With everyone spending so much time online during the coronavirus crisis, cybercrime has also been on the rise. Criminals are attempting to take advantage of these unsettled times. But not if scientist Rolf van Wegberg and Master's student Jochem van de Laarschot have their way. They are working with the FIOD (Fiscal Information and Investigation Service) to help combat cybercrime.
Van Wegberg has been collaborating with the FIOD for some time now – to the satisfaction of both parties. Now, a multi-annual research programme has been launched, enabling TU Delft students and scientists to conduct independent research and become permanently embedded at the FIOD. Van Wegberg: “This brings science closer to policing and engineering students closer to the FIOD.” Their work enables science to advance, while also improving the FIOD's operational effectiveness, by means of specific methods and technologies that can be applied in practice.’
Reconstruction of dark markets
Van Wegberg: “We genuinely complement and reinforce each other. The FIOD does not always have the necessary capacity to conduct research with data on confiscated servers, for example, even though they may contain a wealth of information. Our graduating students can spend several months working full-time on that.” This has already started to deliver some great tangible results, including a calculation of the turnover achieved by dark market vendors. This calculation helps the FIOD to make a realistic estimate of the profits accumulated through illegal practices, such as the trade in drugs or stolen credit cards, with the goal to seize it.
Using the confiscated servers, it is possible to reconstruct the financial administration of the market. Van Wegberg: ‘This helps you to understand the difference between what you can observe from outside the market and how trading actually works. For our research, we had access to the financial administration of a prominent dark market. This enabled us to do the first empirical study validating the latest scientific methods to measure the turnover of dark market vendors. Normally we investigate these markets by means of scraping, a computer technique in which software is used to retrieve information from webpages – in other words, the outside of the market. We’re now comparing that to the internal market administration.’
Cybercriminals’ security measures
Van Wegberg studied criminology in Leiden, but was eager to focus more on cybercrime. After graduating, he became a doctoral candidate in the cybersecurity research group in the Faculty of TPM, where he now works as a assistant professor. Van de Laarschot learnt about cybersecurity as part of a minor. “My main interest is in the human side of technology. I’m fascinated by cybercriminals’ behaviour and what motivates the choices they make.” This is clearly reflected in his graduation project, in which he is focusing on the cybersecurity measures that cybercriminals use (or don’t). He is investigating how they protect themselves, the choices they make in this and, of course, what their vulnerabilities may be, so that the FIOD can track them down effectively. “What surprised me was the scale at which these criminal markets operate. It’s also interesting to get an insider view of the work that the FIOD does. Obviously only to a certain extent, because a lot of information is also confidential and anonymised, but you do gain an understanding of what a digital detective can do. You definitely hear some exciting stories during team meetings. This definitively adds an extra dimension to my graduation project.”
Basis of trust
The FIOD team in which Van Wegberg and Van de Laarschot are embedded is a mixture of detectives, digital specialists and researchers. They look at cybercrime from various different perspectives. The value that TPM students can add lies primarily in their ability to interpret the data. They understand the context in which the data should be placed. At the FIOD, this involves tackling crime that has a financial component. Armed with knowledge of systems theory, the students can interpret the data effectively and have time to delve into the details, but they also bring with them a certain level of creativity. A key ingredient of this partnership is a basis of trust, together with clear and strict agreements to safeguard the integrity of the policing process while still conducting independent academic research. Personal attributes – like criminals’ usernames, for example – are anonymised before the researchers can work on them. All of this contributes to achieving the shared goal: the effective and efficient policing of financial cybercrime.
Collaboration with the FIOD gives the capacity of data-driven research a huge boost. Van de Laarschot: “I think it’s amazing that I’m allowed to do research on this unique data, which I normally would never be able to access.” As far as Van Wegberg is aware, this kind of structural collaboration is unique internationally. A while ago, he spoke to an American fellow researcher who was slightly envious of this Dutch concept. “He would love to work with FBI data, for example, but agencies like that are very much closed entities and not just anyone can gain access. I’m really quite proud of this partnership,” beams Van Wegberg.