Cybercrime is a honeypot – rise of the red team

By Tony McDonald

As an Ambassador for Cambridge Online, a charity aiding people to acquire new digital skills I attended the Cambridge Network event on cybercrime.  Cyber security is a hot topic in everybody’s world.  There are so many ways that security can be breached and with new technology and the IoT criminals can find ever imaginative ways to dupe people and/or hack your stack!  In this fast moving world of technology, what can we do to protect businesses and ourselves? The Bedfordshire-Cambridgeshire-Hertfordshire Strategic Policing Alliance sponsored and spoke at the event. They aim to recruit more police Cyber Specials, backing up the need for them with statistics.


As either individuals or businesses, do we use technology badly?
Dr Richard Clayton from the University of Cambridge and Director of Cambridge Cybercrime Centre, one of the speakers at the event, suggested that as technology advances people try to protect themselves in the same way they have always done, which might lead to problems.  In other words, we need to ask ourselves are we using technology badly; are we leaving ourselves open to attack?  While I sat in the audience listening to the speakers, I felt a little offended that I might be using technology badly; nevertheless, it is a good question.  For instance, do we always remember to sign out?  I then looked around the room and wondered how many people locationhad broadcast to the world about where they were going this evening by either posting the fact on social media or by posting their location on Facebook to all their followers, effectively hanging a sign up saying no one is in their house.  I also began to think about encryption, the process of scrambling data, which can then be unlocked so it makes sense again.  How many people encrypt their emails?  What file permissions do you files have?  Do people post passwords in emails?  With that in mind, let us ask ourselves again, do we use technology badly?

How do we use technology?
In continuation of this idea, I discussed this with Louise Rushworth from Cambridge Network over nibbles at the end.   One of the simplest things a person can do is to sign out unlockedafter using a website. Otherwise it is comparable to walking out of the house and leaving the door wide open for any would-be criminal to wonder in and take what they want.  Would any of us do that?  No, so why do so many people forget to sign out?

Furthermore, penetration testers, sometimes known as the red team or ethical/white hat hackers, can find holes in security, which can be beneficial to businesses’ security needs.   John Moore from ASSM asked me, ‘How many times do people check to see if they can still retrieve their data?’  We then went on to discuss how information is broken down into packets, labelled and sent on its way around the internet.

I mention this because when you save your data online it is not in a ‘cloud.’ It is stored physically on a hard disc somewhere in a data centre.  Data centres can be data-centrelarge or small and have racks and racks of hard drives all being backed up and those backups backed up again and again.  These data centres are places of high security with palm scanners and other high-tech security features, but your computer is not.  As I sank my teeth into a bit of French bread with green pesto, sundried tomatoes and cheese a realised the cybercriminal know this; they pray upon our complacency and sense of safety every time we use technology badly.  They also know people are not likely to report it out of embarrassment.  Sometimes people do use technology badly.


Who are cyber criminals?

As either individuals or businesses, do we know what type of person is committing this type of crime?  Alice Hutchings, also from the University of Cambridge and Cybercrime Centre here in Cambridge, shared the findings of her study with us.  Alice’s study revealed the police and other policing agencies committed 44% of the cybercrime!  alice-hutchings_smI looked around the very light and spacious room filled with smartly dressed people in amazement looking for their reaction.  Moreover, cybercriminals from outside the workplace were likely to be male. Workplace cybercrime, however, was a lot more even between the sexes.  In addition, if the victim is in the UK, the perpetrator is also likely to be from the UK although it was mentioned several times that West Africa appeared to have some big phishing scams, emails asking for your credentials with big promises,  directed at people outside of the African continent.  In reflection, the cybercriminal could be in a trusted position, male or female and likely to be in the same country as the victim.

To conclude, do we use technology badly and do we know what type of person is committing this type of crime?  As individuals or businesses, could we re-evaluate the way we use technology and see as the stereotypical cybercriminal?  Undoubtedly, the police will look for new skills to tackle the problem and advance their own red team, which is likely to need a continuation of funding, while hopefully you the reader will think carefully about how you use technology safely especially while online.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s