News
TNO and CFLW:
Together we take the Fight Against Cybercrime to the Next Level
25 March 2021 – Joint article by TNO and CFLW Cyber Strategies; published on TNO Insights.
In this time of global lockdowns, and with an increasing part of our lives taking place via the internet, cybercrime risks are increasing. This is especially true for the shady dark web, with cryptocurrencies as the financial driver behind those crimes. With smart technology, such as the Dark Web Monitor, worldwide collaboration in research and innovation into the dark web and financial cybercrime, TNO and CFLW take the fight against cybercrime to the next level.
Cybercrime does not adhere to the traditional national borders. Criminal organizations operate across borders and in many countries at the same time. Because each country has its own principles of sovereignty, requests for legal assistance are lengthy and complex. Effective strategies therefore only has a chance of success if countries work closely together internationally and reinforce each other.
Thresholds to commit cybercrime are still lowering
“In February 2018, an eighteen-year-old boy bought a cheap kit on the dark web with his father’s credit card, which he used to shut down the payment system of Dutch banks,” says Esther van der Weide of TNO. “You no longer need that much technical knowledge to carry out a DDoS attack, for example. It is also becoming easier in the online financial markets to set up criminal networks and to make detection more difficult.”
No time to waste for combating cybercrime. An example of a smart solution is the Dark Web Monitor, an open source intelligence source. Van der Weide: “TNO developed a proof-of-concept. On the basis of a license agreement, cooperation partner CFLW Cyber Strategies brings the Dark Web Monitor to an operationally usable and managed solution.”
Dark Web Monitor provides Strategic Insights and Operational Perspectives
Mark van Staalduinen is managing director of CFLW. He explains: “Just as Google indexes all web pages, the Dark Web Monitor does it for the dark web, so you can search and perform advanced analysis. We also select relevant entities that mainly use judicial organizations to enrich their analysis of illegal activities. A more complete picture helps to connect the dots in these complex criminal cases.”
“On the one hand, we learn from banks and companies in Singapore. On the other hand, we have solutions for combating cybercrime that they are not familiar with there.”
International cooperation leads to new projects
Cybercrime quickly transcends borders. That is why TNO works together internationally, such as with governments and companies in Singapore. Singapore, like the Netherlands, is a relatively small country that, as a kind of hub, is an important gateway to other parts of the world. Equinix Singapore, like the Amsterdam Internet Exchange (AMS-IX), is a critical data hub for the region. To shape this public-private partnership, TNO and CFLW work together as Partners for International Business (PIB) of the Netherlands Enterprise Agency (RVO).
“The dialogue in the PIB creates mutual understanding for our global challenges and we spot opportunities to solve them”, Van Staalduinen continues. “On the one hand, we learn from research and innovation that governments, banks and companies in Singapore conduct and what works and what doesn’t. On the other hand, we have solutions for cybercrime prevention that they are not familiar with. This partnership creates new projects that are good for the Netherlands and Singapore.”
“We develop relationships all over the world with whom we can take cyber knowledge to a higher level together.”
Bring cyber expertise to next level globally
International cooperation in combating cybercrime is therefore crucial. Van Staalduinen: “As the Netherlands, we work well together in Europe, but the world is bigger. That is why we develop relationships all over the world with which we can take cyber knowledge to a higher level together. In addition to Singapore, think of countries such as the US, Canada, Australia and Japan. Moreover, through the collaboration with INTERPOL we succeeded in getting also less developed countries involved.”
Public Prosecution Office in Bavaria successfully uses technology
Via the INTERPOL Working Group on Darknet and Cryptocurrencies, the Bavarian State Ministry of Justice became interested in the Dark Web Monitor. Van Staalduinen: “That is why we signed a Memorandum of Understanding last year to accelerate the development of strategic enforcement technologies. This allows them to start using the Dark Web Monitor for operational use.”
The developments on the criminal side are going fast such that there is no time to work towards solutions in a structured way for years. It requires tools that can be deployed almost immediately, even if only in concept. “Learning together, strengthening together – that’s what combating cybercrime needs,” says Van Staalduinen. “For the Public Prosecution Office in Bavaria, the Dark Web Monitor made the difference in a few cybercrime and child abuse cases. That’s why we do it!”
“Soon we will all understand what someone means when said: we have found a bitcoin-tumbler.”
Consistent use of languages in fighting cybercrime is key
Anyone who works together internationally and exchanges information, and for example receives data from another research lab for a request for legal assistance, must speak the same language. To make this possible, TNO is working with INTERPOL on a taxonomy. Freek Bomhof of TNO: “It is a glossary, intended to divide the world of dark web, virtual assets and everything related to cryptocurrency into clear and unambiguous chunks.”
“Compare it with mammals, ungulates, even-toed ungulates, pigs, etc. in biology,” Bomhof continues. “It can quickly become confusing when you use different words for the same thing or the same words for different things. You can see that in your own environment, but with international cooperation it becomes even more complicated. Soon we will all understand what someone means when he or she says: we have found a bitcoin tumbler.”
150 police officers from all around the world are contributing
INTERPOL is the driver in the working group that stimulates unambiguous language use. CFLW Cyber Strategies also participates to adopt the taxonomy for its use in Dark Web Monitor, as well as the Austrian Institute of Technology (AIT) for cryptocurrency analysis with GraphSense. Bomhof: “In December, we brainstormed in the INTERPOL working group with 150 police officers from all over the world about additions to the first concept. We expect to be able to deliver the database as a useful tool on the internet around the summer.”
Privacy-friendly techniques to share and analyse data
“The last example of a smart technology that stimulates cooperation across borders between countries and organizations is the cryptographic and privacy-friendly technique Secure Multi-Party Computation (MPC),” concludes Van der Weide. “By means of MPC, the data itself is not shared, but joint analysis can be carried out on encrypted data. In this way, different organizations can work together in an environment with privacy-sensitive data from each other. For example, by combining data from different banks. This makes it more difficult for criminal organizations to avoid detection mechanisms by spreading malicious activities over a number of banks. We will continue to use these and other techniques to work together with different organisations to combat cybercrime worldwide.”