Europol highlights Bitcoin & dark net cyber security challenges

Cyber crime

The head of Europol's European Cybercrime Centre (EC3) has warned the rise of Bitcoin-like digital currencies and the dark web will make it harder to bring cyber criminals to justice in the future.

Speaking at the Infosecurity Europe Event in London earlier today, Troels Oertring said the rate at which new, and increasingly sophisticated, forms of malware are being produced makes it almost impossible for end users to protect themselves.

"The development of malware is so fast that no protection system will enable us to protect ourselves. The attack surface is widening, and even though good companies like Trend Micro and McAfee and other ones are doing what they can to secure infrastructure, I think it's very difficult [to lock things down]," said Oertring.

And even if they do manage to keep the bad guys out, the chances are they'll find another way of getting through, he warned.

"Social engineering [analysis] will show us that if [attackers] can't infiltrate a bank because their security is too tight, [they] will find their consultants, their lawyers ... and they have copies of all the [required] information, so they move in from that direction."

Much of the malware that makes this kind of attack possible is being produced by criminal gangs who rigorously test it against anti-virus tools to see if it can bypass their detection tools.

The development of malware is so fast that no protection system will enable us to protect ourselves

Samples that successfully manage to slip through the net are then sold on to similarly shady characters, in a process the industry has dubbed cybercrime-as-a-service.

A lot of these groups operate on the Dark Net and utilise digital currencies, such as Bitcoin, which makes their activities almost impossible to trace, explained Oertring.

"Most of the activity from the top echelons of the criminals of the internet is done by utilising the dark net and the anonymity that gives," he said.

"We are also seeing [digitial currencies] being utilised, which also makes it even more difficult for us to [apply] the old mantra of follow the money' and you'll find out who is responsible."

The internet also makes it possible for cyber criminals to carry out attacks across long distances, which obliterates the geographical links that traditionally link crime scenes to perpetrators.

In cases where it is possible to track down those responsible, they might be based overseas in countries where the extradition of suspects is nigh on the impossible.

"They [criminals] might operate from countries that are out of our reach, and if we can identify them, how will we then prosecute them?

"The only thing we can do is send the case over and hope [that country's police force] will prosecute or we do it in the good old-fashioned police way and wait until they leave and catch them in a country that will extradite them.

"This is difficult and cumbersome for us to work in that way," he added.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.