third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Detailed section » 1 <strong>Cyber</strong> crime<br />
»<br />
1 <strong>Cyber</strong> crime<br />
<strong>Cyber</strong> criminals are a relevant cause of cyber security<br />
incidents. Organisations are affected by attacks, for<br />
example executed using malware or DDoS. This creates<br />
the impression that society is vulnerable in terms of IT.<br />
Furthermore, individual citizens are increasingly falling<br />
victim to cyber crime.<br />
1.1 Introduction<br />
Recent surveys on cyber crime in the <strong>Netherlands</strong> show that citizens<br />
nearly as often fell victim to ‘hacking’ as they did to bicycle theft.<br />
[47: Stol 2013]<br />
The latter is so wide-spread in the <strong>Netherlands</strong> that it is<br />
considered more of a nuisance than something the police can<br />
effectively counter. This development means that the trust in safe<br />
internet usage itself is in danger of being compromised. Therefore,<br />
law enforcement is becoming increasingly important on the<br />
internet. This is especially the case in areas where we see a shift<br />
from the physical world to the cyber domain, such as digital<br />
banking fraud replacing physical bank raids.<br />
In the past year, there has also been a lot of media coverage<br />
concerning cyber crime, i.e. criminal acts where IT is both means<br />
and target of the crime committed. A few sensational cases attracted<br />
a lot of attention. For example, the Groene Hart hospital suffered<br />
great difficulties because a hacker was able to download patients’<br />
medical records. During the reporting period, we saw a wave of<br />
public attention for DDoS attacks on vital infrastructures. The press<br />
also noticed that ransomware is becoming more professional and<br />
intimidating. Even on mainstream media the Pobelka outbreak<br />
spawned many a headline.<br />
In the police domain the Dutch National High Tech Crime Unit<br />
(NHTCU, or THTC in Dutch) is tasked at the national level with<br />
combating complex, innovative and/or undermining forms of<br />
cyber crime, often with a high impact on citizens or companies.<br />
The NHTCU also houses the Electronic Crimes Taskforce (ECTF, see<br />
box). The vast majority of cyber crime is not considered to be high<br />
tech crime, therefore law enforcement in these cases is assigned<br />
to the ten regional police units.<br />
Electronic Crimes Taskforce – collaboration to combat digital<br />
banking fraud<br />
The Electronic Crimes Taskforce (ECTF) is a collaboration<br />
between (among others) the four major banks in the country,<br />
the Dutch Association of Banks (NVB), the National<br />
Prosecutor’s Office (OM) and the police. This ‘banking team’<br />
brings together information and expertise to prevent and<br />
detect crime patterns. The team was formed to combat digital<br />
banking fraud more effectively, specifically phishing and<br />
banking malware. At the time of writing, ECTF was involved in<br />
fifteen investigations into digital banking fraud. Since ECTF’s<br />
start in 2011, more than one hundred suspects have been<br />
arrested, including press gangs, money mules and corrupt<br />
company employees.<br />
1.2 Criminal actors<br />
One distinguishing quality between cyber criminals is the level<br />
of their knowledge and skills. The driving force behind new<br />
developments in the area of cyber crime is a relatively small group<br />
of specialists within the entire collection of perpetrators. They have<br />
an exceptionally high level of knowledge and expertise, enabling<br />
them to develop sophisticated attacks.<br />
Closed criminal networks include increasing numbers of hardened<br />
professionals. Today’s cyber criminals operate internationally and<br />
appear to be increasingly associated with organised crime offline.<br />
Because concealment is paramount to their activities, it is impossible<br />
to estimate the number of cyber criminals that are active.<br />
<strong>Cyber</strong> criminals do not generally act alone: they communicate,<br />
mostly online, in order to exchange tactics and to use one another’s<br />
expertise and tools. This collaboration also enables criminals<br />
to specialise in a specific aspect of the criminal process. More and<br />
more, criminals are using tools like Tor, allowing them to surf the<br />
internet anonymously, and for payment they utilize virtual<br />
currencies that do not require identification, such as bitcoins.<br />
Besides professional cyber criminals, so-called script kiddies are<br />
increasingly causing damage to society. These unskilled hackers,<br />
who have limited technical knowledge and no realistic insight into<br />
their actions, are generally using techniques and tools devised and<br />
developed by other people.<br />
A final group of relevant actors are the facilitators, who are<br />
intentionally or unintentionally providing the services that are<br />
being used to commit cyber crime. Thus, these facilitators contribute<br />
to the <strong>Netherlands</strong> having become a transit country for cyber<br />
crime. As regards facilitators, the NHTCU primarily aims at hosting<br />
providers and virtual payments processors. Legitimate providers<br />
55