Vol. 79, No. 3Cover stories

Two men and a woman sit at a table.

Infected Internet

RCMP cyber-intelligence team targets hackers, botnets

This past April, RCMP Supt. Marie-Claude Arsenault (centre) and police representatives from around the world shared best practices on how to combat cybercrime during the International Cybercrime Operations Summit. Credit: Amelia Thatcher, RCMP

By

The Internet has become an indispensible part of our lives — we can use it to pay bills, order food and even find love. But while its use has increased exponentially, so has its misuse by criminals.

"Cybercrime is in everything — every field and industry," says Supt. Marie-Claude Arsenault, officer in charge of the cyber team at the RCMP's National Intelligence Coordination Centre (NICC). "Most crime, whether it's cyber-enabled or cyber-targeted, has an online or technical aspect."

To keep up with society's rapid migration online, the NICC created Arsenault's cyber-intelligence team in 2014 as part of the RCMP's cybercrime strategy. Its mandate is to gather information and identify cyber-related enforcement opportunities for provincial, national and international investigative teams.

"We're proactive in trying to find leads and developing a case to a point that when it's passed onto the division [province or territory], they can get right to it," says Arsenault. "Oftentimes they're so busy they can't spend time searching for the next case, and that's where we come in. We can have something ready for them to pick up, and all the legwork is done already."

Although nearly every police investigation now involves technology, Arsenault's cyber-intelligence team focuses on a very specific area: cyber-targeted crime, where the technology itself is attacked.

"We mainly focus on just two sections of the Criminal Code — mischief to data and unauthorized use of a computer, or hacking," says S/Sgt. Paul Poloz, in charge of intelligence priorities at the NICC. "With other crimes like fraud, child exploitation or compromised emails, the end goal is not the computer or the technology — they just use it as a tool. We focus on pure cybercrime."

The team targets hackers who author or use malicious software (called malware) such as computer viruses. They're tracking the digital trail of these cyber-criminals, looking for anyone who is compromising the infrastructure of the Internet.

Robot Network

One of the biggest threats to the Internet — and one of the cyber team's biggest priorities right now — are botnets, or robot networks. Botnets are created when a large number of devices connected to the Internet are compromised and directed to do things they wouldn't normally be doing, usually for nefarious criminal purposes.

A device becomes compromised when it's infected with malware, which infiltrates the computer system without the owner's consent. An infected device becomes hypnotized and can be controlled remotely by cybercriminals.

When creating a botnet, the hacker's goal is not to infect one or two devices, but hundreds of thousands of computers, smartphones, GPSs, routers and anything else that's connected to the Internet. They can direct their botnet to send spam emails, transmit viruses and engage in other acts of cybercrime.

"Cameras and home security systems, even refrigerators that are connected to the Internet — they're not secure," says Greg Simmonds, manager of the NICC's cyber team. "They're sitting there and someone who's skilled and knows how to take control of those things can use them as access points to do criminal activities."

One such criminal activity is called distributed denial of service (DDoS) attacks. In most DDoS attacks, hackers direct their botnets to flood a website with traffic, effectively shutting it down to legitimate users. Motivations for these attacks can include blackmail, taking out competition, or simply expressing anger towards the website's owner.

"Often, you have the victims in one country, the bad guys in another country and the servers in another country," says Arsenault. "You can have three or more jurisdictions involved, which is why it's so hard to police this. It's very important to have international partners when we're dealing with cybercrime."

Keeping up

According to Arsenault, demystifying cybercrime worldwide is a major first step in stopping these illegal online activities.

"It scares police forces," she says. "In one jurisdiction, you can have 20 break-and-enters and police will respond. But you can have 20 cyber attacks but police won't do anything. It's not always treated as a crime."

She hopes that educating police will make a difference at various levels, from the frontline to the specialized teams. And while most police forces are still catching up when it comes to investigating cybercrimes, Arsenault says in one respect, the RCMP is at the forefront.

"On the intelligence side, we're ahead," she says. "There aren't too many police forces that have a dedicated cyber-intelligence team."

Date modified: