While the cyber-threat landscape continues to become more and more complex, it turns out that when it comes to good old-fashioned criminal masterminds, there are only about 100 of them on the cybercrime front.
That’s according to the head of EUROPOL’s European Cybercrime Centre, Troels Oerting. In an interview with BBC's Tech Tent radio show he said that most of the world’s serious cybercrime is being committed thanks to a "rather limited group of good programmers.”
"We roughly know who they are. If we can take them out of the equation the rest will fall down," he said.
To wit, Russia seems to be the nesting ground for those pulling the puppet strings of shadowy underground activity, he said. However, their reach, like the rest of the computing landscape, is no longer constricted by normal perimeters. Russian kingpins often run gangs that create the malware and then put it up for sale in criminal cyber-forums, thus making it accessible to smaller petty criminals that wouldn’t have the skills or resources to mount offensives from scratch on their own.
"[The malware] is downloaded by all kinds of criminals, from Eastern Europe, Europe, Africa and America," he said. "It is so easy to be a cyber-criminal. You don't have to be a cyber-expert because you just download the programs that you want to use.”
He said that it’s all rapidly changing the shape of law enforcement activity and approaches as well. "Criminals no longer come to our countries,” he explained. “They commit their crimes from a distance, and because of this I cannot use the normal tools to catch them. I have to work with countries I am not used to working with, and that scares me a bit."
In this, Oerting echoed previous comments made earlier in the year at a Check Point conference. “We used to define the threat area as being one of sea and land, air and space, he said, "but now we must add the fifth dimension of cyber-space—the only one that is manmade,” he said. “In cyber-space, criminals are able to attack anyone at anytime and anywhere. This is the biggest intellectual change in my 34 years as a police officer.”
Also, the number of top-level crime bosses is bound to proliferate, so time is of the essence in addressing the threat. "This is not a static number,” he told the BBC. “It will increase, unfortunately. We can still cope but the criminals have more resources and they do not have obstacles.”
That’s particularly true considering the sheer magnitude of the target surface: Oerting has pointed out that there are 2.7 billion people online today, with 4 billion expected by 2017. In tandem, there are 8 billion devices online, a number that is expected to at least triple to 24 billion in the same timeline. And in the internet of things (IoT) era, he explained, "we will all be online always. Processing power will double, bandwidth consumption will quadruple, and we will go from downloading content and applications to streaming everything all the time. And that, in turn, increases cyber-criminal capabilities almost exponentially."
Fortunately, Oerting said that EUROPOL has been successful of late in forging relationships with Russian authorities, including recently working with Moscow law enforcement on four big cybercrime cases, which he hopes will result in arrests and jail sentences.