Interpol: Policing model needs to change with cybercrime

The digitalisation of the global workforce in the face of a pandemic has led criminals to upgrade their working model, and now law enforcement must too.

Interpol cybercrime director Craig Jones set forward this idea at Acronis's #CyberFit Summit in Singapore on Thursday, dispelling the stereotype of a lone threat actor in a hoodie hunched over a keyboard in favour of an integrated criminal ecosystem.

"We are now looking at a business model. Because we've evolved, the criminals have evolved as well in our digital space," said Jones. "We see a whole criminal business supply chain as well, from people gaining illegal access to criminals offering ransomware as a service."

He added that cybercriminals now have a broad range of skills as well as access to their own colleagues with skills at low cost, in a borderless environment, as they attack not just some store or object, but day-to-day infrastructure.

Jones said that in order to tackle these ecosystems, law enforcement needs to move away from the traditional method that goes back thousands of years. He cited China's early local magistrates as a historic example.

"We sit locally in a police station, we get into a car, we patrol the streets in the communities," said Jones. "It's divided up into different stations, regions, areas, and we work and we police that local community. But police do not sit in that online community. We don't see what you've seen."

• Russia starts playing by the rules: FSB busts 14 REvil ransomware suspects
• Google launches lawsuit against a blockchain-enabled botnet
• European Cybercrime Centre confident it's kicked credit card crims – again
• You wanna use GCHQ offshoot NCSC's threat intel feeds? Why not, say bosses

Jones said one way forward was for law enforcement to share its data, presumably with other agencies outside individual jurisdictions. "In much the same way you as a community share data information between yourselves, law enforcement needs to do better," said the director.

"Geopolitical elements also impact our actions as well – the offensive efficiency of law enforcement to be able to take coordinated actions to prevent, detect, investigate and disrupt the cyberthreat actors. We're looking at a change in that policing model."

As a specific example of Interpol embracing this theory, Jones said the org would be growing its network, with the action operations database in Singapore expanding further into Asia and South Pacific.

"We also have that in the Americas region," the director said. "So working from the global, to the regional to the local."

The Register has more on how the attacker interprets normal incident response techniques here; a piece on what it's like to be a ransomware negotiator here; and a guide to keeping your job when the malware hits, here. ®