Story image

Global cybercrime lord busted, but expert says just a drop in the ocean

29 Mar 18

Europol recently made the announcement that the suspected leader of an international cybercrime gang had been arrested in Spain.

It was a colossal investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities, as well as private cybersecurity companies.

After being prominent since 2013, the Carbanak gang (named from one of its more popular forms of malware) has attacked banks in more than 40 countries resulting in cumulative losses of more than EUR 1 billion.

On the surface, it is a tremendous success for law enforcement and the ‘good guys’ following no doubt an arduous investigation. But when considering the sheer size of the cybercrime underworld and its ludicrous amounts of money garnered every year, is it really that big of a deal?

Cybereason senior director of intelligence services Ross Rustici says it comes down to perspective.

“The thing that made Carbanak stand out was its organization and planning. The amount of money they were able to steal combined with the length of operation make the group one of the most successful, known groups out there. However, there are three things that make the impact of the arrest still a largely unknown quantity,” says Rustici.

“The first, is Carbanak hierarchical or amoebic? Does catching the "leader" result in an unrecoverable loss of organisation and capabilities or will the groups simply adjust and keep going. I don't think anyone has enough insight into the group to know for sure.”

Second, Rustici says, is the question of how diffuse Carbanak’s techniques are.

“Cybercrime is a copycat game for the most part, this arrest makes a larger dent in cybercrime if there is no one waiting in the wings to take up this type of intrusion against financial institutions,” says Rustici.

“Unfortunately, I think now that people have seen how this works, there are already plenty of copy cats. If Carbanak goes down, but the technique still works, others will take their place.”

And third, Rustici says we need to consider just how effective this bust is as a deterrent for other cybercriminals.

“Perhaps more effective than if you look at the impact on actual operations is the deterrent effect of the arrest. This group had a lot of mystique around them both in terms of the size of their heists and their ability to operate,” says Rustici.

“The arrest of the ringleaders might be discouraging for other groups to grow quite as large and cross as many borders. That effect would have the largest impact on overall trajectory of cybercrime.”

Rustici says in absolute terms, despite being known as the ‘billion dollar cybercrime group’, the activity of Carbanak has always been relatively small in comparison to the overall cybercrime group.

“Even if we are generous and give them double their reported earnings, sitting at 3 billion lifetime earnings is roughly 500 million a year, that is less than half a percent of estimated global cybercrime a year,” says Rustici.

“Taking out half a percent of global cybercrime is a large deal in terms of a single bust. In terms of how much cybersecurity professionals see the difference, it looks more like a rounding error.”

The sheer number of organisations, countries and law enforcement agencies behind the Carbanak investigation was well reported, and Rustici says the importance of cooperation in apprehending cybercriminals cannot be overstated.

“It is exceedingly rare these days that people hack within their own borders using only infrastructure within that same country. The Internet is global by nature and so too are the criminals who reside on it,” says Rustici.

“The two largest impediments to combating cybercrime from a law enforcement angle are trained professionals and jurisdiction. The ability to work across borders, share information, and reduce the blind spots that cybercriminals have available to them to hide in is often the key difference between a successful arrest and a cold case.”

According to Rustici, cryptocurrency offers the perfect avenue for money laundering but isn’t yet widely accepted. This is fortunate because it would appear that the downfall of the Carbanak’s gang leader came down to financial traces. Rustici says it could cause problems if it was to be accepted.

“The loss of traditional financial institution's support in tracking crime makes law enforcement's job much more difficult. However, we are already seeing attempts to regulate the space for tax purposes. Law enforcement and regulators will get more creative in how to make cryptocurrency more government friendly,” says Rustici.

“Until they do, a lot of the work will focus more on finding gaps than on actually tracing money as it flows through the system. Right now cryptocurrency is very similar to tax havens that don't share information readily. That problem will continue to expand as cryptocurrency becomes mainstream, but this is a known problem and therefore one that someone will find an answer to, even if it makes investigations take significantly longer in the meantime.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.