Consider the scenario where your CEO’s laptop gets infected with the latest Ransomware variant and she’s lost the last year’s-worth of accounts, customer meeting records, emails to the board and some other vital, strategic plans. This could be a disaster and could cost thousands of dollars to recover from – and in some cases, companies end up negotiating with the criminals to pay the ransom, especially if they believe there is a chance they will get their data back. Yet, what seems here like an obvious crime often doesn’t get reported. Why should cybercrime be treated any differently to any other form of crime?
Several contributing factors result in cybercrime being treated differently, both from the victim’s point of view and from law enforcement’s perspective. Let’s look at some of the problems law enforcement has when investigating cybercrime, along with the issues related to reporting these crimes.
A Very Modern Scourge
As a first-world country, Australian citizens use technology in almost every aspect of our lives. As a result, we are all prime targets for the burgeoning blight of cybercrime that is unrelentingly proliferating online. And there is no end in sight as every day we hear of new attacks and newly discovered vulnerabilities that leave our systems exposed to online threats. Data breaches are also growing in severity and size, placing more and more of us at risk of financial loss and the more protracted threat and consequences of identity theft.
The more connected we become, the greater these risks – in fact, cybercriminals are now offer hacking-as-a-service which makes attacking someone easy; all you need to launch an attack is a few hundred dollars to fund the “contract”. Australia and the rest of the world needs to get better at responding to cybercrime and assisting victims as they deal with the fallout of the crime.
Back in 2013, the Attorney-General’s Department published the National Plan to Combat Cybercrime[1].
“Online, criminals can commit crimes across multiple borders in an instant and can target many victims simultaneously. Tools that have many legitimate uses, like high speed internet, peer to peer file-sharing and sophisticated encryption methods, can also help criminals to carry out and conceal their activities. Despite these challenges, cybercrime is still a form of crime and requires a long term, sustained response from Australian governments.”
Attorney-General’s Department, 2013
Some analysts estimate the annual cost of cybercrime will rise to $2 billion (USD) by 2020, a figure which doesn’t account for many of the hidden and indirect costs, such as the longer-term loss of productivity or reputation, as well as any counselling for the personal violation people feel after identity theft. It is in fact very hard to attribute a fiscal value to the emotional harm caused by identity theft, especially given there is no historical data relating to claims or lawsuits to draw upon.
How Will a Cybercrime Be Handled by the Police?
The response you are likely to get from law enforcement when you call them about a ransomware infection or a data breach might, at first, seem underwhelming. However, it’s important to understand the problem law enforcement faces when dealing with cybercrime to see how your case factors into this national (and international) issue.
But let’s take a step back. Where do you even report a cybercrime? If it’s a more serious crime, such as theft, child exploitation or terrorism, you would call your local law enforcement agency and they would escalate to the Federal police if required. For lesser crimes, such as a ransomware attack, the police simply won’t have the manpower to investigate. In fact, many attacks originate offshore, with organised criminal gangs from Eastern Europe, Russia or South America being responsible for a campaign targeting and infecting many thousands (or tens of thousands) of victims.
It’s impossible for local law enforcement to investigate crimes originating from Ecuador – the escalation path here would be via the Federal Police, then to Interpol. It’s at this stage you can see the scale of the issue – that’s three levels of escalation to an international agency before handing back off to local law enforcement in another country. Would they have the resources to do this for every victim of hacking?
At a national level, several government agencies are involved. State and Territory police departments retain responsibility for cybercrimes that are targeting individuals, businesses and government systems within their jurisdictions, while Commonwealth agencies focus on cybercrime affecting critical infrastructure and Federal Government victims. Outside of law enforcement, a few ancillary agencies get involved, like consumer protection and offices of fair trading. CERT Australia (Australia’s national Computer Emergency Response Team) is the first point of contact for industry and coordinates the response with national agencies such as ASIO and AFP.
ACORN
If you do call the police after your ransomware infection, your local law enforcement contact will likely direct you to the Australian Cybercrime Online Reporting Network (ACORN[2]). ACORN was established as a data collection capability (and information repository) by the Commonwealth, State and Territory governments. Their primary function is to produce a more accurate set of metrics about the extent of harm cybercrime causes in Australia. Certain crimes will be dealt with urgently, redirected to specific law enforcement teams that have the resources to respond. But not all reports will lead to an investigation – ACORN clearly explains that only serious incidents will lead to an investigation. Every report is helpful in compiling national statistics that allow the police to build a clearer picture of cybercrime trends across the nation, which assists in agencies seeking funding for new initiatives to tackle the problem. If they can focus on tackling the source of the crimes rather than each individual attack, then it keeps everyone safe. Your own report could help, even if it seems inconsequential in your eyes, it could provide crucial evidence that assists investigations at a national scale.
Conclusion
Cybercrime is growing at an alarming rate and the proliferation of new devices connecting to the Internet exacerbates the problem. Jurisdictional issues and the vast number of miniscule crimes make it impossible to investigate every incident, so police encourage victims to report what’s happened using ACORN. Accurate statistics on cybercrime helps government agencies understand the scale of the problem and allows them to lobby for additional funds to support larger scale investigations and international collaboration.
Cyber Insurance
Organisations are opting to invest in cyber insurance to offset the costs of a breach. Cyber insurance can fund incident response teams and cover tangible losses, so it’s worth getting good advice on how cyber insurance can be used to de-risk your business’s exposure to these sorts of crimes.
[1] https://www.ag.gov.au/CrimeAndCorruption/Cybercrime/Documents/national-plan-to-combat-cybercrime.pdf
[2] https://www.acorn.gov.au/