FERM has set out on an information campaign regarding storage spoofing and the various ‘suppliers’ who offer non-existent stocks in the port of Rotterdam. In Part I we introduced the subject with Ronald Backers, Business Intelligence Adviser for the Port of Rotterdam Authority, and in Part II we looked into several real-life examples of attempted fraud.
The third and present article was written in collaboration with Public Prosecutor Jacqueline Bonnes (Cybercrime and Digital Evidence) about experiences and recommendations of the Public Prosecution Service.
[this article in Dutch? Click here]
The police are responsible for the practical side of criminal investigations. They collect evidence, interview witnesses and victims, and arrest suspects. And they are required to keep a complete record of the case in the form of an official report. However, the Public Prosecution Service has ultimate responsibility for investigations. The police have to render account for their actions to one of the officers of the Public Prosecution service, known as the public prosecutor.
“Over the past two years, we have seen five or six companies reporting that they were victimised by this form of cybercrime,” says Bonnes. Except these companies weren’t defrauded buyers, but entrepreneurs whose website was copied in order to dupe potential ‘marks’. “These incidents are difficult to resolve, because as soon as one of these websites is taken offline, another one pops up somewhere else.”
“What’s more: identifying the perpetrators is very complicated, since it’s often very difficult to retrace their digital tracks due to VPNs or Tor. Besides, in itself, copying a website isn’t illegal. However, we can support companies that are affected by this issue via legal procedures, by taking the websites offline or having them destroyed.”
For example, in the case of one of the victimised companies, the General Manager’s name had been abused to lend credence to the attempted scam. At that point, the Public Prosecutor’s office is allowed to intervene: abuse of someone’s personal details has been a punishable offence since 2014.
The office of the Public Prosecutor does not have any concrete examples of victims who actually paid for non-existent storage or products. “Even though there’s still a lot we can do immediately after someone has filed a report. Particularly when money’s involved – via Europol, we can retrieve a payment far more often than you may think.” But presumably the affected companies aren’t based in the Netherlands, meaning that the Dutch Public Prosecutor isn’t their point of contact. “That is why our main focus is on prevention and intervention to minimise reputation damage: a legal interest that needs to be protected.” In other words, prevent the port from gaining a bad name because storage spoofing and other forms of cybercrime disrupt day-to-day trading.
If criminals nevertheless manage to pull off a successful storage spoofing scam, the main thing for the affected company – and by extension the police – is to collect as much information as possible. Websites, contact information, telephone numbers, IP addresses – you name it. And similar to many cases of cybercrime, an attempt to defraud is already a perfectly legitimate reason to notify the authorities. Both the police and the companies themselves can use the collected data to map out the current situation. “That’s why we are very glad that FERM and the Port Authority are paying attention to this issue. Because information is a very important part of prevention.”
Something already hinted at in previous articles in this series is that information awareness plays a key role. “Besides offering information and support, we also call on entrepreneurs to shoulder their own responsibility, since this can nip a lot of these problems in the bud.” Entrepreneurs will need to be more than simply ‘be aware of the issue’. We can show them where the threats lay, how to recognise an attempted scam and how to handle it. But you also need to arm yourself pro-actively as an organisation.
By asking questions like ‘Why aren’t all our communications encrypted?’ for example. Or ‘Why don’t we consistently check the https connection?’ ‘What kind of chain security measures have we taken; what kinds of barriers – physical and digital – have we raised to keep out cybercriminals?’ Bonnes: “Through intelligent collaboration, consultation and sharing all relevant information, we can actually devise new barriers against this fraud. Indeed, that’s what makes the Port ISAC such an important initiative. We hope to build a community that actively encourages prevention.”
BEING ‘FERM’ – STANDING OUR GROUND
What’s more: we can also learn a lot by looking at what the other side’s up to. Because regardless of what we do to keep them out, malicious parties/hackers/criminals will always find a new ‘loophole’.
Which isn’t to say that all smart people are working for the ‘baddies’, emphasises Bonnes. “Because we’re not sitting still either. Just consider the results achieved by Rotterdam’s Seaport Police, or the National Police Force’s Team High Tech Crime.” Or the work put into nomoreransom.org. “Make no mistake, we’re in the majority here on the right side of cybersecurity – but we have to work together.”
REGIONAL SECURITY ALLIANCE
And finally, we’d like to mention another interesting development: VeiligheidsAlliantie regio Rotterdam (Rotterdam Region Security Alliance, or VAR). This partnership between 32 municipal administrations, the police and the Public Prosecutor’s office in the Rotterdam region also pays a lot of attention to cybercrime.
Within the region, VAR serves as a platform for sharing knowledge and experiences. In addition, VAR contributes to regional collaboration between partners by actively identifying issues, putting them on the agenda, launching new initiatives and connecting different parties. And VAR has a keen eye for the diverse nature of security issues in the region. Ultimately, these issues are best handled via local, tailor-made solutions.
The VAR initiative was born from a wish on the part of various regional mayors to play a key role for SMEs in this context – just like FERM. Indeed, the two platforms communicate the same basic message.
Bonnes: “Get out there and help each other, work together. The SME sector has insufficient protection in place.” Checking out the website – and specifically the cybercrime section (available in Dutch only) – is definitely worth your while. Here, you can find figures and background stories, documentation about data security and information about the role citizens and entrepreneurs can play in increasing awareness and prevention.
Read our first article here, the second article here and check out the current blacklist of fake websites. Tips, advice or information on current cases? Please find us at firstname.lastname@example.org.
Sluit je aan bij FERM
Blijf alert. Installeer patches en let op phishing mails. En -voor alle bedrijven in de Rotterdamse haven- sluit je aan bij FERM. Zodat je daarnaast ook acute dreigingsinformatie kunt ontvangen en vragen kunt stellen aan de vertrouwde community om je heen. Dat blijkt in de praktijk erg nuttig te zijn voor bedrijven van klein naar groot, van mkb (zonder eigen IT) tot aan de grote multinationals.
Participeren in FERM is nu tijdelijk kosteloos uit te proberen!
Kijk voor meer informatie op ferm-rotterdam.nl/lid-worden.