Utter incompetence of high-level officials is not exactly a scarce phenomenon. However, it’s rarely displayed so vividly as it was by Troels Oerting, the head of Europol’s Cybercrime Center, in his recent interview with the BBC’s Tech Tent radio show.
Mr. Oerting proudly declared that international law enforcement just needs to target a “rather limited group of good programmers.” He went further, proudly stating “We roughly know who they are. If we can take them out of the equation then the rest will fall down.” Voila, easy and simple. Arrest the 100 known dudes and cybercrime disappears. He didn’t specify what it means to know “roughly”–you either do or you don’t, and that is exactly, not “roughly.”
The man obviously hasn’t a clue. The trouble is that he’s speaking for Europol and the EU. And the idea that the EU’s main cybercrime law enforcement unit assesses the cybercrime situation this way is truly troubling. It would simply mean that the cybercriminals don’t have much to worry about.
The reality is drastically different. There are many thousands of programmers around the world good enough to hack most of the attractive targets. Many of them, for one reason or another, are disappointed with their employment or personal situation. Given the current dire state of our cybersecurity, making a few bucks off easy targets is really tempting. This temptation looks even more attractive if the target is a rich bank or some large allegedly unethical company. This often satisfies the conscience of many of the hackers. The continuing deterioration of the European economy worsens the situation.
Add the “script kiddies” to the equation and Mr. Oerting’s job becomes even harder than he probably can envision in his worst nightmares. He should also know that really good programmers only publish their crumbs for the script kiddies, scripts they developed long ago. They keep their best stuff for themselves.
Furthermore, many of these off-the-grid programmers have their own very large botnets capable of performing rather sophisticated operations that they can offer to all sorts of customers as a service.
All in all, Mr. Oerting should urgently realize that he is mainly dealing with the mediocre cybercriminals who are not good enough to be stealthy. Really good “top-100” programmers don’t get caught. I wouldn’t be at all surprised if one of them, having read Mr. Oerting’s statements, would hack his next target through this top EU cyber cop’s computer, just to demonstrate the point.
EU Cyber Incompetence
Leave a reply