Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime

The internet enables cybercriminals to attack victims anywhere in the world. Transnational attacks are challenging to track, and more often than not, the perpetrators are not apprehended. What is needed is a robust and global effort to identify attackers, preserve evidence, and prosecute the guilty, regardless of where they reside. There has been some movement toward accomplishing this, but it is still insufficient.

Challenges of Cross-Border Cybercrime Prevention

Because of the difficulties in stopping or apprehending cross-border cybercriminals, they have understood that attacking victims outside their national borders is low risk and high yield. According to an article by Allison Peters and Amy Jordan titled ‘Countering the Cyber Enforcement GapOpens a new window ,’ a majority of cybercrime is transnational. In 2017, the worldwide cost of transnational attacks amounted to $600 billion, equivalent to 0.8 percent of global GDP. Accenture assesses that cybercrime could cost the private sector a whopping $5.2 trillion by 2022.

Transnational attacks frequently result in victims being outside the legal jurisdiction of the attackers. Jennifer Daskal and DeBrae Kennedy-Mayo, in an articleOpens a new window in July 2020, said that more than half of all cybercrime investigations involve cross-border requests to access various kinds of evidence. This evidence is needed to attribute guilt for the transnational attacks for defense and apprehension purposes.

The Big Four Global Threats

Challenges increase when attacks are carried out within countries that are not very cooperative in cybercrime matters. The Big Four countries (Russia, China, North Korea, and Iran) that are the primary sources of transnational attacks have clearly stated that they believe collaboration in these matters infringes on their sovereignty. The Center for Strategic and International Studies provides a long list of transnational attacks, many conducted by foreign governments, including:

• 2021 Southeast Asia attack: This was a Chinese military-supported attack against Southeast Asian governments.
• 2021 attack against medical researchers: It is suspected that Iranian hackers targeted medical researchers in Israel and the U.S. to steal sensitive data and credentials.
• 2019 SolarWinds attack: The attack against SolarWinds vulnerabilities is attributed to Russian intelligence operatives. It compromised the position of multiple US government agencies.
• 2017 WannaCry ransomware attack: Attributed to North Korean attackers, WannaCry affected hospital, bank, and phone company systems.

Then there was also the 2021 Colonial Pipeline ransomware attack. This attack shut down the pipeline system that supplies 45% of fuel used by the southeastern US. The FBI attributes this attack on Darkside to a Russia-based cybercrime group.

Although many transnational attacks are for quick financial gain, Adam Hlavek, in his 2020 article titled ‘China cyber attacks: the current threat landscapeOpens a new window ‘, went on to say that, “China has directly utilized the information it has obtained via cyber espionage to improve its military capabilities. It has also used ill-gotten trade secrets to help its commercial companies compete on the global stage.” This shows how cybercrime is widely state-sponsored by some countries in the world.

Learn More: World’s Most Dangerous Malware Taken Down in Global Operation 

International Cybercrime Collaborations

EU and US collaboration

The EU and the United States have taken steps to enforce anti-cybercrime regulations. While such steps tend to make a difference, they do not adequately manage attacks from the Big Four.

US cybercrime collaboration efforts

In 2016, the US Department of State released its International Cyberspace Policy StrategyOpens a new window . Based on President Obama’s 2011 International Strategy for CyberspaceOpens a new window , the strategy aims to develop working strategies and procedures to promote ‘international norms of state behavior in cyberspace.’ It also defines the department’s efforts to include cyberspace behavior in all diplomatic activities, claiming cyberspace safety as a ‘foreign policy imperative.’

US Congress formed the Cyberspace Solarium Commission in 2018. Its purpose is to develop a strategy for national cyberspace defense. In its final report, published in March 2020, the commission recommended steps that the United States government should implement over three layers:

• Layer 1: Shape cyberspace behavior through diplomacy and the establishment of cyberspace norms.
• Layer 2: Make cyberattacks less effective by promoting resilience and quickly responding and recovering from any attacks.
• Layer 3: Impose proportional costs to malicious actions in cyberspace, requiring collaboration with allies to assign responsibility for attacks and take appropriate steps against the attackers.

The National Defense Authorization Act for 2021Opens a new window implemented many of the commission’s recommendations. It also created the post of National Cyber Director. The role of the Cyber Director includes diplomatic and other efforts to develop norms and international consensus around responsible state behavior in cyberspace. 

The 2021 Act supports the 2019 National Defense Authorization Act that allows Cyber Command teams to help allies with their cyber defense when asked. The US has signed various computer network defense agreements with several countries.

