Built to fight cybercrime, an RCMP unit is spending part of its inaugural year protecting Canadians from criminals who are trying to use COVID-19 to exploit them.
When COVID hit Canada at the start of the year, we weren't even operational," said Chris Lynam, director general of the National Cybercrime Coordination Unit, also known as NC3. "
So we got involved with other partners such as the Canadian Anti-Fraud Centre to collectively address COVID-19-related complaints."
Unit members officially began their work on April 1, 2020.
To date, 1,190 websites have been labelled problematic, meaning they exist for some malicious purpose. That includes trying to steal personal information and trying to sell counterfeit personal protective equipment or even fake COVID-19 cures.
A total of 375 of those problematic sites are no longer active.
The goal of the disruption activities is to have those sites that are problematic taken down, so their content is no longer available online," says Jeff Bonvie, a senior advisor with NC3.
The genesis of NC3
Computers, tablets and smartphones — all linked by the internet — have become a normal and necessary part of everyday life.
That cyber-network has also become highly valued by criminals looking for ways to take advantage of people anywhere in the world. In 2018, Canadians alone reported more than 30,000 cybercrimes to police.
Complaints include ransomware, where a malicious software could potentially destroy a personal or institutional computer system unless a ransom is paid; data breaches, where personal information is stolen for profit; and romance scams, where fraudsters gain a victim's trust and then use that confidence to commit fraud.
To keep up with the complex demands of fighting cybercrime, Insp. Daniel Côté says Canadian police needed the NC3's structure to work with each other, the private sector, various levels of government, academia and international colleagues.
It quickly became evident that agencies should work together not only to avoid this duplication of effort but to learn from others or put resources together to be in a stronger position to undertake major investigations," says Côté, the officer in charge of Cybercrime Operations at NC3.
On the ground
In Ottawa, NC3 has 60 employees, including investigators, computer scientists, criminal intelligence analysts, policy and research analysts and intake analysts to decode and add value to data linked to complaints or potential threats of cybercrime.
We produce the intelligence by enriching the data we have — indicators of compromises, email addresses, internet protocol (IP) addresses, e-wallets and e-currency — to understand the nature of the cybercrime, where it's located or when a threat is imminent," says Côté.
The NC3 is in a position to collect the initial intelligence received from partners or open sources and present an actionable intelligence report to the proper police of jurisdiction who can then decide what action to take," he adds.
NC3 also has its people working internationally.
Sgt. Ben Hitchcock holds the Canadian liaison officer position in the Joint Cybercrime Action Taskforce at Europol.
Normally, Hitchcock, who is based at The Hague in the Netherlands, would be in an office surrounded by dozens of colleagues. But due to COVID-19, those numbers are limited.
There's your FBI colleague and officers from Norway, Switzerland, Germany, everywhere," says Hitchcock, who notes there's a formal messaging system in place to ask colleagues for help. "
But it's the informality that works. We can all communicate easily if we need something and we have all the right people at the right time working together."
While building communication channels with partners is key, so too is the need for police to become more innovative.
They (cyber criminals) are not going to go away and they're going to continue to use technology to adapt," says Lynam. "
But police have got to do that as well so we know who cybercriminals are targeting and we can warn victims to protect themselves before their information is stolen."