3.2 Malware - Recommendations
- A top priority for law enforcement should be the apprehension and prosecution of malware developers. As many of the more malicious variants such as Gozi, Torpig, Shylock and GameOver Zeus are controlled within closed criminal circles, successful law enforcement action on such groups would have considerable impact, not only removing the threat caused by their product but also preventing future product development or refinement by some of the more talented malware developers.
- Better co-ordination is required in operations to dismantle criminal infrastructure. Botnet takedowns are an area in which law enforcement has displayed considerable success. Such ventures require co-operation between multiple jurisdictions and Europol as well as with partners in private industry and CERTs. Many stakeholders have vested interests and resources linked to the criminal infrastructure therefore the timely involvement of all interested and involved parties is important to ensure the operation is executed at the most opportune time.
In May 2014 law enforcement dismantled a GameOver Zeus botnet and Cryptolocker infrastructure. Co-ordinated at EC3, this FBI-led operation also involved investigators from Canada, France, Germany, Italy, Japan, Luxembourg, Netherlands, New Zealand, Ukraine and United Kingdom, along with multiple partners from the Internet security industry.
- It is essential that law enforcement continues to build and maintain partnerships with the Internet security industry. The industry holds an accurate and contemporary picture of the cybercrime landscape at a broad, strategic level which law enforcement often lacks. The Internet security industry also holds a wealth of data which could assist in identifying and prioritising targets. MS should, based on national legislation and data protection rules, identify the possibility to establish procedures to benefit from this fact by initiating a dedicated outreach program for public-private partnerships. Furthermore, the industry can provide insight into new and emerging threats to allow LE to better prepare and take preventative action.