Cybercrime Investigation Tool developed by Indian scientists can track cyberattacks targeting human
It is perhaps not realized that more than 99 percent of attacks require human interaction. These social engineering interactions include clicking a link, opening a document, enabling a macro, opening a file and others. Of course, security and IT specialists need to focus on perimeter defenses, patching vulnerabilities and myriad other systems for digital defense. But how do you stop users from holding the door open for cyberattacks?
For criminals, targeting people makes sense. It’s faster, easier and more profitable than targeting systems. Attackers exploit human nature with diversionary tactics, such as creating a false sense of urgency or impersonating trusted people. And, of course, individual people with different personalities vary on the degree to which they may fall prey to social engineering manipulation.
Attackers are going after low-hanging fruit, too. So-called “very attacked people” and their email addresses are typically available on company websites and social media, or are easily discoverable via web search. Favored targets include education, finance, advertising and marketing companies, but criminals are also exploiting industries with complex supply chains, such as the automotive industry.
It is against this background that a new cybercrime investigation tool developed by Indian scientists is a wonderful piece of news.
This tool will soon be able to track cyberattacks targeting humans, like insurance fraud, online matrimonial fraud and so on. The tool called TTPs (tactics, techniques and procedures)-based cybercrime investigation framework can help in tracking and classifying cybercrimes, identifying chains of evidence required to solve the case and in mapping evidence onto the framework to convict criminals.
Cybercrime incidents cause 1 crore/day loss in many states. Mostly, women, aged and poor people are targeted resulting in loss of entire life savings. The number of cybercrime investigations was found significantly lesser than the number of cybercrime reports in India. The investigation of such cybercrimes depends on the FIR narratives by the victims who usually have extremely low cyber literacy. Hence their narratives frequently mislead or distract investigators. Victims frequently do not maintain contact after reporting the incident, which makes tracking the crime even more difficult.
For success of cybercrime investigation, a proper framework was required which could extract key points from the victim’s FIR, provide investigators with sufficient information on the reported cybercrime to categorize it systematically and exhaustively, indicate the steps to follow based on pre-existing crime paths, map evidences to the steps taken to decide the following step and finally conclude and convict criminals. No comprehensive framework exists for cybercrime incident response till now.
In order to fill this gap, I-hub NTIHAC foundation (c3ihub) at IIT Kanpur with support from Department of Science and Technology (DST) under National Mission on Interdisciplinary Cyber Physical Systems (NM-ICPS), developed a methodology and tool for apprehending cybercriminals’ modes of operations in a crime execution lifecycle.
It was developed with the help of literature study, case studies, framework building, incorporating pre-existing crime in the framework, evolving interactive framework navigator and mapping real cases onto the framework.
The technology can create an approximate crime execution path and suggest a crime path based on a user derived set of keywords. It can also compare modus operandi (Mode of Operation) used in different crimes and manage user roles and track activity for crime paths.
The TTPs-based investigation framework could be highly effective as it restricts the numbers of forms and methods the investigation can be conducted and primarily rely on criminals’ TTPs. This leads to precise and rapid conviction of cybercriminals.
Implementation of the developed cybercrime investigation framework and tool, which is now ready for deployment with the police, cybercriminals can be tracked and convicted easily, reducing cybercrime activities throughout the country.