iOCATA 2015

As highlighted in the 2014 IOCTA, the rise of the Internet of Things (IoT) or the Internet of Everything (IoE) is seen as a major challenge for law enforcement together with Big Data and the Cloud. Being able to keep up with the pace of technological development will require law enforcement to constantly update their digital forensics capabilities.

Based on the feedback received, Big Data for law enforcement usually means a lot of data which is often referred to as the volume challenge. Cases involving several terabytes of data for one suspect are becoming more common, which has a considerable impact on investigations in terms of resources and time, making it more difficult for law enforcement to find the proverbial needle in the haystack. For instance, in one of the cases the amount of data exceeded 100 terabytes. This has stimulated research into tools and methods to improve the handling and analysis of large quantities of data1.

While the potential benefit of Big Data for more efficient, proactive and preventive police work is generally accepted2, specifically in relation to predictive policing, it appears that the majority of EU law enforcement agencies are not at a stage where Big Data analytics is being used to its full potential or even considered at all. The potential benefits identified by law enforcement include improved and more targeted analytical capabilities, an increased chance to find relevant evidence, better support for the triage process and the ability to create a denser timeline of events, and the support for the automated analysis of crime-relevant data, including speech and video recognition.

While the IoT is still seen as an emerging threat from a law enforcement point of view3, the rising number of smart ‘things’, including smart homes, smart cars4 5, smart medical devices6 and even smart weapons7 are a clear indicator of its growing adoption8. This contributes to an increasing digitisation and online presence of personal and social lives, and an increasing level of interconnectivity and automation, which creates a number of challenges in terms of privacy, security, and trust. Law enforcement needs to be prepared to address the criminal abuse of such devices and of the data that is generated or collected via the IoT.

The Cloud is an enabler for IoE and Big Data by providing the distributed and scalable resources needed to handle the data growth and provide the necessary processing services. Data together with entire infrastructures will continue to move to the Cloud, which is already creating technical and legal challenges for law enforcement. Equally, criminals aim to abuse Cloud services such as popular file synchronisation services9, for instance to host malware or C&C structures, as they are less likely to see any traffic blocked by security systems.

For law enforcement, the top challenges in relation to smart devices and the Cloud are:

  • Access to data – including determining the location of and timely and lawful access to evidence, determining the relevant legislation, and technical challenges – for instance in relation to encryption;
  • Digital forensics and investigation – in relation to live data forensics and cloud forensics, but also in terms of keeping up with the pace of technical development and the variety of new hardware and software components; encryption, attribution and the quantity of data were highlighted under this topic;
  • Training and education – specifically in terms of establishing and maintaining the necessary skills and expertise for first responders and forensics experts;
  • Privacy and data protection issues linked to a lack of control over data and the risk of data breaches, criminal abuse e.g. in terms of hosting criminal infrastructures and new criminal opportunities due to a lack of security by design, a lack of protective action and a lack of awareness;
  • Cross-border/international cooperation issues linked to inadequate legislation and the mutual legal assistance treaty (MLAT) process.
Open image in new tab Challenges for Law Enforcement

Of the questionnaire responses received from EU law enforcement, three agencies indicated that they were organising or were planning on organising training programmes on the IoT and the Cloud. Three agencies specified that they were cooperating with private industry on this topic. One law enforcement agency supported preventive activities in this area.

However, the feedback provided by law enforcement also identifies several opportunities with regard to the IoT and the Cloud:

  • Digital forensics and investigation – new investigative tools and techniques, new sources and types of evidence, enhanced cross-matching and OSINT opportunities;
  • Access to data – centralised access, single point of contact for data requests, possibility for improved exchange of data;
  • More opportunities for public-private partnerships and cooperation with private industry.
Future threats and developments img

Future threats and developments

Rapid technological advancements and the increasing (inter)connectivity of people and devices contribute to an ever-rising stream of data and further blur the lines between real life and cyberspace.

While this is making the protection of data and ensuring privacy more challenging, it can also help address the new challenges and threats in cyberspace, for instance in the form of data-driven security or behaviour-based security10.

Data, particularly any personal data, is a commodity that is and will continue to be highly sought-after by private companies to further improve the purchasing experience and the prediction of customer behaviour, but also for security purposes e.g. to implement two-factor authentication - as a key commodity and enabler for cybercrime it is of equal interest to criminals. It is therefore safe to assume that criminals will continue to target companies collecting data, specifically also companies that hold records containing different categories of personal data (e.g. healthcare data) as they can be abused in different ways and for different types of crimes.

The ever-increasing amount of data will increasingly require tool support and automation, including machine learning and artificial intelligence approaches. This will apply to law enforcement and criminals alike and will present its own set of challenges for instance in terms of evidence admissibility.

The rising adoption of the IoT and the Cloud continues to create new attack vectors and increases the attack surface for cybercrime11 12. Considering our increasing dependency on connected and smart devices, emerging and future attack scenarios may encompass physical or mental harm, either intentionally or unintentionally. Possible scenarios range from hacked smart cars and hacked medical devices13 14 to hacked weaponised drones15.

Cybercriminals will continue to migrate their activities to the Cloud, often abusing legitimate services and combining different techniques to hide their activities16 17. The dependencies of the IoT on Cloud services and storage will provide criminals with a broadened range of possibilities to disrupt or manipulate smart devices as well as to extract data18 19 20.

With criminals being able to potentially access and combine different types and sources of data, one can expect more sophisticated types of attacks (e.g. social engineering) but also new forms of existing crimes (e.g. extortion, ransomware). With novel approaches emerging to secure systems using e.g. behavioural patterns21 to identify legitimate users, criminals may be forced to expand their data collection activities in order to be able to successfully mimic the behaviour of a user.

