3 continents, 8 countries and one cyber attack on a fake petrol company
National Crime Agency: International test proves everything's just hunky-dory
Organisers are praising the success of a multi-nation exercise – hosted by the UK – that aimed to test response to serious cyber crime.
Exercise Silver Shadow, which was run by the National Crime Agency (NCA)’s National Cyber Crime Unit (NCCU), funded by the Foreign and Commonwealth Office and supported by the Home Office, saw officers from eight different countries come together to assess their collective response to a simulated cyber attack on a fictitious international petroleum company.1
The exercise took place over a week, starting on Monday 30 November at the Cabinet Office’s Emergency Planning College in North Yorkshire and tested how investigators and prosecutors would work together in the event of a complex criminal incident spanning several different legal jurisdictions.
The exercise was made as realistic as possible by limiting communication between teams, perhaps as if the attack had also affected communications or just to replicate nigh-on inevitable language and logistical barriers.
One aim was to stress test people by putting them through a life-like scenario. Silver Shadow also offered an opportunity to develop stronger operational partnerships between investigation teams and prosecutors. Exercise Silver Shadow follows a pilot event, Exercise Silver Pilot, to test and develop the interoperability between the UK’s cyber crime units, and cyber units within the Regional Organised Crime Units (ROCUs), Police Scotland and the Police Service of Northern Ireland (PSNI) back in October.
In a statement, Jamie Saunders, director of the NCA’s National Cyber Crime Unit, said: “Together, Silver Pilot and Silver Shadow form an important part of the NCCU’s efforts to prepare the UK response – at regional, national and international levels – to the ever-changing cyber crime threat."
“Cyber crime is by its very nature international, with many of the criminals and the technical infrastructure they rely upon based overseas, and yet its impact is felt by real people and real businesses in communities across the UK,” he added.
Representatives from Bulgaria; Georgia; Lithuania; Moldova; Romania; Ukraine; the UK, represented by the NCA’s NCCU; and the US, represented by the FBI, were all involved in the exercise. A representative from Europol’s Joint Cyber Action Taskforce (J-CAT) also took part.
The event platform was a specialist Serco service called cybX, designed to prepare both private and public sector organisations for preventing and respond to serious cyber attacks.
A video (below) featuring Saunders summarises the main aims of the exercise.
Russia and Ukraine are often seen as global cybercrime hubs. Ukraine was represented but not Russia, an absence that’s not difficult to understand in the context of international sanctions against the country over the conflict in the Ukraine. Even before then, co-operation with Russia on cybercrime efforts was irregular but not unprecedented, as evidenced by a successful prosecution of Russian nationals for running a DDoS extortion scam against UK bookmakers back in 2006.
1The scenario of the attack has parallels with one of the worst cyber-attacks ever recorded: the wiper malware-style infections against the enterprise PC networks of Saudi Aramco back in 2012. Iran is the chief suspect is that attack as well as the similar assault on RasGas weeks later. It’s a credible scenario to imagine that hacktivist types or (slightly more of a stretch) ransomware-slinging cybercrooks might also target an oil firm.