Transcript – Mapping and Understanding Cybercrime Operations
Cybersecurity incidents have evolved from demonstrations of hacking skills to simple system compromises, destruction of data and denial of service to a commodity business model for economic and or political gain. Technical analysis of the tools, techniques and processes known as TPS has provided invaluable insight into the mechanics of malware, an emerging platform supporting crime as a service. With limited exceptions, the operation and operational and organizational side of these illicit platforms has received much less scholarly attention. This work evaluates the art and craft, a mitigating and remediating cybercrime operational networks from the perspective of the cybersecurity professionals and law enforcement that are developing a holistic view of these operational networks. Much of this expertise is rooted in tacit knowledge developed in the field, keeping pace with cyber criminals that are continuously adapting platforms to evade mitigation or remediation strategies. The figure on the poster illustrates the knowledge, innovation and refinement lifecycle identified in previous work and refined here. Eliciting this test of knowledge requires access to these cybersecurity professionals, primarily through interviews and field work, although the Covid-19 pandemic has delayed field work. I’m currently moving semi-structured interviews and workshops among key participants in these mitigation remediation efforts online to continue this work. The results are expected to provide greater insight into the on the ground efforts at combating cybercrime, provide a common vernacular for mapping and analyzing cybercrime, operational networks, and provide insight to policymakers regarding how they can support these efforts. Moving this kind of knowledge generation from ad hoc adaptation as a new service, security vulnerabilities emerge to investment in the kinds of resources necessary for systematised and sustainable efforts that can more effectively keep pace with ongoing adaptation by transnational cyber criminals.