Fighting cybercrime and the threat of script kiddies [Q&A]

0

Large-scale cyberattacks still have the power to make headlines, but cybercrime reporting and conviction rates remain low. Therefore, it is perhaps not surprising that more and more young people are getting involved in these illegal activities.

We spoke to Simon Newman, International Cyber ​​Expo Advisory Council Member and Managing Director of Cyber ​​Resilience Center for Londonto get his take on what needs to be done to improve reporting and change the mindset of “script kiddies” for the better.

BN: What are the reasons for low cybercrime reporting rates?

SN: I think there are several reasons why the reporting rate is so low. For organizations that fall victim to an attack, it’s understandable that their immediate priority is to minimize disruption and focus on getting back up and running as quickly as possible. This can mean engaging a wide range of internal and external stakeholders with the police, which is often an afterthought. I also think it’s fair to say that many companies probably don’t think the authorities can help them.

Another reason is that they may not consider the attack serious enough to report, or the number of attacks is so high that reporting every incident is simply not practical.

For individuals who are victims of cybercrime, there may be other reasons. For example, the person may feel embarrassed – perhaps because they have been the victim of a love scam. Another reason is that if they handed over money they may have been reimbursed by their bank and don’t feel it necessary to report it to the police.

Perhaps the most worrying trend, however, is that younger people in particular, who are by far the largest users of technology, are growing up expecting that falling victim to cybercrime is inevitable and, as a result, do not consider doing so Report .

BN: Do you think this will help keep cybercriminals from being brought to justice?

SN: Conviction rates are low and the lack of reporting certainly affects our understanding of the nature and scale of the problem, but I don’t think it has a significant impact on bringing cybercriminals to justice.

However, there are some challenges faced by the law enforcement community that can make it more difficult. For example, many criminals are based abroad, where different legal systems add complexity when attempting to bring them to the UK for trial.

There is also a challenge related to obtaining sufficient evidence to secure a conviction. Investigations are often lengthy, complex and require officers with specialist skills that are in high demand.

However, the UK police have had great success in fighting cybercriminals and continue to build their skills by working in partnership with others from government, the private sector and academia both here and abroad as part of the new National Cyber ​​Strategy.

BN: What can be done to help people report cybercrime and make it easier to seek justice?

SN: There has been a lot of work lately to improve the process for reporting a cybercrime through Action Fraud. It’s now much more intuitive, user-friendly and faster – which is definitely a step in the right direction that should make it easier for individuals and businesses to report cybercrime.

I also think we can do a lot more from a broader public policy perspective by being more proactive in raising awareness of the importance of reporting cybercrime and the different ways you can do it. For example, how many companies know about the Report Phishing add-in that you can install if you have a business or enterprise version of Microsoft 365? Or the NCSC’s Suspicious Email Reporting Service (SERS) at [email protected]? Or that you can forward phishing SMS to 7726?

To make it easier for victims to seek justice, I believe collaboration is key. Fighting cybercrime effectively requires a fully connected approach across the criminal justice system in the UK and internationally.

However, we must not lose sight of the importance of ensuring that victims receive the support they need after an attack. This is where Cyber ​​Resilience Centers can help them by reducing the vulnerability of small businesses to the most common types of cybercrime and giving them the tools to prevent them from becoming repeat victims.

BN: Can you explain the rising trend of script kiddies?

SN: Script kiddies are basically people who perform cyber attacks on other people’s code because they lack the skills or experience to develop their own code. They are behind some of the UK’s most high-profile cyberattacks, including that against Talk Talk in 2015. The term ‘kiddie’ is generally used to refer to their inexperience rather than their age, although many of them are in their teens.

It’s worth noting that not all screenwriting kiddies have malicious intentions — some of them aren’t even aware they’re committing a serious crime, but do so to brag about it or to brag to their friends. However, they are just as dangerous as more experienced cyber attackers.

The rise in script kiddie attacks is largely due to the accessibility and affordability of hacking tools on the web. Many of these tools can be easily found on online forums where you can find detailed instructions on how to deploy them. Script kiddies are also increasingly being used by organized crime gangs to carry out attacks on specific targets.

BN: How can society address this issue and what programs and initiatives are in place to stop this activity?

SN: We’ve seen children as young as nine commit some very serious crimes, so programs and initiatives aimed at distracting young people from cybercrime are an incredibly important part of the broader response to the problem.

In the UK, the average age of a referral to the National Cyber ​​Crime Unit is just 15 years old. The Cyber ​​Choices program, coordinated by the National Crime Agency, was created to help young people make more informed choices when using technology, while encouraging them to use their cyber skills in a legal way. It helps explain the difference between legal and illegal cyber activities, raise awareness of relevant laws and promote positive cyber opportunities.

On a technical level, law enforcement agencies are working hard to shut down websites and online forums that encourage hacking. Earlier this year, a multinational operation involving authorities from the UK, US and four other countries worked together to take action to shut down online hacking site RaidForums.

On a societal level, it is important that parents/guardians take an active interest in what their children are doing online. For example the Cyber ​​Choice Website has some great resources for families.

Photo credit: Mila Atkowska/Shutterstock

Share.

About Author

Comments are closed.