Subscribe

Cops fight evolving cyber threat

Audra Mahlong
By Audra Mahlong, senior journalist
Security Summit 2009, 27 May 2009

Cyber crime-fighting efforts have to be improved, or SA could face a bigger problem in 10 years, says the South African Police Service (SAPS).

Speaking at the 2009 ITWeb Security Summit, in Midrand, yesterday, Charles Maree, a detective with the police's Cyber Crime Support Service, says the threat is evolving and law enforcement efforts need to be stepped up.

“The perception of a hacker has changed completely over the years. So the cyber threat has changed. These people are highly skilled individuals who have a passion for what they do. They don't want to get caught,” he said.

According to Maree, the challenge for the SAPS is to keep up with developments in the cyber crime world. Criminals are up to date with encryption, software and the latest technology, he noted, and most investigations cannot avoid the role technology plays.

“The specialised units that work in organised crime need support. If I would ask them what a Trojan is, they wouldn't be able to answer me, because they specialise in what they do. So, we needed a unit to assist these units to understand the technology, how it works and to explain it to a prosecutor.”

From an investigative perspective, understanding technology has become vital, he added.

“There have been cases where encrypted messages are hidden in text in pictures. If you don't know what to look for, you'll never find anything.”

The unit

According to Maree, the unit has had some successes, but challenges remain. While the unit's operations are quite secretive, the public needs to be aware of government agencies and institutions that combat cyber crime, he explained.

“We don't catch everybody. In some cases, there's just not enough evidence. If we look at the backlog of cases we have, the number of cases we have on our forensic side, it's going to be quicker to get a forensic auditor from the company [concerned to do the audit].”

The SAPS Crime Intelligence Division has nine offices in eight provinces supporting functional policemen. North-West is the only province without an office. Maree said this is due to a shortage of suitably qualified and experienced staff in the area.

The unit was established following the rise in incidents of cyber crime between 1990 and 1994. Maree explained this was due to the increasing popularity of the Internet and also because SA had no laws regulating online activities at the time.

Offices have proactive intelligence divisions, which investigate possible threats related to cyber crime, and a forensic division, a reactive unit for cyber crimes which have been committed.

Organised crime

Cyber criminals come in many forms, use increasingly advanced techniques and are mainly motivated by profit, he noted. The unit investigates all possible threats, including identity theft, malware attacks, phishing schemes, spam attacks and botnets. He said previous cases have shown that terrorists, industrial spies, organised crime syndicates and even activists are often behind cyber crime.

“We've got government spies, we've got terrorists, people who want to bring harm to this country, because they don't have the same political views. It's a serious threat. And they also use the Internet.”

Various modes of attack and communication are used, including instant messaging, Skype, newsgroups, e-mail, peer-to-peer networks and invisible Internet Relay Chat, Maree stated.

“With invisible Internet Relay Chat, node points are encrypted. So the connection to servers is encrypted and connections back to other users are also encrypted. For anyone trying to look at the content, it is more difficult to utilise smoking technology to get to the data packets.”

There is a misconception that terrorists do not know how the Internet works, he added. Several cases have revealed complicated encoding of videos, which could only be deciphered by specialists.

Share