Tag: cyber crime

UWE Bristol Capture The Flag Falcons take flight

Author Anna Jones | Posted on

By Ian Caple, MSc Cyber Security student (September 2023 cohort)

Saturday 24th of Febuary saw the birth of a new student-led cyber security initiative, UWE Bristol Capture The Flag Falcons (CTF). Students from across the school of computer science came together to take part in a CTF competition. Undergrads and Postgrads alike took part in a series of cyber security related challenges from Web exploration, cryptography, digital forensic challenges such as hacking veracrypt containers.

In teams of 2 or 3, students battled their way through a series of challenges, hacking their way in ir exploiting vulnerabilities to gain access to areas they shouldn’t be to find the flags.

17 students in all took part giving UWE CTF Falcons a great starting point for the future of the Falcons. After 8 eventful hours that saw every team overcome multiple challenges the CTF challenge was won by The Phishermen – 3rd year BSc Cyber Security and Digital Forensics students Harvey Keane, Callum Duncan and Ash Floyd, who captured a staggering 13 of 15 flags.

But the real winners was everyone who took part and can say they were they when UWE CTF Falcons took flight.

A huge thank you and honourable mention needs to go to our teaching staff Alan Mills and Jon White for helping us set up the challenges and making the day as much fun as it was!

UWEcyber students and CyberWomen@UWE support Cynam EmPowerCyber to inspire 1000 year 8 schoolgirls

Author Anna Jones | Posted on

The recent “EmpowerCyber 2023” cyber outreach event, hosted by Cynam in Gloucester was attended by 1000 Year 8 schoolgirls from across the region and supported by 30 different industry partners.

The event aims to ignite curiosity and empower young girls to explore the incredible opportunities in the world of cyber security, opportunities they may not have otherwise considered. This works towards addressing the UK’s digital skills gap and striving for better female representation in the cyber workforce.

The UWECyber team, supported by our BSc Cyber Security and Digital Forensics, and MSc Cyber Security students, hosted a “Future Funfair” event. The event uses Lego-based funfair rides to where simulated attacks on cyber physical systems can be investigated and mitigated against by the students. These scenarios bring to life the importance of cybersecurity in everyday technology, from safeguarding personal data to protecting national infrastructure.

The CyberWomen@UWE

Additionally the CyberWomen@UWE group provided a cryptography-based murder mystery event. This challenging and exciting activity immersed the girls in the world of digital sleuthing, decrypting messages, and solving cyber puzzles. It was a powerful demonstration of how cyber skills can be applied in creative and critical thinking scenarios.

The involvement of 30 different industry partners was instrumental in the success of EmpowerCyber 2023. Their contributions offered valuable insights into the real-world applications of cyber and STEM skills, showcasing a wide array of career possibilities in these fields. This industry collaboration also highlighted the growing need for skilled professionals in the cybersecurity sector.

The UWE Cyber team
Supporting the students

Through initiatives like EmpowerCyber 2023, cyber outreach activities play critical role in reducing the gender gap in STEM and cyber fields. By capturing the interest of young girls at a crucial stage in their education, this event has laid the groundwork for nurturing a generation of empowered, cyber-aware women ready to take on the challenges of tomorrow’s tech landscape.

UWE Bristol researchers conduct first longitudinal study on evolving vulnerabilities in cloud and application security 

Author Anna Jones | Posted on

A team of UWE Bristol researchers have conducted a major new study into the evolving security landscape of modern cloud infrastructures. The study, recently published in the Computers and Security journal, investigates container security for over 400 applications and services over a 9-month period, to assess what the security vulnerabilities of these services are, and the frequency of when these vulnerabilities are resolved. The findings show many cases where vulnerabilities remain persistent even when updated versions of the application are released. However, we also investigate the real-world nature of these vulnerabilities, to assess the true risk of utilising these services in both local and remote settings, recognising that whilst some security scans may highlight a vulnerability, the vulnerability can not actually be exploited given the use case of the application. 

Alan Mills, lead author of the study says “Container security is a growing area of concern, with the increasing use of micro-services we need to ensure that cyber security keeps pace, while avoiding common pit falls around vulnerability assessment. By assessing container security over an extended time-period and analysing our results from multiple areas, all with a focus on real world risk, we present findings which inform further academic studies and industry-based decision making.”

The study was conducted in collaboration with Jonathan White and Professor Phil Legg. Alan is currently a Lecturer in Cyber Security studying for a part-time DPhil on the topic of container and cloud security.

The paper, Longitudinal risk-based security assessment of docker software container images, is now available as Open Access from the Computers and Security journal.

