New Tools for Anticipating and Preventing Cyber Attacks

April 2023

How investigators are using Artificial Intelligence and Machine Learning to shut down cyber gangs

For some people, the phrase “cyber gang” might sound like a horde of half-robot, half-humans rampaging through the streets. Fortunately, the phenomenon is far less dramatic, but still potentially harmful. By the most general definition, a cyber gang is a group of people who act in concert to use computer and internet capabilities for a common (usually illegal or questionable) purpose. This threat has expanded exponentially over the years, to the point at which the global scope of it is difficult to even estimate. It includes groups who gain profits from various direct attacks, politically motivated groups attacking information and infrastructure systems of their opponents, and ideologically motivated groups who use subtle online manipulation to sway public opinion. Unlike lone hackers, who are limited in many ways, these cyber gangs often have the manpower, resources, and combined skill sets to create massive consequences around the world.

Some of the most common cyber gang activities are simply profit-motivated, ranging from phishing and service denial attacks to cyber-facilitated trafficking of drugs, weapons, counterfeit goods, and (of course) financial and personal information. Sam Holt, Senior Solutions Architect for Voyager Labs and cybercrime investigations expert, has researched cyber gangs for years. He states, “I personally have worked on cases with 3D printed weapons, ghost guns, human trafficking, and even the trafficking of human organs.” With a global economy and advanced digital communications, even crimes involving material exchanges usually have a cyber component to their planning, logistics, and financial transactions. The more complex and global the criminal network, the more likely it is to employ a team of cyber experts to ensure successful operations.

Some gangs generate massive profits through purely digital means, fabricating and promoting new cyber currencies to gain investments. They create hype through social media influence to get people to buy a new cyber currency and then do a “rug pull” after enough money has been generated. This leaves the investors with nothing, and the gang with a fortune.

Other cyber gangs are more politically or ideologically motivated, including those who use social media to create controversy, stir emotions, and rally the masses to attend protests and other events. Mr. Holt explains that one of the most insidious activities of cyber gangs is “Sentiment adjusting” through social media bots to elicit responses from specific users. He states that, in some cases, these bots are created to look like real people who are acting organically in their online communications: “They elicit responses, sometimes getting 10,000 to 100,000 likes to adjust the opinions of perhaps only 10 influential people.” A fabricated wave of public opinion can put pressure on leaders to bend to what they are led to believe is the will of their constituency. In fact, some leaders follow certain social media platforms very closely in order to gain insights into the thoughts, desires, fears, and conspiracy theories of their target audiences. When cyber gangs influence these leaders by manipulating their perception of the public thought trends, the gangs begin to create the narrative and influence political reality.

The good news is that the professionals who investigate the activities of cyber gangs now have an impressive array of tools at their disposal, including the latest in digital investigation solutions leveraging artificial intelligence (AI) and machine learning (ML) technology. These systems can analyze publicly available open-source data to provide valuable insights into the activities and network structures of cyber gangs. This type of technology can help the user to trace activities back to their sources, locating the members of the gangs and uncovering their aims, methods, and connections.

One of the most basic but crucial capabilities delivered by machine learning systems is translation from over 100 languages, plus translation of slang, code phrases, and even emoji codes. Application of such sophisticated translations removes any language barriers that may hinder the investigative process. Additionally, some systems can do more sophisticated language analysis. It may surprise some people to learn how much social media is used by criminals to plan, coordinate, and carry out their activities. They often use certain coded language and symbols to communicate secretly. If linguistic patterns used by a cyber gang are entered into the analytical lexicon, the software can find every use of those keywords and phrases used around the world in public, non-classified platforms. It can further categorize those uses for easy analysis, often directing researchers to the personal social media profiles of individuals who are conducting illegal activities with cyber gangs. There is often a consistency in communications styles between someone’s public, private, and criminal communications. If this pattern can be located, it can lead to discovering the identity of a criminal.

Image recognition is another crucial type of analytical approach. With the right technology, investigators can find every publicly available match to images related to a cyber gang. For instance, any picture published openly in the social media activities of a cyber gang can be compared to all other open data sources/platforms and traced back to original sources. For instance, images captured from security cameras at the scene of a crime can easily be loaded up by law enforcement investigators and matched to publicly available social media pictures of the same people. Images from a violent protest can be used to find the identities of the gang members who may have manipulated the crowd into committing criminal acts, so long as those pictures are publicly available, or a warrant has been issued. Of course, these capabilities only serve to support the work of human analysts who must verify any potential criminal involvement.

In addition to the obvious usefulness of this technology to identify specific individuals, image recognition can be used to analyze symbols, tattoos, scenery, vehicles, license plates, buildings, and virtually any other images that might show up in relation to illegal actions. These images can be compared to thousands of public sources across the web and matched to their source, often providing critical new insights into the details of the crime.

At this point, digital investigation solutions which leverage AI and ML are essential to effective criminal investigations. The more investigators can learn about a cyber gang, the more likely they are able to understand and anticipate their activities, prevent further harm, and bring the criminals to justice. The modern analytical technology acts as a force multiplier, accomplishing in hours what would have taken a team of brilliant human minds weeks or months to complete.

To learn more on this topic, sign up for our webinar “Exploring the Power of AI to Anticipate and Prevent Cyber Attacks” on April 26th. Register here.

Share this post