In recent years, the internet has considerably facilitated communication and promoted global development and interaction. At the same time, new, modern challenges have emerged in the form of cybercrime as criminal groups exploit these technological advances. The European Union is a key target for cybercrime because of its advanced internet infrastructure, high number of internet users and widespread use of electronic banking and payment systems.
Cybercrime is an explicit part of Europol’s mandate and the growing threat in the European Union has made this worldwide phenomenon a priority on Europol’s agenda. As part of the strategic planning for a European Cyber Crime Centre, Europol has produced the iOCTA* – a Threat Assessment on Internet Facilitated Organised Crime. The iOCTA’s findings are based on EU law enforcement intelligence and open source material.
The longer we spend online, the easier it is for potential fraudsters to access our data. With the increasing availability of wireless internet access points and hotspots, users are unwittingly exposing their personal data in these environments. Criminals use open access internet connections or private wireless accounts that aren’t password–protected, to mask online criminal activities that the account holder could later be held liable for.
Hardware developments have likewise enabled more flexible access to the internet and greater portability of data. Preventing cybercrime is no longer simply a case of protecting home computers: laptops, smartphones, and even games consoles, can all be online and vulnerable to attacks – some of the most common and dangerous vulnerabilities are found in internet browsers. Crimeware already exists to access data on smartphones, while infected games consoles can be incorporated into botnets designed to launch denial of service (DoS) attacks, which typically disrupt high–profile web sites and servers such as banks and credit card payment processors.
The iOCTA outlines how internet facilitated organised crime will continue to increase in line with broadband internet uptake, finding new offenders and victims in areas of the world where internet access was previously limited. Increasing bandwidth, automation and criminal technical skills will also fuel the growth in cybercrime. Criminals will continue to exploit the favourable market conditions of the last 10 years which saw a substantial increase in e–commerce.
Corporate social networks, giving access to email and instant messaging, have existed for some time, but the expansion of remote working will fuel an increasing trend for tools like video/avatar conferencing, collaborative document editing and online data storage. This will present additional risks to information security and data protection, so secure encryption should be a high priority for users of such tools.
The growth in popularity of cloud computing – internet–based computing where resources, software and data are stored and shared online – enables remote access to data from any location and therefore makes data vulnerable to external attacks. This raises concerns about whether security measures will be properly enforced by the storage provider, or understood by the data owner or customer. The key to cloud computing’s success will be whether the convenience of remote access will be matched by confidence in its security provisions.
Europol’s iOCTA: Selected findings and recommended actions
- EU Member States already rank amongst the most highly infected countries in the world when it comes to computer viruses and malware. As internet connectivity continues to spread, EU citizens and organisations will be subjected to more cyber attacks, and to attacks from previously underconnected areas of the world. Combating cybercrime will therefore require new international strategic and operational partnerships.
- Active partnership with the private sector is essential, not only to share intelligence and evidence, but also in the development of technical tools and measures for law enforcement to prevent online criminality. The academic community also has an important part to play in the research and development of such measures.
- Because of the global reach and scale of internet facilitated organised crime, its disparate nature, and the unprecedented volumes of data involved, centralised coordination of intelligence gathering, analysis, training, and partnership management is required at an EU level, to ensure that Member States and EU agencies make the most effective use of resources. The establishment of a European Cybercrime Centre, as outlined in the recent Council conclusions on cybercrime and in the EU’s Internal Security Strategy, will be an important and timely step forward.
Awareness raising on individual and corporate user responsibility are key to combating cybercrime. EU–wide awareness raising and points of contact are required for a range of issues, including illegal downloading, social engineering, payment card security, securing wireless internet connections, and the risks to children. The use of crowdsourcing to gather intelligence on cybercrime from internet users should also be considered.
Europol’s role in the fight against cybercrime
- Europol is the European Union law enforcement agency. It plays a key role in the European Cybercrime Task Force – an expert group made up of representatives from Europol, Eurojust and the European Commission, working together with the Heads of EU Cybercrime Units to facilitate the crossborder fight against cybercrime.
- By means of its cybercrime database, Europol provides EU Member States with investigative and analytical support on cybercrime, and facilitates crossborder cooperation and information exchange.
- Strategic analysis of Internet Facilitated Organised Crime (iOCTA) assesses current and future trends in cybercrime, and informs both operational activity and EU policy.
- The Internet Crime Reporting Online System (ICROS) and Internet & Forensic Expert Forum (IFOREX) are currently in development. These will provide centralised coordination of reports of cybercrime from EU Member State authorities, and host technical data and training for law enforcement.
*The full iOCTA will be made available on Friday, 7 January 2011 via Europol’s website.