Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

John Moore
Show Hide image

The man who created the fake Tube sign explains why he did it

"We need to consider the fact that fake news isn't always fake news at the source," says John Moore.

"I wrote that at 8 o'clock on the evening and before midday the next day it had been read out in the Houses of Parliament."

John Moore, a 44-year-old doctor from Windsor, is describing the whirlwind process by which his social media response to Wednesday's Westminster attack became national news.

Moore used a Tube-sign generator on the evening after the attack to create a sign on a TfL Service Announcement board that read: "All terrorists are politely reminded that THIS IS LONDON and whatever you do to us we will drink tea and jolly well carry on thank you." Within three hours, it had just fifty shares. By the morning, it had accumulated 200. Yet by the afternoon, over 30,000 people had shared Moore's post, which was then read aloud on BBC Radio 4 and called a "wonderful tribute" by prime minister Theresa May, who at the time believed it was a genuine Underground sign. 

"I think you have to be very mindful of how powerful the internet is," says Moore, whose viral post was quickly debunked by social media users and then national newspapers such as the Guardian and the Sun. On Thursday, the online world split into two camps: those spreading the word that the sign was "fake news" and urging people not to share it, and those who said that it didn't matter that it was fake - the sentiment was what was important. 

Moore agrees with the latter camp. "I never claimed it was a real tube sign, I never claimed that at all," he says. "In my opinion the only fake news about that sign is that it has been reported as fake news. It was literally just how I was feeling at the time."

Moore was motivated to create and post the sign when he was struck by the "very British response" to the Westminster attack. "There was no sort of knee-jerk Islamaphobia, there was no dramatisation, it was all pretty much, I thought, very calm reporting," he says. "So my initial thought at the time was just a bit of pride in how London had reacted really." Though he saw other, real Tube signs online, he wanted to create his own in order to create a tribute that specifically epitomised the "very London" response. 

Yet though Moore insists he never claimed the sign was real, his caption on the image - which now has 100,800 shares - is arguably misleading. "Quintessentially British..." Moore wrote on his Facebook post, and agrees now that this was ambiguous. "It was meant to relate to the reaction that I saw in London in that day which I just thought was very calm and measured. What the sign was trying to do was capture the spirit I'd seen, so that's what I was actually talking about."

Not only did Moore not mean to mislead, he is actually shocked that anyone thought the sign was real. 

"I'm reasonably digitally savvy and I was extremely shocked that anyone thought it was real," he says, explaining that he thought everyone would be able to spot a fake after a "You ain't no muslim bruv" sign went viral after the Leytonstone Tube attack in 2015. "I thought this is an internet meme that people know isn't true and it's fine to do because this is a digital thing in a digital world."

Yet despite his intentions, Moore's sign has become the centre of debate about whether "nice" fake news is as problematic as that which was notoriously spread during the 2016 United States Presidential elections. Though Moore can understand this perspective, he ultimately feels as though the sentiment behind the sign makes it acceptable. 

"I use the word fake in inverted commas because I think fake implies the intention to deceive and there wasn't [any]... I think if the sentiment is ok then I think it is ok. I think if you were trying to be divisive and you were trying to stir up controversy or influence people's behaviour then perhaps I wouldn't have chosen that forum but I think when you're only expressing your own emotion, I think it's ok.

"The fact that it became so-called fake news was down to other people's interpretation and not down to the actual intention... So in many interesting ways you can see that fake news doesn't even have to originate from the source of the news."

Though Moore was initially "extremely shocked" at the reponse to his post, he says that on reflection he is "pretty proud". 

"I'm glad that other people, even the powers that be, found it an appropriate phrase to use," he says. "I also think social media is often denigrated as a source of evil and bad things in the world, but on occasion I think it can be used for very positive things. I think the vast majority of people who shared my post and liked my post have actually found the phrase and the sentiment useful to them, so I think we have to give social media a fair judgement at times and respect the fact it can be a source for good."

Amelia Tait is a technology and digital culture writer at the New Statesman.