How Global Information Sharing Can Help Stop Cybercrime

Cybercrime is big business. While reliable statistics are difficult to come by, estimates of the global cost of cybercrimes range from trillions to tens of trillions of dollars annually. Regardless of the precise figure, cybercrime clearly drains significant resources from the global economy and poses a substantial threat to global security and prosperity.

Why has the problem grown so large? Cybercrime has some characteristics that make it difficult for governments to fight:

It has an inherently transnational structure, while law enforcement operates within national borders.

Some nation-states harbor and protect cybercriminals, while others turn a blind eye, and still others lack the capacity to combat the problem.

Defenders lack systemic knowledge and insights regarding the full extent of cybercriminal activities, which in turn inhibits effective targeting.

Cybercrime groups have evolved from two or three people working together into large, distributed organizations with extensive, complex, and sophisticated infrastructures that are difficult for any single entity to understand.

The global internet’s staggeringly large data volume makes it difficult to separate the malicious activity from the “noise.”

The internet allows criminals to scale in the same way that legitimate businesses do, but it also allows them to obfuscate their true numbers, locations, and identities.

Overcoming these challenges will require innovation and adaptation in many areas, such as updating international legal regimes and making operational collaboration between the public and private sectors a regular occurrence. Another key area for innovation includes understanding the nature of the criminal ecosystem.

Understanding the Cybercrime Ecosystem

While it may seem strange to apply the term “ecosystem” to crime, it aptly describes the way that cyber criminals operate. Cybercriminals are no longer just disaffected individuals wearing hoodies and living in their parents’ basements. Instead, they tend to operate in loose, distributed groups and exist within a large network of suppliers, coders, buyers, financiers, and partners. Few criminals conduct an entire operation from beginning to end without any support from someone else. While this complexity provides substantial benefits in terms of efficiency and effectiveness, it also creates an opportunity for law enforcement and defenders, if we can take advantage of it. By relying on an extensive ecosystem to carry out their activities, cybercriminals have made themselves more vulnerable to disruption.

Insight Center Collection

Managing Cyber Risk

Exploring the challenges and the solutions.

That’s where the Cybercrime Atlas project comes in. The Atlas is an initiative hosted by the World Economic Forum’s (WEF) Partnership Against Cybercrime, designed to mitigate some of the characteristics that make cybercrime difficult to combat. Specifically, the Atlas initiative Will provide a platform for academic analysts, cybersecurity companies, national and international law enforcement agencies, and global businesses to share knowledge about the cybercriminal ecosystem. During its initial standup, the WEF will host the secretariat for the project, supported by Fortinet, Microsoft, Paypal, and Santander. Other organizations, such as the Cyber Threat Alliance, will also support the initiative through in-kind donations of time and capabilities.

Mapping the Cybercrime Ecosystem

At its core, the Atlas project is a database about cybercrime. While a database may seem somewhat pedestrian or anticlimactic compared to the size of the task, the power of correlating and combining information should not be underestimated. Further, the information in this database will not just be random bits of data, nor will it be limited to the technical indicators of compromise that cybersecurity companies usually share. Instead, it will bring in a wide range of data types from many different types of sources. Information could come from government alerts, cryptocurrency analysis companies, platform providers, court records, and publicly available materials — anything the analysts can identify that might be relevant to understanding the entirety of the criminal ecosystem.

As a result, analysts can use this database to generate multiple different views or maps of various parts of the cybercriminal ecosystem, hence the name “Atlas.” For example, one analyst might be interested in ransom payments and could use Atlas to help understand how illicit funds are moving. Another might be interested in identifying the platforms that appear to host a large number of criminal actors. Another “map” or view might focus on the relationships between different criminal groups.

These different views will support a wide array of activities, from the private, non-profit, and public sectors. A platform like Microsoft could use Atlas information to support legal action against actors abusing their services, while banks could use a payment map to try to recover stolen money. Law enforcement agencies could use an infrastructure map to identify targets for disruption or seizure. The list goes on. Given past experience, the Atlas project will likely support analysis we cannot yet anticipate.

These maps will have several benefits. First, they will identify the places where the criminals are most vulnerable to disruption by highlighting single points of failure. Second, since they will be based primarily on open-source information and private sector information, they will help governments target intelligence and law enforcement resources against the gaps that the private sector can’t fill while avoiding areas where the private sector already has a lot of insight. Such focus would make law enforcement and intelligence collection more efficient and effective. It could even illuminate the makeup of criminal groups, making it harder for a group to seem like 1,000 people when it’s really only 10. It will also provide a Rosetta Stone for understanding the various names attached to a given group by different companies, making it easier to correlate research and findings.

By creating an international information repository based on public data and voluntarily shared information, cybersecurity practitioners can create a tool that will enable them to fight cybercrime more effectively. But regular businesses stand to benefit greatly from a project like the Cybercrime Atlas too. Reining in cybercrime would reduce not only the current economic burden of malicious activity like ransomware, but it would also enable businesses to continue expanding the services they offer online. Absent a change in its trajectory, the rampant criminality in cyberspace will inevitably drive some, possibly many, consumers and organizations to pull back from the digital ecosystem. It is not a law of nature that more and more activity will occur in cyberspace, and such a retrenchment is possible if we cannot make cyberspace safer.

As of mid-2023, the Cybercrime Atlas is still in the prototype stage. As a leader of an information sharing organization, I have no illusions about the challenges associated with making a project like the Cybercrime Atlas successful. Yet, its foundation is strong and its promise as a tool to help defenders, law enforcement, and other analysts navigate the criminal landscape is large. Given what’s at stake, we have an obligation to use every tool at our disposal to combat the pernicious threat posed by cybercrime.

The article was written by Michael Daniel at Harvard Business Review

Read here the original report: