Purchasing stolen credentials is so easy that anyone with a couple of hours of Google research and not many technical skills can do it according to Interpol cyber innovation and outreach project manager Steve Honiss.
Speaking at a Trend Micro event in Sydney, Honiss said that organised crime groups are using the Internet to communicate, sell their services, transfer money and identify victims.
“It has made it much harder for us as investigators and law enforcement officers and much easier for organised crime groups to operate,” he said.
Another problem that Interpol is facing what Honiss referred to as crime-as-a-service.
“Anyone in the room can go home or back to the office, get on to Google and within a couple of hours of research and not too much technical skills, you would be able to purchase a set of stolen credentials, use them to make online purchases where you could purchase the services of an organised crime group to carry out a distributed denial of service [DDoS] attack against a competing company,” he said.
Honiss shared an example of where a criminal group stole pre-paid debit cards and overrode the credit limit in 2014. The details were transferred to some blank cards and transactions were made from ATMs around the world. Within 24 hours, the group got away with US$45 million.
“It was very precise and quickly done. There was tremendous co-operation across the world on the part of the criminals. Unfortunately the crooks seem to be much better at this sort of thing than those of responding to crime,” he said.
Honiss said there is a need for law enforcement agencies to improve networks and processes for investigating international cyber crime.
He said that all of the companies involved in cyber space are spread across the world with a company in one country and data potentially stored in another one.
“The law is inconsistent between countries. The way that police agencies deal with these sorts of issues is inconsistent. It’s a bit like one team playing rugby union rules and the other team playing rugby league,” said Honiss.
“We put a lot of effort into trying to get countries to work on the same page.”
For example, in 2012 a Scottish teenager committed suicide after an online dating scam.
“He met a girl online and there were some video activities. He was threatened that if he didn’t pay up online the video would be released to his family so he threw himself off a bridge.”
The problem was that the victim was in Scotland and the offenders were in the Philippines. The money that the victim sent had gone through a number of countries.
“We set up an operation called Strikeback and brought in law enforcement professionals from five different countries and three private companies to Singapore.”
Working together, the authorities arrested 58 suspects in The Philippines and electronic evidence was seized.
Follow Hamish Barwick on Twitter: @HamishBarwick