Crime-as-a-service business model threatens Internet

Europol, an organization accountable to the EU Council of Ministers for Justice and Home Affairs, last month issued its Internet Organized Crime Threat Assessment (iOCTA), which describes the increasing commercialization of cybercrime.

The assessment cites a reference from IID suggesting that the first murder via hacked Internet-connected device—in particular, a medical device—would occur by the end of 2014. On a more mundane note, Italian teenage hackers have been able to ride public transportation in Turin for free. (Read the IID reference here.)

Lauren Walker in Newsweek reminds us, “Though there have been no cases to date of hacking-related deaths, last year former vice president Dick Cheney revealed that the wireless function on his implanted defibrillator had been disabled for this reason. His fictional counterpart on the political thriller Homeland was murdered by this method.”

Fictional treatments aside, Europol in its new iOCTA report says that the emerging “crime-as-a-service” business model allows “…those lacking technical expertise—including traditional organized crime groups—to venture into cybercrime by purchasing the skills and tools they lack.”

The report cites the exploitation of Darknets, or the hidden Internet, “…for illicit online trade in drugs, weapons, stolen goods, stolen personal and payment card data, forged identity documents, and child abuse material.”

Rob Wainwright, the director of Europol, said, “The inherently transnational nature of cybercrime, with its growing commercialization and sophistication of attack capabilities, is the main trend identified in the iOCTA. It means that issues concerning attribution, the abuse of legitimate services, and inadequate or inconsistent legislation are among the most important challenges facing law enforcement today.”

Cecilia Malmström, the EU Commissioner of Home Affairs, added, “These days, almost anyone can become a cyber-criminal. This puts an ever increasing pressure on law enforcement authorities to keep up. We need to use our new knowledge of how organized crime operates online to launch more transnational operations. We need to ensure that investigations into payment card fraud and online child abuse don't stop at national borders.”

The report offers a set of recommendations, including awareness-raising, standardization of practices, and cross-border cooperation.

You can download the full iOCTA report here.

More in Instrumentation