The Rise of Cybercrime-as-a-Service
Building Capacity of Law Enforcement to Prevent Cybercriminality Among Young People
Digital technology permeates every part of our lives. From broadband Internet to laptops and mobile devices, technology has become integral at work and home. In recent years, technological advancements like the Internet of Things (IoT) have been highly beneficial in enabling us to connect our everyday devices to the Internet, allowing seamless communication between people, processes, and devices.
However, alongside its benefits, IoT poses a significant challenge by increasing the ‘attack surface’ for cybercriminals to exploit. The attack surface refers to the number of points in a software environment where cybercriminals can enter data or extract data without authorisation. With billions of devices connected, the attack surface, or the opportunities for criminals to conduct cyberattacks, have multiplied exponentially. The increasing attack surface leaves not only organisations and governments but also individuals exposed to serious cyber risk.
In the past few years, the risk of cybercriminality has steadily increased through cybercrime-as-a-service (CaaS). CaaS is a practice where talented cybercriminals sell cybercriminal services to lower-level criminals who do not have the resources or skills to execute cyberattacks on their own. CaaS has revolutionised legitimate business models by turning the sale and rental of cybercrime tools into full-blown business ventures that incur sizable revenues comparable to other successful businesses. By mimicking legitimate business models, CaaS facilitates specialisation by providers, leading to improved quality through competition and increased market penetration through resellers. Due to this rise of CaaS, even amateur and unsophisticated hackers can easily acquire tools to capitalise on the ‘attack surface’ and cause enormous damage.
The damage caused by CaaS brings serious societal repercussions, especially among young people. Although young people may be considered more digitally savvy, they may be more complacent about cybersecurity. Despite being one of the most vulnerable groups in society with greater access to digital devices, young people and children are rarely educated about cyber risks. This leaves them particularly vulnerable to being targeted, radicalised, groomed, coerced, monetised, sexually abused and exploited by cybercriminals. Importantly, young people are not just victims of cybercrime, they are also at risk of entering into cybercrime due to being unaware of the consequences of cybercriminality.
Despite the serious consequences of CaaS especially among young people, CaaS is uniquely challenging to law enforcement agencies (LEAs) due to its nebulous nature. Unlike traditional crimes like robbery, when cybercrime is committed through CaaS providers, there is little evidence for LEAs to identify what type of crime has been committed. Even if the crime is identified, tracing the criminal or the CaaS provider is especially difficult due to little available evidence. Without an immediate response from skilled cyber investigators, the little evidence that is left will forever be lost. Tackling CaaS and protecting young people from becoming victims or criminals themselves, urgently requires LEAs to be equipped with technical skills as well as human and financial resources. At present, tools and technologies of LEAs are often a generation behind those of cybercriminals and terrorists on the dark web, deep web and darknets.
CC-DRIVER is a three-year EU-funded project that aims to understand the human and technical drivers of cybercrime, to utilise that knowledge to reduce cybercrime and deter young people from a life of crime. CC-DRIVER tackles the key challenges faced by LEAs, by recognising the ever-changing nature of CaaS and by supporting LEAs to be one step ahead of cybercriminals.
CC-DRIVER is designed to respond to the challenges faced by LEAs due to the shortage of skills and resources. With public funding in the fight against cybercrime, the project is alleviating some of the financial constraints that LEAs face, by reviewing legislation, and developing policy and technical toolkits that may assist them in tackling cybercrime. CC-DRIVER approaches the trend of growing availability and accessibility of cybercrime tools by investigating the various manifestations of CaaS, modalities, purveyors and trends. This focuses on emerging threats that target IoT and related devices. In responding to the challenges of technical and human identification of cybercriminals, CC-DRIVER develops and enhances cybercrime awareness and investigation tools as well as identifies different types of cybercriminals to undertake a broad review of the characteristics of offenders, victims and societal impact.
CC-DRIVER’s main preoccupation is to understand how to divert young people and teenagers from cybercrime towards non-criminal cyber activities. In addition to learning about LEAs’ perspectives on juvenile cybercriminality, CC-DRIVER conducts a multidisciplinary study of the drivers of cyber juvenile delinquency and cybercriminality across a range of offences. Since cyber offences vary between jurisdictions, CC-DRIVER investigates a range of online behaviours from risk-taking and delinquency to criminality, to include an analysis of drivers and motivations across eight EU countries.
By equipping LEAs with skills and tools to tackle cybercrime and by enhancing LEAs' and public understanding of cybercrime, CC-DRIVER tackles the key challenges to address the rise of CaaS and prevent juvenile cyber criminality. To best meet challenges, CC-DRIVER fills the gap of low public awareness by focusing on the importance of public trust and raising public awareness of the different types of cybercrime to avoid being victimised. CC-DRIVER recognises the need for a collective effort to tackle CaaS and collaborates with LEAs, stakeholders as well as consortium partners across nine countries in Europe to raise public trust and awareness about efforts towards tackling CaaS. CC-DRIVER possesses excellent innovation potential that lies in the ground-breaking combination of interdisciplinary research, innovation in technology development, stakeholder engagement, networking, and policy formulation to tackle CaaS.
Author: Anjhana Damodaran, Trilateral Research