Cybersecurity Outreach for Young Minds: UWE Bristol’s Annual Unlock Cyber Taster Day for Schools

Author Anna Jones | Posted on

By Jonathan White, Senior Lecturer in Cyber Security

Last month, UWE Bristol was proud to host the annual Unlock Cyber Taster Day. Taking place in the School of Engineering building on the Frenchay campus, the day was attended by approximately 350 students aged 12 to 14 from schools across the region.

The event was run by Unlock Cyber, an employer-led initiative established by UWE Bristol to build a community of young cyber security enthusiasts with the right skills to follow a career into the sector. 12 industry partners come together for the day to provide a wide range of cyber security related activities in which the students participate. UWECyber demonstrated a new event this year using Lego Funfairs and Raspberry Pi’s to simulate attacks and mitigations against Cyber Physical Systems.

The Unlock Cyber taster day

The significance of cyber security outreach initiatives like the Unlock Cyber Taster Day is manifold:

  • Raising awareness of the risks and importance of cyber security: Students can gain knowledge regarding various cyber threats, online safety practices and the significance of protecting their digital lives.
  • Developing interest and curiosity: By engaging in hand-son activities, demonstrations and workshops, students can develop a genuine interest in the subject area, potentially inspiring them to pursue careers in cyber security or related fields.
  • Skills development: By providing interactive sessions where children can learn practical skills such as coding, ethical hacking, or data protection, they are introduced to fundamental concepts and tools used in the industry, thereby being better able to protect themselves and others from cyber threats.
  • Fostering critical thinking and problem-solving abilities: The events often require analytical thinking, problem-solving and creativity and participating in these activities can enhance these abilities, which can support students in a wide variety of aspects in life, not just cyber security.
  • Promoting diversity and inclusion: Like many STEM fields, cyber security has traditionally been male dominated. Inspiring children, especially females and underrepresented groups can help break down barriers and encourage diversity in the industry. By showcasing successful role models and providing for inclusive environments, these events can inspire children from all backgrounds to pursue a career in cyber security.

UWE Bristol researchers develop novel defence against adversarial machine learning attacks on Cyber Security Intrusion Detection Systems

Author Anna Jones | Posted on

As cyber attacks evolve in their sophistication, Intrusion Detection Systems (IDS) have often been seen as a way to mitigate threats on computer networks.

Yet, attackers continue to evade detection and cause disruption through the spread of malicious software and other common attack processes. There is a growing trend of being able to evade machine learning systems to conduct attacks, by effectively compromising the intended functionality of the machine learning system.

Recent work by Andrew McCarthy, a PhD student at UWE Bristol studying cyber security analytics, has been able to demonstrate both the feasibility of conducting such attacks against Intrusion Detection Systems, as well as proposing a novel approach to combat against the vulnerabilities that machine learning classifiers may exhibit.

Whilst the domain of adversarial machine learning often addresses computer vision systems, this cutting-edge research applies these concepts in cyber security, to understand what future threats may look like, and how best to develop Intrusion Detection Systems to avoid such vulnerabilities.

The results of Andrew’s recent PhD work have just been published in the high-ranking Journal of Information Systems and Applications (Elsevier). Andrew is in the final stages of completing his PhD study, working with Professor Phil Legg (Director of Studies) and supported by industry partner Techmodal through the UWE Partnership PhD scheme.

The full paper is available online.

Transformation of Suspicious Activity Reporting to combat Financial and Cyber Crime

Author Anna Jones | Posted on

An integral part of how the United Kingdom tackles money laundering criminality is through the use of Suspicious Activity Reports (SAR). These were first introduced in 1986 by the Drug Trafficking Offences Act, and have evolved through the 2002 Proceeds of Crime Act and the 2019 Money Laundering Regulations. Organisations may file a SAR with the National Crime Agency if they believe they are being utilised as part of a money laundering campaign, however over the years the effectiveness of SARs have been questioned. For example, its deficiencies included an ineffective SARs database, weak monitoring of enforcement outcomes, inadequate training and the lack of government support for the scheme.  It has therefore been suggested that SARs are under-used by law enforcement agencies, and law enforcement bodies continue to have poor management information on how SARs are utilised.

To address this concern, a multi-disciplinary team of UWE Bristol researchers are working with Synalogik Innovations to overcome the shortcomings of the UK Suspicious Activity Reporting scheme, in collaboration with Cardiff University and University of Reading. The multi-disciplinary team of academics includes Phil Legg (Professor of Cyber Security, UWE), Sam Bourton (Lecturer in Law, UWE), as well as Nic Ryder (Professor of Financial Crime, Cardiff University), and Dr Henry Hillman (Lecturer in Law, University of Reading). The team have a long-standing history of working with Synalogik Innovations, in relation to identifying and mitigating against Counter-Terrorism Financing and Organised Crime Groups through the use of technology. In this latest Innovate UK project, the team will explore how Natural Language Processing can aid the creation of SARs, as well as the verification of information presented, and the identification of further supporting information, using the SCOUT platform developed by Synalogik Innovations. With an improved search capability to facilitate the creation and reporting of SARs, we aim to provide a more efficient approach that can help reduce the time in understanding and responding to threats in our society.