Common-mode failures or failures that result from a single fault in software or hardware components used in smart devices will continue to present a mayor cybersecurity risk to the IoT22 23.

  1. Techcrunch, Next-Gen Cybersecurity Is All About Behavior Recognition, http://techcrunch.com/2015/08/23/next-gen-cybersecurity-is-all-about-behavior-recognition/, 2015
  2. ENISA, Threat Landscape for Smart Home and Media Convergence, http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-thematic-landscapes/threat-landscape-for-smart-home-and-media-convergence, 2015
  3. Net Security, Average Financial Services Company Uses 1,004 Cloud Applications, http://www.net-security.org/secworld.php?id=18793, 2015
  4. Schneier on Security, Hacking Drug Pumps, https://www.schneier.com/blog/archives/2015/06/hacking_drug_pu.html, 2015
  5. MIT Technology Review, Security Experts Hack Teleoperated Surgical Robot, http://www.technologyreview.com/view/537001/security-experts-hack-teleoperated-surgical-robot/
  6. Gizmodo, Police in India Will Use Weaponized Pepper Spray Drones on Protesters, http://gizmodo.com/police-in-india-will-use-weaponized-pepper-spray-drones-1696511132, 2015
  7. Imperva, Imperva Hacker Intelligence Initiative uncovers New “Man In the Cloud” Attacks that Use Popular File Synchronisation Services, http://investors.imperva.com/phoenix.zhtml?c=247116&p=irol-newsArticle&ID=2075878, 2015
  8. Fireeye, Hammertoss: Stealthy Tactics Define a Russian Cyber Threat Group, https://www.fireeye.com/blog/threat-research/2015/07/hammertoss_stealthy.html, 2015
  9. HCI, Why Hackers Love Healthcare Organizations, http://www.healthcare-informatics.com/article/why-hackers-love-healthcare-organizations, 2015
  10. DARKReading, Spiderbot, Spiderbot, Does Whatever A Hacker Thought, http://www.darkreading.com/partner-perspectives/intel/spiderbot-spiderbot-does-whatever-a-hacker-thought/a/d-id/1321850,2015
  11. DARKReading, Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware, http://www.darkreading.com/partner-perspectives/intel/vulnerable-from-below-attacking-hypervisors-using-firmware-and-hardware/a/d-id/1321834, 2015
  12. Techcrunch, Next-Gen Cybersecurity Is All about Behavior Recognition, http://techcrunch.com/2015/08/23/next-gen-cybersecurity-is-all-about-behavior-recognition/, 2015
  13. DARKReading, Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo, 2015 http://www.darkreading.com/vulnerabilities---threats/chrysler-recalls-14-million-vehicles-after-jeep-hacking-demo-/d/d-id/1321463, 2015
  14. Arstechnica, Researchers Reveal Electronic Car Lock Hack After 2-Year Injunction by Volkswagen, http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/, 2015
Recommendations img

Recommendations

  • There is a need to inform law enforcement on a broad basis about Big Data and the challenges and opportunities that come with it.
  • With the increasing adoption of the IoT and Cloud computing and services, law enforcement needs to invest in developing and maintaining the necessary skills, knowledge and technical capability to investigate IoT- and Cloud-related crimes.
  • Existing initiatives aimed at improving the security of smart devices should be promoted and used to encourage companies to consider security and privacy as part of the design process24.
  • Security-by-design and privacy-by-design should be the guiding principles when developing smart devices and when collecting and processing data. This includes the need to only collect the minimum amount of data necessary, automatically protect personal data by using proactive security measures and means to make individuals less identifiable.
  • Based on existing work undertaken in this area for instance by ENISA25, policy makers should continue to work on effective, efficient and balanced legislation and regulations.
  1. Auto Alliance, Automakers Announce Initiative To Further Enhance Cyber-Security In Autos, http://www.autoalliance.org/index.cfm?objectid=8D04F310-2A45-11E5-9002000C296BA163, 2015
  2. ENISA, Threat Landscape for Smart Home and Media Convergence, http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-thematic-landscapes/threat-landscape-for-smart-home-and-media-convergence, 2015
  1. Elsevier, Fast Contraband Detection in Large Capacity Disk Drives, http://www.dfrws.org/2015eu/proceedings/DFRWS-EU-2015-3.pdf, 2015
  2. ISSUU, Predictive Policing: Taking a Chance for a Safer Future – http://issuu.com/rutgerrienks/docs/predictive_policing_rienks_uk, 2015
  3. 2015 IOCTA Survey; Only one EU law enforcement agency reported a case involving a smart device.
  4. Reuters, Daimler to Test Self-driving Trucks in Germany This Year, http://www.reuters.com/article/2015/07/25/us-daimler-autonomousdriving-idUSKCN0PZ0KH20150725, 2015
  5. GlobalAutomakers, Vehicle-to-Vehicle Technology, https://www.globalautomakers.org/topic/vehicle-vehicle-technology, 2015
  6. FierceHealthIT, IoT to Fuel Revolution in Digital Healthcare, http://www.fiercehealthit.com/story/iot-fuel-revolution-digital-healthcare/2015-07-01, 2015
  7. WIRED, Hackers Can Disable a Sniper Rifle – Or Change Its Target, http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/, 2015
  8. Trend Micro, What Smart Device Makers Must Do to Drive the IoT Revolution, http://blog.trendmicro.com/what-smart-device-makers-must-do-to-drive-the-iot-revolution/?linkId=15627100, 2015
  9. Imperva, Imperva Hacker Intelligence Initiative uncovers New “Man In the Cloud” Attacks that Use Popular File Synchronisation Services, http://investors.imperva.com/phoenix.zhtml?c=247116&p=irol-newsArticle&ID=2075878, 2015