Learn More: The DarkSide of Colonial Pipeline Ransomware Attack Is Not so Dark Anymore 

EU and International Efforts

The most significant international effort to fight cybercrime is what is known as the Budapest ConventionOpens a new window . 65 nations, including the United States, have ratified the convention, and other countries are also expected to join. The convention document was completed in November 2001 and was effective as of July 2004. Its objectives are to:

1. Harmonize national laws related to cyber-related crime
2. Support the investigation of cybercrimes
3. Increase international cooperation in the fight against cybercrime

However, the problem with this convention is its reliance on each signatory nation to pass laws that meet its specific goals, something that won’t happen so quickly.

Jack Goldsmith, a Senior Fellow at the Hoover Institution, says that the convention is widely viewed as unsuccessful. He argued that “the convention gained consensus by adopting vague definitions that are subject to different interpretations by different states.” The convention is further diluted because nations (including the United States) only ratified it with conditions. Further, signatories to the convention can decline to cooperate without any fear of penalty.

Attempts are being made to update the convention to include challenges associated with cloud services, but its weaknesses will probably continue to make it an unsuccessful endeavor.

Learn More: Microsoft & Partners Take Down Data-Stealing Malware TrickBot 

INTERPOL Cybercrime Information Sharing

Information sharing is today’s most effective approach for managing transnational cybercrime. Sharing does not usually require countries to assess whether collaboration violates national sovereignty.

INTERPOL provides two ways for governments to share–the Cybercrime Knowledge Exchange and the Cybercrime Collaborative Platform. The Exchange enables nations and cyber-security experts to share information about cybercrime trends, prevention strategies, detection technologies, and investigation techniques. The Cybercrime Collaborative Platform is a centralized portal used by global law enforcement agencies when cooperating against specific cyber-threat actors. While the Exchange is mainly open, access to the Collaborative Platform is restricted.

Successful Collaboration Example

 The recent takedown of Emotet, the world’s most prevalent malware, is an example of what can happen when nations work together. Emotet was a botnet that is believed to have affected 7% of global organizations. Europol, the FBI, and the UK National Crime Agency and agencies from Canada, France, Germany, Lithuania, the Netherlands, and Ukraine all worked together to bring down the botnet and arrest the threat actors.

Because of the seemingly unsuccessful impact of the Budapest Convention, it seems collaborations such as these come down to each nation asking what is in it for them! The scope of the Emotet attacks significantly affected organizations across many borders. Further, the threat actors were arrested in Ukraine, an ally of the United States. These factors brought friendly countries together to stop the threat. However, such collaborations do not work well when threat actors reside in one of the Big Four countries.

The Big Four and the Shanghai Cooperation Organization

News writer Alexander Culafi reported that the following four countries launched a majority of cyber-attacks between July 2019 and June 2020:

• Russia – 52%
• Iran – 25%
• China – 12%
• North Korea and others

Only 25% of data breaches were related to cyber espionage. 36% percent of companies in North America reported experiencing a transnational attack in 2020. Some of the attacks were confirmed as nation-state attacks, while others were attributed to foreign cybercriminals. Dealing with threat actors is difficult, given the lack of cooperation from the Big Four.

This unwillingness to collaborate is demonstrated in the Shanghai Cooperation Agreement. The agreement, signed by Russia, China, and four other smaller nations, resists the Budapest Convention. The agreement emphasizes state control and state security over information technologies and threats. Instead of focusing on collaboration with the West, it claims that the West’s domination of cyberspace makes it harmful to socio-political systems, spiritual, moral, and cultural environments.

As barriers exist between the East, West, and Middle Eastern countries, battling transnational cybercrime remains problematic. Further, although Iran and North Korea are not members of the Shanghai Cooperation Agreement, the hostile relationship between their governments and the United States hinders cybercrime cooperation.

Concluding Thoughts

Most of the 194 member countries, including the United States, actively participate in transnational cybercrime law enforcement and information exchange efforts. However, over 90% of transnational attacks are managed by cybercriminals in countries that have made it clear they will not freely cooperate with the United States and other Western countries. As such, this requires focusing defense on potential targets.

Sharing of information at the national level is ongoing, but it also requires close collaboration between private and public industries and cyber defense specialists at federal and state levels. It also means that organizations must share attack data with governments while using cybercrime information from national and global cybercrime defense resources. This exchange of information is essential for organization-level threat modeling and risk management.