Cybercrime Lessons from HBO’s True Detective
For those who did not follow HBO’s recent hit drama, True Detective, starring Woody Harrelson (as detective Marty” Hart) and Matthew McConaughey (as detective “Rust” Cohle), it was an intense drama about a seventeen-year struggle to break a serial murder case and bring a sadistic criminal to justice. For those who do know all about True Detective, that is not a surprise.
So, what does a TV murder mystery have to do with fighting cybercrime and can we learn anything from True Detective? At first, there would appear to be little commonality between murder and cybercrime –doubly so in this case for one world is real while the other is fictional.
However, I hope that by the end of this article you will agree that, while the crimes are indeed worlds apart, the art and the act of solving them are virtually the same, albeit significantly time-shifted.
Marty and Rust were confronted with a dizzying array of information, some of it factual (at least in the series), and some of it based on conjecture. They struggled to connect what seemed important and chased down a multitude of blind alleys in search of what was real versus what was obfuscated and at best confusing.
In the end, Rust and Marty were able to connect the dots and identify the bad guy and they tracked him down and justice was served – albeit almost costing Marty and Rust their lives.
Easy enough you say. However, between knowing a killer was at large and bringing that killer to justice, was an intensive effort of investigation and analysis, over a seventeen-year period, piecing together many disparate pieces of information to come up with a solution to the mystery.
What many had believed to be several unconnected murders was in fact a collection of ritual murders that were in fact very connected, but in ways that were revealed only after deep and skillful work by Rust and Marty.
Back to the future and cybercrime.
Financial companies, especially banks and big “e-tailers,” are frequent targets of phishing campaigns and these companies spend significant amounts of money having the phishing sites taken down – usually repeatedly.
What the companies don’t know is that many of these attacks are being carried out by the same criminal. In fact, the same criminal is often attacking several brands, but again, the banks are seldom aware that often there is one serial criminal instead of these being a series of unrelated crimes by several criminals. This is the very same view the police had in True Detective. They did not see, they could not see, the connections among the various attacks.
When Marty and Rust took the time to do a deep analysis of huge volumes of data, their “mostly paper-based” version of Big Data, they were able to solve the crime – it took 17 years, but they did solve it!
Taking 17 years to solve a cybercrime would not be of much use, so Marty and Rust’s tools would not yield a timely solution today; however, their methods would and do.
To be effective in creating holistic solutions against today’s fast-striking cybercriminals, the good guys, just like Rust and Marty, must be able to connect the dots at very deep levels; but today they must do it very quickly. This is no small requirement given the fantastic volumes of data, information, and apparent disconnected aspects of the crimes.
Fortunately, it can be done. Using patented deep analytics, cyber analysts are able to show that the same cybercriminal is in fact attacking many brands, often simultaneously, and the analysts can provide deep intelligence about the cybercriminal, often providing his/her e-mail address – and in many cases, being able to show them on their Facebook pages. Perhaps more valuable from a bank’s perspective is that this deep intelligence can be used to stop or significantly reduce the cyber criminals’ attacks against the bank’s brand. A major way this is done is by showing the companies how they can make sure their scarce and expensive resources are focused most productively in the battle against the cybercriminals.
In fact, this use of actionable intelligence, used either automatically in companies’ firewalls and network devices, or used to support law enforcement when desired, is the only effective way to make progress against today’s cybercriminal. We have only to read the headlines every day to know that what may have worked yesterday in preventing cybercrime (it really didn’t work) will not work today against the more sophisticated cybercriminal.
Many “cyber solution” companies claim they provide this “actionable intelligence,” just like many companies claim to be in the “Big Data” business. The simple test of this claim is for a prospective customer to demand proof. If the company cannot demonstrate and validate that it can provide real actionable intelligence, then all they have is an ad campaign. If they do have the actionable intelligence, they will be able to show it clearly and convincingly.
Really “True” Detectives are hard to find. However, it takes true cyber detectives, using real intelligence and sophisticated methods, to unmask and prevent today’s cybercriminal.
When you need one, be sure to get a True Detective!