#InfosecNA: Cyber-Criminals Out-Innovating the Cybersecurity Community

Jamie Bartlett gave the closing keynote session, 'Privacy, the Dark Web & Democracy: Uncovering the Digital Underworld,' at the Infosecurity ISACA North America Expo and Conference in New York this week.

Bartlett, a British author and journalist who specializes in issues related to the social and political impact of digital technologies, opened his talk by sharing some little-known insights the about the tools and tactics of today’s cyber-criminals and political malefactors. He then used those observations to make some unsettling predictions about the kinds of challenges that the cybersecurity community, and the world at large, will be facing in the next couple of decades.

During his research for his first full-length book, The Dark Net, helping break the Cambridge Analytica scandal, and other stories about fringe social and political movements, Bartlett became a seasoned traveler within what he referred to as “the digital underworld.” He found that, while not limited to the Dark Web, a good deal of criminal activities, as well as those of social extremists, are conducted there because of the anonymity and freedom it offers. The big surprise for him however, was at how the Dark Web had allowed criminal enterprises to evolve from small groups of hackers to large, well-run organizations that use many of the same tools as legitimate businesses.

As a result, stolen personal information has become a sophisticated industry that is smart, distributed, and hard to detect/intercept, Bartlett said. Perhaps the most alarming example is the globalized wholesale marketing of credit cards, other financial credentials, passports and driver’s licenses. Any of these items can be purchased individually or in wholesale quantities at the click of a button, as if you were dealing with a legit business. Bartlett was concerned because both the law enforcement and cybersecurity communities have been slow to recognize this large, growing market place which is still not being addressed effectively.

Much like legitimate business, these enterprises must continue to innovate in order to remain competitive. When asked about whether law enforcement will ever be able to bring down cyber-criminals, Bartlett said he felt that it was possible, but only if those organizations re-structured themselves to identify the young, smart, innovative people they need and train them to use a mix of proven tactics and new ones that can keep up with those of their rapidly-evolving opponents.

Rather than simply staying glued to the screen, he expects that, in order to be effective, these next-gen cyber-warriors will need to employ a mix of digital forensics and shoe leather to bust their quarry.

What’s Hot on Infosecurity Magazine?