First virtual competition simulates business email compromise fraud investigation
Imagine that a well-known company has been hit by a cyberattack – criminals have conducted a business email compromise (BEC) scam against the company, compromising the email of the CEO to trick an employee into making a payment of USD 100 million to an account controlled by the criminals.
Now imagine you are a police officer working at the INTERPOL National Central Bureau (NCB) in your country, and you are asked to work with cybercrime investigators as well as other digital forensics examiners around the world to investigate the incident.
Although this is a fictional scenario, BEC fraud is a very real crime threat which police worldwide face on an increasingly regular basis.
This BEC scam was the premise of the fourth INTERPOL Digital Security Challenge – where teams of experts pool their knowledge and expertise in a race against the clock to investigate a simulated real-world cybercrime incident and gather evidence to identify the perpetrators. For the first time, the event was held virtually due to the COVID-19 pandemic.
During the challenge, the 100 participating cybercrime and digital forensics experts from 50 countries had to analyse infected computers and contents of the BEC email messages received by the fictional company to uncover evidence of the malware used and the email servers which had been compromised.
After linking the malware to a command and control (C2) server, the teams identified clues that would help narrow down the whereabouts of the cybercriminals and takedown the server.
Adding an additional layer to the scenario, the criminals filmed the police takedown using drones and compromised the personal details of the officers involved. But one of the drones was captured, so the teams conducted digital forensic examinations to gather data from the device which identified the criminals’ location. A computer seized at this location was also analysed for further information on the cybercriminals’ activities.
Craig Jones, INTERPOL’s Director of Cybercrime, underscored the importance of providing hands-on experience in using the latest techniques and technological tools for investigating cybercrime.
“In the ever-changing world of cybercrime, theoretical knowledge is only one component of a successful investigation,” said Mr Jones.
“Practical exercises like the Digital Security Challenge, which replicate the situations investigators will face in the real world, are great opportunities to gain the critical technical capabilities necessary to follow the digital trails left by cybercriminals,” concluded Mr Jones.
Cybercrime investigations are becoming more and more complex and operational exercises such as the Digital Security Challenge, which simulate some of the hurdles that investigators face every day, are vital for the development of our capacities.
The five-day (12-16 October) event was organized in close collaboration with private industry partners NEC Corporation and Cyber Defence Institute.
Throughout the simulated investigation, virtual training sessions were conducted to develop participants’ practical knowledge on relevant topics including malware analysis, drone forensics and BEC fraud.
For the first time, NEC and Cyber Defense Institute joined the Challenge. Isao Okada, General Manager said, “We strongly believe this kind of event can help attendees gain the technical capabilities required to fight the latest cyber crimes.”
First held in 2016, the Digital Security Challenge helps police worldwide develop the skills necessary to tackle the latest cybercrime threats. Previous editions simulated cyber blackmail involving Bitcoin, a ransomware attack, and the hacking of ‘Internet of Things,’ or IoT, devices.