the EC3 will continue to provide operational support to law enforcement agencies from EU Member States and from non-EU cooperation partners. It will further develop its expertise in training and capacity building, strategic analysis and digital forensic support.
Special Eurobarometer 404 on CYBER SECURITY (November 2013)