Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Getty
Show Hide image

The Taliban's succession crisis will not diminish its resilience

Haibatullah Akhunzada's appointment as leader of the Taliban may put stress on the movement, but is unlikely to dampen its insurgency. 

After 19 years under the guidance of the Taliban’s supreme leader Mullah Omar, the group has now faced two succession crises in under a year. But although Haibatullah Akhunzada’s appointment as leader of the Taliban will likely put stress on the movement, it shows few signals of diminishing its renewed insurgency.

The news pretty much ends speculation about former leader Mullah Akhtar Mansour’s death in a US airstrike in Pakistan’s south-western Baluchistan province, which was criticised by Islamabad as a violation of its sovereignty.

The Taliban would have prepared extensively for this eventuality. The fast appointment, following days of intense council, appears to be a conspicuous act of decisiveness. It stands in contrast to the two-year delay the movement faced in announcing the death of the Mullah Omar. It will be not be lost on the Taliban that it was subterfuge around the death of Mullah Omar that caused the fracture within the movement which in turn led to the establishment of an ISIS presence in the country.

The appointment is a victory for the Taliban old guard. As former head of the Taliban's judiciary and Mullah Mansour’s deputy, in many ways, Haibatullah is a natural successor. Haibatullah, described by Afghanistan expert Sami Yousafzai as a “stone age Mullah,” demonstrates the Taliban’s inherent tendency to resort to tradition rather than innovation during times of internal crisis.

The decision taken by the Taliban to have an elder statesman of the group at the helm highlights the increasing marginalisation of the Haqqani network, a powerful subset within the Taliban that has been waging an offensive against the government and coalition forces in northwest Pakistan.

Sirajuddin Haqqani, the leader of the Haqqani network who already has a bounty of 5 million dollars on his head, was touted in some Taliban circles as a potential successor, however the decision to overlook him is a conservative move from the Taliban. 

The Taliban’s leadership of the jihad against the Afghan government is hinged on their claims to religious legitimacy, something the group will hope to affirm through the Haibatullah’s jurisprudential credentials. This assertion of authority has particular significance given the rise of ISIS elements in the country. The last two Taliban chiefs have both declared themselves to be amir ul-momineen or ‘leader of the faithful,’ providing a challenge to the parallel claims of ISIS’ Abu Bakr al-Baghdadi.

Any suggestions that Mansour’s death will lead to the unravelling of the Taliban are premature. The military targeting of prominent jihadi leaders within group structures has been seen in operations against the leadership of ISIS, al-Qaeda in the Arabian Peninsula, al-Qaeda in the Islamic Maghreb, and other groups.

In recent research for the Centre on Religion & Geopolitics, we found that it is often less prominent jihadis that play an integral role in keeping the movement alive. Targeted killings do create a void, but this often comes at the expense of addressing the wider support base and ideological draw of militant outfits. This is particularly relevant with a relatively decentralised movement like the Taliban.

Such operations can spur activity. If the example of the Taliban’s previous leadership succession is to be heeded, we might expect renewed attacks across Afghanistan, beyond the group’s strongholds near the eastern border with Pakistan. The brief capture of Kunduz, Afghanistan's fifth-largest city, at the end of September 2015, was a show of strength to answer the numerous internal critics of Mullah Mansour’s new leadership of the movement.

In a news cycle dominated by reports of ISIS, and to a diminishing extent al-Qaeda, atrocities, it is important to comprehend the renewed brutality of the Afghan insurgency.  Data from the Centre on Religion and Geopolitics Global Extremism Monitor found a seventeen per cent rise in fatalities from March to April, marking the start of the Taliban’s spring fighting season. A suicide attack in central Kabul on the headquarters of an elite military unit that killed 64 people was the single most deadly act of terror around the world in the month of April, and the group’s bloodiest attack in the Afghan capital for years. Reports this morning of a suicide attack on a bus killing 10 staff from an appeal court west of Kabul, suggests that the violence shows no sign of diminishing under the new leadership.

All these developments come during a period of renewed impetus behind international peace talks. Last week representatives from Pakistan were joined by delegates from Afghanistan, the United States, and China in an attempt to restart the stalled negotiation process with the Taliban.

Haibatullah Akhunzada’s early leadership moves will be watched closely by these countries, as well as dissonant voices within the movement, to ascertain what the Taliban does next, in a period of unprecedented challenge for the infamously resilient movement. 

Milo Comerford is a South and Central Asia Analyst for the Centre on Religion and Geopolitics