Measuring the Suitability of Artificial Intelligence in Autonomous Resilience for Cyber Defence

Author Anna Jones | Posted on

Artificial Intelligence has attracted wide use in many aspects of society, from facial recognition and recommendation systems, through to predicting crime rates and autonomous vehicles. AI technologies are widely used in defence, including how agent-based systems can detect and respond to cyber threats when under attack from adversaries.

Whilst this continues to be a ripe area of research, there are important questions to be asked about the suitability of AI within autonomous resilience for cyber defence, relating to the usability of AI, specifically on how end users may utilise the decisions that are generated by an AI defence system, and how an end user can better understand and reason about how the decisions of the AI are formulated.

UWE researchers Professor Phil Legg and Andrew McCarthy are working with TRIMETIS and PA Consulting to address this important research question, supported by QinetiQ and the Defence Science and Technology Laboratory (DSTL). The project is part of the SERAPIS Framework that supports rapid research and innovation to supply into the UK Ministry of Defence.

This programme of research will impact on how the UK can better identify, investigate and respond to threats in the cyber domain, as well as the impact of cyber across traditional defence areas of land, sea, air and space, and understand the role that artificial intelligence and agent-based systems will have in maintaining the defence and security of the UK.

UWE Bristol research to help uncover and mitigate against hundreds of online public software supply chain vulnerabilities

Author Anna Jones | Posted on

Many software and cloud platforms rely on the use of containerisation, a modern technique of deploying multiple software services quickly, securely and efficiently on large-scale cloud computing resources such as Microsoft Azure and Amazon Web Services (AWS). Platforms such as DockerHub provide an online repository of over 100,000 ready-to-deploy containers that are used widely in many of today’s modern software platforms. Whilst this offers great convenience for development teams, many of these containers may exhibit vulnerabilities, which if not managed, can introduce vulnerabilities into a company software stack. Recent security issues such as the log4j vulnerability and the Solarwinds Orion attack highlight the growing concern around software supply chain security, the dependencies that are made by development teams on third party software, and the implications of identifying and remediating such vulnerabilities later down the line.

As part of our CSC3 research, Alan Mills, Jonathan White and Phil Legg, have developed a suite of docker security visualisation and remediation tools: OGMA and BORVO. The suite of tools enable developer and security teams to quickly identify vulnerabilities against a variety of container security scanning platforms. Results from existing scanning tools can often differ or conflict, and so our aggregated approach helps provide a unified analysis to address conflicts and provide a visual means for thorough examination the results. Our approach also provides a more intuitive risk assessment that considers the true impact of vulnerabilities, such as how easily the vulnerability could actually be exploited by external or internal actors. Furthermore, the suite also provides developers with informed assessment of how to remediate the security issues whilst preserving the intended software functionality that is dependent on the container.

Our research paper “OGMA: Visualisation for Software Container Security Analysis and Automated Remediation” has been peer-reviewed and accepted for the IEEE Conference on Cyber Security and Resilience where the work will be presented and published at the end of July. We will also be sharing our insights in our related presentation on “Securing the Supply Chain – Practicality v Paranoia” at the upcoming BSides Cheltenham conference this weekend, which is a community-organised event for the regional cyber security industry and enthusiasts, and follows our lightning talk on software supply chain security delivered at CYBERUK 2022 earlier this year. OGMA and BORVO are both released as open-source applications that we have made available to the wider research community, to facilitate the examination and remediation of software vulnerabilities in containerised applications. For more details, including how to download and use the tools, please visit our GitHub page.

CYBERUK 2022

Author Anna Jones | Posted on

By Professor Phil Legg

Earlier this month saw the UK Government host their flagship annual cyber security conference, CYBERUK 2022, that brings together government, industry and academia. Hosted in Newport, South Wales, there were thousands of attendees from major corporations, global government leaders, and the UK academic communities that work closely with the National Cyber Security Centre to understand the technical, economic and social challenges around modern cyber security and its position in today’s world. 

