The Cybercrime Atlas is an initiative sponsored by the World Economic Forum (WEF) Partnership Against Cybercrime. While it is still in the prototype stages, it is designed to provide a platform for academic analysts, cybersecurity companies, national and international law enforcement agencies, and global businesses to share knowledge about cybercriminal ecosystem. At its core, the Atlas project is a database about cybercrime. The information can come from government alerts, cryptocurrency analysis companies, platform providers, court records, and publicly available materials – anything that analysts find relevant. to understand the entirety of the criminal ecosystem. Analysts can use this database to create many different views or maps of different parts of the cybercriminal ecosystem. For example, an analyst may be interested in ransom payments and may use Atlas to help understand how illicit funds operate. Another may be interested in identifying platforms that appear to host large numbers of criminal actors. Another “map” or perspective may focus on the relationships between different criminal groups. By creating an international repository of information based on public data and voluntary information sharing, cybersecurity practitioners can create tools that enable them to fight cybercrime more effectively.
Cybercrime is big business. While reliable statistics are hard to come by, estimates of the global cost of cyber crimes range from trillions to tens of trillions of dollars per year. Regardless of the exact figure, cybercrime clearly drains significant resources from the global economy and poses a major threat to global security and prosperity.
Why is the problem so big? Cybercrime has several characteristics that make it difficult for governments to fight:
- It has an inherently transnational structure, while law enforcement operates within national borders.
- Some nation-states harbor and protect cybercriminals, while others turn a blind eye, and still others lack the capacity to combat the problem.
- Defenders lack systematic knowledge and insight into the full range of cybercriminal activities, which in turn prevents effective targeting.
- Cybercrime groups have evolved from two or three people working together to large, distributed organizations with vast, complex, and sophisticated infrastructures that are difficult for any single entity to understand.
- The sheer volume of data on the global internet makes it difficult to separate malicious activity from “noise.”
- The internet allows criminals to scale in the same way that legitimate businesses do, but it also allows them to obfuscate their true numbers, locations, and identities.
Overcoming these challenges will require innovation and adaptation in many areas, such as updating international legal regimes and making operational collaboration between the public and private sectors a regular occurrence. Another key area for innovation involves understanding the nature of the criminal ecosystem.
Understanding the Cybercrime Ecosystem
Although it may seem strange to use the term “ecosystem” in crime, it accurately describes the way cyber criminals operate. Cybercriminals are no longer just disaffected people who wear hoodies and live in their parents’ basement. Instead, they tend to operate in loose, distributed teams and exist within a large network of suppliers, coders, buyers, financiers, and partners. Few criminals carry out an entire operation from start to finish without support from another person. While this complexity provides many benefits in terms of efficiency and effectiveness, it also creates an opportunity for law enforcement and defenders, if we can take advantage of it. By relying on a vast ecosystem to carry out their activities, cybercriminals make themselves more vulnerable.
This is where the Cybercrime Atlas project comes in. Atlas is an initiative sponsored by the World Economic Forum (WEF) Partnership Against Cybercrime, designed to reduce some of the characteristics that make cybercrime difficult to combat. Specifically, the Atlas initiative will provide a platform for academic analysts, cybersecurity companies, national and international law enforcement agencies, and global businesses to share knowledge about the cybercriminal ecosystem. During their initial standup, WEF will host the secretariat for the project, supported by Fortinet, Microsoft, Paypal, and Santander. Other organizations, such as the Cyber Threat Alliance, will also support the initiative through in-kind donations of time and capabilities.
Mapping the Cybercrime Ecosystem
At its core, the Atlas project is a database about cybercrime. While a database may seem a bit pedestrian or anticlimactic compared to the scale of the task, the power of correlating and integrating information should not be underestimated. In addition, the information in this database is not just random bits of data, nor is it limited to technical indicators of compromise that are commonly shared by cybersecurity companies. Instead, it brings in a wide variety of data from many different types of sources. The information can come from government alerts, cryptocurrency analysis companies, platform providers, court records, and publicly available materials – anything that analysts find relevant. to understand the entirety of the criminal ecosystem.
As a result, analysts can use this database to create many different views or maps of different parts of the cybercriminal ecosystem, hence the name “Atlas.” For example, an analyst may be interested in ransom payments and may use Atlas to help understand how illicit funds operate. Another may be interested in identifying platforms that appear to host large numbers of criminal actors. Another “map” or perspective may focus on the relationships between different criminal groups.
These diverse perspectives support a wide range of activities, from the private, non-profit, and public sectors. A platform like Microsoft can use Atlas information to support legal action against actors who abuse their services, while banks can use a payment map to try to recover what has been stolen. that money. Law enforcement agencies can use an infrastructure map to identify targets for disruption or seizure. The list goes on. Based on past experience, the Atlas project is likely to support analysis that we cannot yet anticipate.
These maps have many benefits. First, they identify the areas where criminals are most vulnerable by highlighting a single point of failure. Second, because it will rely primarily on open-source information and private sector information, they will help governments target intelligence and law enforcement resources against gaps that cannot be filled by the private sector. sector while avoiding areas where the private sector is already abundant. in understanding. Such focus will make law enforcement and intelligence gathering more efficient and effective. It can even shed light on the makeup of criminal groups, making it harder for a group that seems like 1,000 people when it’s only 10. it is easier to correlate the research and findings.
By creating an international repository of information based on public data and voluntary information sharing, cybersecurity practitioners can create tools that enable them to fight cybercrime more effectively. But regular businesses benefit greatly from a project like the Cybercrime Atlas as well. Preventing cybercrime will reduce not only the current economic burden of malicious activity such as ransomware, but it will also enable businesses to continue expanding the services they offer online. Without changing its course, rampant criminality in cyberspace will inevitably push some, perhaps many, consumers and organizations to withdraw from the digital ecosystem. It is not a law of nature that more activity will occur in cyberspace, and such retrenchment is possible if we do not make cyberspace more secure.
As of mid-2023, the Cybercrime Atlas is still in the prototype stage. As a leader of an information sharing organization, I have no illusions about the challenges involved in making a project like the Cybercrime Atlas successful. However, its foundation is solid and its promise as a tool to help defenders, law enforcement, and other analysts navigate the criminal landscape. Because of what is at stake, we have an obligation to use every tool at our disposal to prevent the destructive threat posed by cybercrime.
