Cybercrime Group, Centre for Criminal Justice Studies, University of Leeds <d.s.wall@Leeds>
Big data helps organisations predict social behaviour. It brings with it a range of exciting new data analytic tools that offer great potential for identifying new truths about social and physical phenomena that were previously impossible to research on such a large scale. Largely the product of cloud technologies which have over the past 15 years, massively increased the number of data flows in circulation, big data is in high demand. But big data is also a very disruptive phenomenon which has a positive side in that it inspires creativity and new forms of thinking about business and service delivery, but in the wrong hands these social benefits can be overshadowed. So much so, that its value has stimulated illicit and licit markets which circulate and process the stolen data and which are encouraging data breaches. Not only do data breaches cause massive financial and reputational losses for affected organisations, but the stolen data is then be used in a number of ways to cause criminal harms, mainly to create delivery mechanisms such as spamming services or botnets. Services which can be used, for example, to send out fraudulent ‘phishing’ emails that seek to socially engineer a response either to deceive recipients into giving personal financial information that can subsequently be used to defraud them, or to click on a URL link or open an attachment that will infect their computer with malicious software. Such ‘malware’ might harvest the computer user’s data, or it may be Ransomware which, through encryption, can either disable key data in an infected computer system until a ransom is paid, or it can destroy the data by rendering it useless. Hence, in such a manner data can also be ‘weaponised’ and used to ‘attack’, especially when the data delivery systems mentioned earlier can include the ability to send out Distributed Denial of Service (DDoS) attacks (sending out floods of login data) to restrict access to system gateways.
Thus, the use of ‘stolen’ data following data breaches creates a chain of cybercrime events by enabling large scale ‘downstream’ cybercrimes to take place. If ‘upstream’ cybercrimes, such as data breaches can be prevented, then it follows that the ongoing ‘downstream’ cybercrimes will be prevented from taking place on such a large scale. The big question is how to break the chain, one, obvious answer, is to identify the tipping points at which the data cascades downstream, such as the point (e.g. darkmarkets) where the stolen data passes from one group of offenders to another, from the sellers to the buyers – this ‘cascade’ effect is the subject of another article from the CRITiCal & EMPHASIS projects (The Cascade Effect). Another way to break the chain is to explore how data analytics involving artificial intelligence and machine learning can be harnessed to identify data breaches and other ‘upstream’ big crimes as they take place or develop measures out of the research to prevent them before they happen. In effect, turning the technology on its head and shifting the foot back from ‘black hat’ to ‘white hat’. Again, aspects of this are being explored in the CRITiCal project.
Big cybercrime is here to stay because we are in the age of big data and this is a bitter pill that cannot be sweetened. Protective measures such as data backups, personal recovery tactics, and business continuity strategies can go a long way toward mitigating the damage done by increasingly common attacks. But a broader combined and multi-sector approach to big crime is needed that integrates technological defences with social, educational, professional and even some political reforms, as well as improved legal procedures. Such an approach must also clearly define which government and non-government agencies are responsible for tackling the threat of big crime, recognizing that it has the potential to severely disrupt our economy and society in general.