by Bharat Mistry
Cybercrime remains largely unique: it is without borders and offers perpetrators a great degree of anonymity, meaning most escape justice. But that’s changing, as some excellent policing work in recent days has shown. The takedown of two of the world’s biggest darknet marketplaces, AlphaBay and Hansa, illustrated what can be achieved when law enforcers work effectively with each other across borders.
Yet despite these successes, cross-border collaboration and public-private sector initiatives are still relatively new. That’s why we’ve invited representatives from the FBI, GCHQ, and Interpol to share their experiences at Trend Micro’s upcoming CLOUDSEC 2017 conference in September.
Planning for success
The AlphaBay and Hansa takedowns have been described by Europol director, Rob Wainright, as “one of the most sophisticated law enforcement operations against cybercrime that we’ve ever seen”. The takedown of the former was helped significantly by rookie mistakes made by suspected founder Alexandre Cazes, whose Hotmail address was reportedly used to send out password recovery emails to members. Still, the operation required co-ordination with police in Thailand, Lithuania, Canada, the UK and France.
Meanwhile, Dutch police took control of Hansa servers in Lithuania, the Netherlands and Germany a few weeks earlier, but co-ordinated with their American counterparts to leave the site up even after AlphaBay was shut down, so they could monitor users flocking there from the shuttered darknet marketplace. “The usernames and passwords of thousands of buyers and sellers of illicit commodities have been identified and are subject to more follow-up investigation by Europol and our partner agencies,” explained Wainright.
The months-long operations have removed what Europol claims to be “two of the largest criminal Dark Web markets” in the world. AlphaBay alone reached over 200,000 users – allowing an illegal trade in drugs, arms and even malware.
Yet that’s not all. Microsoft has been busy recently continuing its policy of using legal channels to target cybercriminals. The firm is suing notorious alleged Russian gang Pawn Storm (Fancy Beak/APT28). The group – pegged by many for ties to the Kremlin and for attacks on the Democratic National Committee (DNC) ahead of last year’s US presidential election – is alleged to have registered multiple fake Microsoft domains for its attack infrastructure. Microsoft’s legal bid is an attempt to disrupt Pawn Storm operations by sink-holing these domains and redirecting traffic to its servers.
It’s not a new tactic, but is yet another example of what can be done to get on the front foot to disrupt and discomfort cyber-criminals.
It’s an area which Trend Micro is keenly involved in, having agreements in place with Europol, Interpol and numerous law enforcement organisations across the globe. In fact, earlier this year we helped support a major operation to crack down on cybercrime in the ASEAN region, resulting in the identification of nearly 9,000 Command and Control (C&C) servers and hundreds of compromised websites.
That’s why we’re devoting a significant part of our upcoming CLOUDSEC 2017 conference in London to sessions focused on cybercrime policing and how to build better partnerships with law enforcement. We’ll have Interpol Head of Strategy and Outreach, Christophe Durand; FBI Assistant Legal Attaché, Todd Renner; a representative from GCHQ’s National Cyber Security Centre, and many more experts to share their views.
That’s just one aspect of a conference full of fantastic learning and networking opportunities. Places are selling fast so be sure to book your spot today.
What: CLOUDSEC 2017
When: Tuesday 5 September
Where: Park Plaza Westminster Bridge, London