Mouse trap

Photo by Angelo Failla on flickr
13 June 2013
Photo by Angelo Failla on flickr.


Combating cybercrime has become a game of digital cat and mouse, writes BELINDA CRANSTON

Had the man responsible for wrapping a fake collar bomb around Maddie Pulver's neck heard of The Onion Router, he may have eluded police who arrested him after they traced his ransom note.

Paul Peters broke into the Sydney schoolgirl's lower north shore home in August 2011, attached the device to her neck, and pinned an extortion letter to her chest.

But the email address he sent his letter from saw him come undone.

Police discovered Peters had logged onto his Gmail account via a computer at a NSW Central Coast library, by identifying its unique IP (internet protocol) address.

CCTV footage viewed around the time the account was accessed led to Peters' arrest.

Cybercrime analyst Dr Mamoun Alazab, from the ANU College of Asia and the Pacific, knows a thing or two about the tactics people use to avoid alerting authorities to dubious online activity.

Part of his work at the College’s Regulatory Institutions Network (RegNet) involves working in conjunction with the federal government to identify emerging patterns in organised cybercrime.

According to Alazab, offenders are typically young men under the age of 35, without tertiary qualifications.
Alazab also knows that skilled hackers, whether they be employed by the state, a criminal organisation, or working alone, are adept at concealing the physical location from which they operate.

"You don't need to have great skills in IT to be a hacker,” Alazab points out.

“You don’t even need to be a great criminal. That's why young people are involved in hacking."

To prove his point, he demonstrates how easy it is to hide one's true IP address, simply by typing “The Onion Router” (Tor) into a search engine like Google, and clicking on a few relevant links.

Originally developed by the US Navy to permit intelligence agents to use the Internet without being traced, Tor is an encrypted re-routing service designed to obscure the original source of an email or website.
Sometimes used by journalists for communicating safely with whistle-blowers and dissidents, cybercriminals find it attractive because it enables them to anonymously access websites hosting nefarious and often illegal content.

Such sites include the Silk Road, often referred to as the eBay of illegal drugs, which enables users to purchase illicit substances such as cocaine.

In China, where Google is forbidden, people regularly use Tor to bypass online censorship, Alazab says. Tor cannot be monitored and regulated, he says, and any mention of the “Internet” and “regulation” in the same sentence is a touchy subject.

“It could be shut down by authorities,” he says, but such action would most likely only result in another service replacing it.

The rise of cybercrime
Researchers from the ANU Cybercrime Observatory – a RegNet research project – attribute a growth in the scale and scope of cybercrime since the mid-2000s to the proliferation of "botnets" – a network of individual computers infected with malicious software and controlled as a group without the owner’s knowledge.

In a recent report, Crime in Cyberspace, the research team note that targeted computers are hacked into when the victims open a seemingly benign email message,  enabling access to data including bank account numbers and password details.

One of the largest known botnets – the Mariposa - infected and controlled up to 12.7 million personal computers.

The computers were spread among 190 countries, allowing ringleaders of the botnet access to credit card details and online banking credentials, as well as sensitive data from the hard drives of the machines.

While many types of cybercrime require a high degree of organisation and specialisation, digital technology has empowered individuals as never before.

“Teenagers acting alone have succeeded in disabling air traffic control systems, shutting down major e-retailers, and manipulating trades on the NASDAQ stock exchange”, write the report authors.

Organised cybercrime and national security
The vulnerability of government secrets to theft was recently highlighted when blueprints for ASIO’s new $630 million headquarters in Canberra were allegedly stolen by Chinese hackers.

Professor Desmond Ball, from the Strategic and Defence Studies Centre in the ANU College of Asia and the Pacific, suggested the theft meant China could bug the building.

"At this stage with construction nearly completed you have two options," he told ABC television’s Four Corners.

"One is to accept it, and practice upmost sensitivity even within your own headquarters.

"The other, which the Americans had to do with their new embassy in Washington when it was compromised ...was to rip the whole insides out and to start again."

It is unclear when the attack on ASIO took place, or indeed if Chinese hackers were the culprits.

One thing that is clear is that cyber-attacks which threaten national security have been "an open secret for some time," according to  RegNet criminologist, Professor Roderic Broadhurst.

In 2011, malicious software known as Stuxnet corrupted communications and control systems at Iran's Natanz nuclear facility.

The sabotage was the joint work of US and Israel national security agencies.

Since then, countries have been actively engaged in both defensive and offensive activities in cyberspace.

"And that is only likely to increase in the coming years," says Broadhurst.

The vulnerability of government secrets to theft was most vividly illustrated by the publication of some 400,000 US State Department diplomatic cables by the organisation Wikileaks. It is unlikely that the duplication and widespread dissemination of such a large body of information could have occurred without digital technology, Broadhurst notes.

Dealing with the culprits
In conjunction with the federal government, the ANU Cybercrime Observatory is analysing large domestic and international samples of spam emails that have been collected over a few years. The objective of the study is to classify spam emails depending on whether they contain malware as an attachment, malicious URLs (uniform resource locator), or are merely annoying communication that causes no harm to a computer.

From there, the study hopes to determine which types of spam email are most dangerous, so that prevention strategies can be developed to better avoid computers being compromised.

Tracing those responsible for large scale attacks is unlikely to be achieved without global cooperation.

“Reaching a global consensus on how to control cybercrime, let alone national security or anarchist motivated activities in cyberspace has proven elusive,” says Broadhurst.

“Attempts to create a binding UN convention or treaty appear unlikely to be resolved any time soon.”

One such attempt was aborted in 2010, when a proposal for a treaty on global cybercrime was rejected by the UN because Russia, China and a number of developing countries could not reach an agreement with the US, Canada, the UK and the European Union.

Sometimes counter hacking is employed to deal with culprits, as an alternative to alerting law enforcement agencies. The greater the skills of the vigilante, the greater the damage they can inflict. On April 25, 2013, for example, a loose collective of anarchists known as Anonymous took down several child pornography websites.

When governments and corporations realise they have been targeted, Desmond Ball doesn't recommend disabling or vandalising the offending site.

"If you find out that someone is running an intelligence operation against you, you rarely close it down," he says.

Rather, he believes offenders should be sent "low level chicken feed information."

"And then from time to time you feed them something that is really wrong, that really disrupts them," he says.

As pointed out by ANU Cybercrime Observatory’s recent report, there is only so much that can be done.

Many tools, techniques and processes are available to assist police and network defenders, but they are limited.

Offenders are becoming increasingly difficult to track, and the risk of arrest or intervention are generally so low as to constitute little or no deterrence.

While a growing number of experts believe cybercrime has become the domain of organised groups and the days of the lone hacker are past, little is yet known about the preferred structures and longevity of groups, how trust is assured, and the relationship with other forms of crime.

Until further research is undertaken, combating cybercrime will remain a digital game of cat and mouse, whereby potential victims will need to keep evolving technologies to address new types of attacks.


Updated:  24 April, 2017/Responsible Officer:  Dean, ANU College of Asia & the Pacific/Page Contact:  CAP Web Team