‘Internet of Things’ cyber risks tackled during INTERPOL Digital Security Challenge

22 February 2018

VIENNA, Austria – Do you know how to protect your webcam from being hacked? Would you know if a cybercriminal was using your printer to carry out cyberattacks?

Franz Lang, Head of the INTERPOL National Central Bureau in Austria, opened the event.
The participants worked in teams to conduct digital forensic investigations to solve the fictitious hacking and identify ways to prevent future attacks.
The 2018 edition of the INTERPOL Digital Security Challenge brought together 43 cybercrime investigators and digital forensics experts from 23 countries to investigate a simulated cyberattack using an IoT device.
Conducted annually, INTERPOL’s Digital Security Challenge helps police worldwide develop the skills necessary to tackle the latest cybercrime threats. Previous events simulated cyber blackmail involving bitcoin and a ransomware attack.
/

While most of us are aware of the dangers that cybercriminals can pose to our computers and mobile phones and take steps to protect them, we seldom consider how these threats can affect the growing number of Internet-connected devices we use in our daily lives.

The ‘Internet of Things’

All devices which can connect to the Internet – collectively called the ‘Internet of Things’ or IoT – are potentially at risk of a cyberattack. Everyday personal items like video cameras, refrigerators and televisions can be used by cybercriminals for malicious means.

Cyberattacks targeting or using IoT devices have increased significantly in the past two years, according to several reports from the private cybersecurity industry. An example was the Mirai botnet, which in 2016 infected tens of thousands of devices, mostly Internet routers, with weak password security.  These were then used in coordinated distributed denial of service (DDoS) attacks against websites worldwide including a university and several media sites.

In the world of cybercrime, the number of IoT devices a criminal has access to is seen as a sign of their status.

Although police around the world are developing the skills necessary to forensically examine computers and mobile phones, they are often not aware of how to collect evidence from other connected devices.

The latest edition of the INTERPOL Digital Security Challenge tackled this threat, with 43 cybercrime investigators and digital forensics experts from 23 countries investigating a simulated cyberattack on a bank launched through an IoT device.

“Cybercrime investigations are becoming more and more complex and operational exercises such as the Digital Security Challenge, which simulate some of the hurdles that investigators face every day, are vital for the development of our capacities,” said Peter Goldgruber, Secretary General of the Austrian Ministry of the Interior.

Meeting the challenge

In the scenario, cybercriminals attacked a bank in an attempt to steal large sums of money. The investigators analysed the bank’s computers to identify the date, time and files where the malware was installed by the criminals.

Through this digital forensic examination, the teams discovered the malware was contained in an e-mail attachment sent via a webcam which had been hacked, and not directly from a computer. This is an emerging modus operandi, as it is more difficult to identify the source of the attack.

Once the teams accessed the digital data held by the compromised webcam, they identified the command and control server being used to remotely control the device to conduct the cyberattack. Further evidence led to the identification of a second command and control server, and the investigators identified technical vulnerabilities of the servers which could be used to prevent further attacks.  

Noboru Nakatani, Executive Director of the INTERPOL Global Complex for Innovation said the scenario provided a learning experience on how to conduct real-world investigations more effectively.

“The ever-changing world of cybercrime is constantly presenting new challenges for law enforcement, but we cannot successfully counter them by working in isolation.

“A multi-stakeholder approach which engages the expertise of the private sector is essential for anticipating new threats and ensuring police have access to the technology and knowledge necessary to detect and investigate cyberattacks,” said Mr Nakatani.

Sharing expertise

Conducted annually, INTERPOL’s Digital Security Challenge helps police worldwide develop the skills necessary to tackle the latest cybercrime threats. The first two events in 2016 and 2017 simulated cyber blackmail involving bitcoin and a ransomware attack.

This year’s three-day (19 – 21 February) event was organized in close cooperation with the INTERPOL National Central Bureau in Vienna and private sector partners NEC Corporation and Cyber Defense Institute.

“NEC has contributed as a strategic partner to INTERPOL’s commitment to improve the cybersecurity skills of investigators throughout the world. For the third year, NEC is honored to have helped develop the Digital Security Challenge by providing our expertise at this cutting-edge event,” said Kozo Matsuo, Vice President of NEC Corporation’s Cyber Security Strategy Division.

Training sessions to develop participants’ practical knowledge on IoT device analysis and the latest trends in malware-related crime were delivered by specialists from NEC Corporation, InfoSec, Meiya Pico, SECOM, Kaspersky Lab and TrendMicro. Support was also provided by the UN Office on Drugs and Crime (UNODC).

Kenji Hironaka, President of Cyber Defense Institute said: “We are proud to have provided forensic content and technical support during all three INTERPOL Digital Security Challenge events. We will continue assisting law enforcement around the world to enhance their cybercrime investigation capabilities.”

Protecting your devices

Most people use anti-virus products and update their software and programmes regularly on their computers and mobile phones to protect them from cyberthreats. But few people take the same precautions to secure their connected devices, leaving them vulnerable to attacks.

Tips for safeguarding IoT devices:

  • Change the factory default passwords – these can be the same for hundreds or thousands of devices, making it easy for criminals to hack;
  • Regularly update all software;
  • Disable features which allow the device to be accessed remotely;
  • Take extra care when buying used devices – you don’t know what the previous owner installed on the device.

Countries involved

See also