Syndicates wreak havoc in cyber space
The prominent hacks that dominated South African headlines recently have been masterminded by syndicates and not the traditional organised crime groups, according to Jason Jordaan, principal forensic scientist at DFIRLabs.
He was speaking this morning during the ongoing ITWeb Security Summit 2015, in Midrand.
According to Jordaan, these hacks were once-off events perpetrated by syndicates, unlike the organised cyber crime groups that dominate international headlines. "The reported South African hacks were not that complex; the cyber criminals simply manipulated the people who were inside."
He said syndicates are not a real threat, unlike organised crime groups. "A syndicate is a group of individuals or organisations combined to promote some common interest.
"Organised crime can be defined as serious crime planned, co-ordinated and conducted by people working together on a continuing basis. Their motivation is often, but not always, financial gain. Organised criminals working together for a particular criminal activity or activities are called an organised crime group.
"In organised crime, we don't talk about groups like Anonymous, but groups like the Italian mafia, the US mafia, Russian mafia, drug cartels and such-like. Groups that are motivated by money - power and money are their main reason for existence."
Jordaan said organised criminal gangs are increasingly moving into cyber crime because it is relatively easy to carry out. Cyber crime is also a volume business, which has low risk and high reward, he noted.
"Come to think of it - how many cyber crime cases have been successfully prosecuted in SA? Cyber criminals are well aware of the fact that their chances of getting caught are so low."
Jordaan also revealed organised cyber crime groups have become more diversified, making use of specialised hackers, malware coders, and IT support. They rely heavily on intelligence and counter-intelligence to evade law enforcement.
"The adversaries we are fighting are not just a bunch of computer guys, but are diversified. Often, they pay good money for specialised skills, even better than law enforcement."
In organised cyber crime, corruption is the facilitator, Jordaan explained. "If you think of South Africa, with our endemic corruption, we can be a fertile hunting ground." Organised cyber crime groups also make use of expendable assets, like money mules, making the real perpetrators of the crime evasive.
From an investigations point of view, Jordaan said, it is difficult to make headway against organised cyber crime, as it usually involves many jurisdictions. To exacerbate the situation, the investigations involve bureaucratic red tape, which allows the criminals to be a few steps ahead of law enforcement.
"All the bureaucratic processes take time, and by the time the law enforcement tries to catch up, the criminals would have moved. As long as we continue to play the trace-the-dots game with the organised crime, we will never catch up."
Another problem with investigating organised cyber crime is the investigations are always reactive rather than proactive, Jordaan noted.
Most investigations are done in silos, he said. In SA, for example, there are many units, like the Specialised Commercial Crime Unit, the South African Revenue Service and the Special Investigating Unit, which all tackle crime from different perspectives. The country must have an investigative unit that specifically fights against organised cyber crime, he urged.
The other concern in SA is investigations against cyber crime are hugely under-resourced, said Jordaan, adding most of the resources go towards contact crimes like assault, rape and murder. "The problem in South Africa is the majority of the population do not have access to the Internet, so resources in the fight against cyber crime tend to be low."
In order to combat organised cyber crime, Jordaan called on organisations to adopt an organised crime boss mentality. "Think like an organised crime boss to identify your information systems assets and data that would have value to you. Think like an organised crime boss to identify the vulnerabilities and how to exploit them."
He also called on companies to develop shared threat intelligence platforms and networks. "If we don't share information, we are just as bad as the bad guys," he concluded.