Leading the Fight against Cybercrime
Over the past year, the suspicious phone calls, text messages and emails have gone from a steady stream to a flood. It’s become harder than ever to tell the obvious scams from legitimate communications by banks, couriers and other businesses.
At UCD, Dr Cormac Doherty, cybersecurity programme manager at the UCD Centre for Cybersecurity and Cybercrime Investigation (CCI), has been investigating cybercrime and cybersecurity since its establishment in 2006. Dr Doherty, who studied computer science at UCD, says that online criminals are usually out to make money or prestige among other hackers or criminals, putting states, companies and individuals at risk. “When the CCI came into formal existence, it was established with the aim of supporting law enforcement in the fight against cybercrime,” he explains. “Our initial efforts were in developing training material and teaching law enforcement officers how to carry out forensic investigations on devices including servers and PCs and has gone from the early Nokia mobiles to smartphones. We also offered an operational support element on active investigations.”
With forensic software often quite expensive, CCI has turned to open-source software for digital forensics investigations. “We have provided training to law enforcement on this basis,” says Dr Doherty. “This has been well regarded within the EU, and we have worked with the European Cybercrime Education and Training Group to develop training.”
As well as hackings, ransoms and fraud, criminal investigations now routinely involve a cyber element: finding evidence in text messages or email conversations, searching computers for evidence, and using cell tower data to pinpoint locations.
“Our training has helped investigators to forensically examine phones and request call data and cell tower records, and a strong Garda Computer Crime Investigation Unit has grown out of that,” says Dr Doherty. “We draw a distinction between the two halves of our work: criminal investigation but also crime prevention. I focus on the cybersecurity side, which initially involved working with the Department of Communications, then establishing the national CSIRT (Computer Security Incident Response Team) as well as the National Cyber Security Centre, where I was embedded until 2019.” The need for CSIRTs grew in the aftermath of the Stuxnet attack on Iran’s nuclear enrichment programme, which involved a malicious computer worm that subtly modified the nuclear centrifuge. Widely believed to be an attack by the US and Israel – although neither country has ever admitted responsibility – it may be the first time one nation state has been attacked by another. The EU and US issued directives and established agencies to protect Critical Infrastructure, and in a particular Critical Information Infrastructure.
“It brought to the fore the need to take cybersecurity seriously, and one of the EU responses was to promote CSIRTs, with every member state obliged to have one in order to serve as a national point of contact for other member states to receive reports of malice originating within their borders. This means, for instance, that if an Irish computer had been hijacked and was being used to attack a French bank in a DDoS (denial of service) attack, authorities could attempt to get it stopped. My work with the Department of Communications was to establish this capability here, and this involved the Government, Garda, defence forces and financial services sector.
Dr Doherty says, however, that the State needs to take the threat more seriously by increasing the role and remit of the National Cyber Security Centre, with weaknesses so harshly exposed by the HSE cyberattack. He has also served as Technical Adviser to the BPFI’s (Banking and Payments Federation of Ireland) High-Tech Crime Forum for more than a decade. Over that time, attacks on physical hardware such as ATMs and cash-in-transit vans have decreased due to improvements in operational security but, at the same time, cybercrime and crime with a digital footprint has increased.
Because of the speed at which these attacks take place, we use automated exchanges of threat intelligence and these are shared between financial institutions who would, in the normal course, be competing with each other.
While organisations and states are very aware of the need for improved online security, individuals are also at risk. “It is very difficult to stay on top of every single technical loophole an attacker might be able to use to access your systems,” he says. “DDoS attacks, vulnerability exploits, phishing, smishing (where fraudsters use mobile phone messages to trick you into opening a malicious attachment or link, often purporting to be from your bank, phone company or a government department such as Revenue) and other ‘social engineering’ attacks that lure victims into a false sense of security are among the tools that criminals may use.”
“There is great value to a compromised account and everything on the internet has a value,” he says. “It is frightening how much information is available about you online that you’re not aware of. There are so many opportunities to exploit, but this is not readily understood by people who are not au fait with cybercrime. If your data is hacked, information can be dumped on the net which is then collected by hackers who may have access to passwords that you use across multiple sites, which is why I always advise people to use password managers and two-factor authentication which can check that it is really you logging in or authorising a payment. You’d also be surprised at the most common password people use on their accounts: password or password1234. Millions of attempts at hacking may be made every second, but if the hackers even achieve a one per cent success rate, that is a worthwhile return for them.”
Has your data been compromised? Check at www.HaveIBeenPwned.com
Dr Cormac Doherty was in conversation with Peter McGuire, BA (2002), MLItt (2007), freelance journalist and regular contributor to The Irish Times.