With cyber crime now a global phenomenon, perhaps it will take a global police organization to keep it in check.
Although Interpol is not the first law enforcement group most people associate with the fight against online crime, the 85-year-old data-sharing organization for police has been taking an increased interest in the phenomenon of late, helping train the next generation of cyber crime investigators on fighting botnets and forming regional working groups to focus on IT crime threats.
Interpol has first-hand experience with online attacks, too. The organization’s Executive Director for Police Services Jean-Michel Louboutin says that its network was hit recently by a botnet attack and is hit by 100,000 attacking computers each day.
IDG News Service caught up with Louboutin at Microsoft’s Law Enforcement 2008 conference this week to ask him about cyber crime, terrorism and the upcoming Beijing Olympic Games. Following is an edited transcript of the interview.
IDG: Do you see any areas of the world that are emerging sources of concern when it comes to cyber crime?
Jean-Michel Louboutin: Terrorism. I think the main concern for the world is terrorism, fraud. This is very important. They use the Internet a lot. We can have different networks of terrorism using Internet, because it is very easy to create a site. You can create propaganda. You can recruit. Now the main recruitment for Afghanistan is over the Internet.
Terrorists are chatting on Internet sites. They can provide tools for training. They can set up rendezvous. They can use encrypted language to give orders. It is a major trend.
IDG: Terrorists are not generally considered to be very good at hacking into systems, though.
Louboutin: I was not speaking about hacking. This is more difficult, more technical. But I do not share the view that terrorists are low-level. Because you know it is very easy to learn. Accessibility to education is easier than in the past and, in particular, on the computer you have access to everything you want. These people train themselves to use these tools.
IDG: Are the terrorists getting better with computers?
Louboutin: I am sure.
I have another comment. Hacking will be more and more difficult, because of the security of systems. A company like Microsoft is taking care of a lot of that. We can better encrypt and better protect with the firewall, for example.
The Interpol network, for example, is attacked more than 100,000 times every day, without successes, because the security is very well done and to enter it is too difficult.
IDG: What type of attacks do you typically see? Distributed Denial of Service [DDOS]?
Louboutin: Yes, it is to make the system slower.
IDG: What is the point of doing that? It would just draw the attention of law enforcement?
Louboutin: You can imagine how the guy would be proud to say, “I shut down the Interpol system.”
IDG: Lately we’ve been hearing a lot about the professionalization of hackers and how they only work for money, but what you’re talking about is the opposite. It’s doing something for prestige, really. To DDOS Interpol is not going to get you any money.
Louboutin: But when you identify the hacker and the hacker is 15 years old, it is not for money. He doesn’t come from a criminal organization.
IDG: There was a report from the China CERT [Computer Emergency Response Team] recently talking about how they are worried about a cyber attack during the Beijing Olympics…
Louboutin: A cyber attack on what?
IDG: I’m just guessing, but maybe the systems that report the scores.
Louboutin: The main concern for the Olympic Games is the physical security of the visitors who are going to China and to avoid any terrorism attack. Of course, Interpol is involved in the security of the Olympic Games and we are in a close relationship with the authorities. We are going to provide access to our global databases. We will send a team which will be connected to the Interpol network. We have already trained people.
But of the time being, we are providing threat assessment for the Olympic Games and we did not detect a main threat regarding cyber crime. It would maybe be an attack on a small network regarding the tickets.