Ransomware, organised crimes groups, and nation state attacks, were all key agenda items up for debate. We heard talks describing how the average cyber-attack is now estimated to cost £2.2 million in terms of the remediate impact that organisations face, be that information, operational and asset-based losses, reputational damage, legislative costs, and other financial implications. We heard discussion about the recent log4j crisis that has hit businesses around the globe, that emphasises the challenges around software supply chain security, and understanding the different software components, be that open-source or proprietary code bases, that make up an organisation’s platform for conducting business. Perhaps one of the most poignant moments of the event was hearing from victims of cyber crime – specifically those tasked with defending their organisations, their staff, and their customers – and hearing about the human impact of cyber crime and the full range of emotional turmoil that people have been thrown into. The recent events in Ukraine and Russia highlight this further, as we have witnessed cyber attacks as part of warfare. As we live in a connected society, there is no doubt that our online and offline worlds are now as one. 

Education will always sit in the centre of cyber security and cyber crime, since prevention will always be greater than the cure. That is why the work of the Cyber Security and Cyber Crime Research Cluster, coupled with the work of our NCSC Academic Centre of Excellence in Cyber Security Education (ACE-CSE) continues to play a vital role in how we can identify, mitigate, and prevent against criminal activities and the dangers that they pose to our connected society. 

Targeting the Proceeds of Darknet Market Crime: A Familiar Unending Struggle?

Author Anna Jones | Posted on

Dr Matthew Robert Shillito

Leading Darknet markets such as Hydra, World Market, and Cypher have long attracted law enforcement attention. They provide access to illicit goods and services (such as drugs, fake identity documents, and hitmen for hire), under the cover of anonymity afforded by the technology used to access them, namely the Tor browser and Virtual Private Networks (VPNs). To maintain that anonymity throughout the whole process, cryptocurrencies are utilised as the payment method of choice.

So, why is the old-adage of ‘follow-the-money’ so important, in this context? Well, provided there are no human errors prior to accessing Tor, and that the marketplace has not been compromised (e.g. by law enforcement accessing servers), then it is the payment stage where users are potentially most vulnerable and information can be pieced together. Users have placed their faith in the marketplaces’ chosen cryptocurrency, betting that it will sufficiently mask their identity. If it does not, then it can serve to undermine the earlier browsing anonymity achieved by utilising Tor and a VPN. As a result, law enforcement success in this area can prevent crime from paying, and send out a deterrent message to criminals.

Where success is achieved, it is principally due to the public (open) nature of many blockchains and the increasing use of public-private partnerships to harness private sector resources and technology in investigating blockchain transaction data. Further, once law enforcement has a lead, the fact traditional anti-money laundering obligations (such as know-your-customer) have been placed on digital currency exchanges can result in the uncovering of identifying information.

However, whilst there have been some high-profile, successful, Darknet investigations (e.g. Silk Road, Alphabay and Hansa) overall, law enforcement has struggled to consistently get to grips with the challenge these markets present. Indeed, evidence from Chainalysis suggests that other than two small blips, both revenue and total transfers to Darknet Marketplaces have strongly increased year-on-year since 2011.

Why then, has success been so hard to come by? Fundamentally, Darknet investigations can and have taken years to come to fruition. They are impeded by many of the same basic issues that face traditional financial crime investigations, lack of resources and insufficient law enforcement training. When this is coupled with age-old issues surrounding international criminal cooperation, such as: language barriers; cultural & legal differences; and competing priorities; it makes for a particularly difficult albeit entirely predictable challenge.

The challenge is further exacerbated by the techniques criminals use to launder their cryptocurrency. Methods include: operating numerous wallets; use of unlicensed exchanges and buying cryptocurrency ‘locally’ (away from exchanges); use of tumblers / mixers to obscure funds; and switching funds for other payment forms e.g. pre-paid cards, to cash out. Again, if these seem familiar, it’s because they are traditional techniques that we have struggled to overcome, adopted for this new criminal arena.

If that is not tricky enough, darknet criminals do have some unique crypto bows to their string. They are increasingly utilising cryptocurrencies that are more privacy based, such as Monero , as their blockchain’s cannot be searched in as useful a way. Further, Darknet markets are increasingly self-closing in the belief that this makes it harder for law enforcement to establish a paper trail to all criminal activity conducted there. Certainly, given the way the Darknet works, this creates an issue in terms of evidence gathering.

But, perhaps the most significant challenge of all is confiscation. A determined criminal can simply refuse to hand over cryptocurrency and there is little law enforcement can do. Efforts have been made to induce compliance, such as adding additional time to a sentence. But, it can be questioned how persuasive that would actually be.

Whilst the recent announcement by the US Department of Justice that they are forming a specialist ‘digital currency unit’ is to be welcomed. That these challenges are predominantly long-standing unresolved issues suggests they’re not about to be overcome anytime soon. This coupled with tech specific complexities, and the potential impossibility of confiscation means law enforcement face a tall order to deter Darknet marketplace crime.

Back to top