Surrey, B.C., resident arrested as part of global cybercrime investigation

RCMP in B.C. announced Wednesday that a Surrey resident had been arrested as part of a global cybersecurity crackdown.

Police say the person they arrested operated a network of thousands of infected computers capable of delivering malware — malicious software which could steal personal data or mine cryptocurrency.

It's part of a global crackdown on cybercriminals, led by the European Union's police agency Europol, called "Operation Endgame."

The operation saw multiple arrests in partnership with Denmark, France, Germany, the Netherlands, the Czech Republic and the U.S.

Supt. Adam MacIntosh, officer in charge of the Cyber and Financial Investigation Teams in the Pacific Region, said the arrest was the result of evidence the group had to believe this individual was exploiting malicious software.

MacIntosh said there are people in the world who produce malicious software for the purpose of entering people's devices.

Once they get access to these devices, they will sell that access to others, who may use it for their own reasons or to sell it again.

"This individual had purchased this type of information and access and was using it to exploit for themselves," said MacIntosh. 

"If somebody stole an item, they sell it to somebody else who sells it to somebody else. Or they themselves use it for whatever gain that they're looking for." 

MacIntosh said this access can be used to retrieve private information or user accounts, or to exploit a business for ransom. 

A cybersecurity expert said  the recent crackdown came after a significant operation last May that saw the bust of a large cybercrime ring, which had compromised hundreds of thousands of computers.

"The [individual] that was arrested here in B.C. appears to have been a customer purchasing access to those compromised computers, and to me that's important," said Chester Wisniewski, the director and field chief information security officer for Vancouver-based company Sophos.

Wisniewski said that, historically, law enforcement tends to go after the kingpins at the top of cybercrime operations and not lower-level criminals who do not organize operations.

"This arrest here in B.C. in particular ... kind of sends a message to the customers that you're not off the hook either," the cybersecurity expert told CBC News.

Europol said in a statement that it tracked down those who paid to get into the compromised computers, which were used for webcam access, deploying ransomware and mining cryptocurrency.

Wisniewski said that it was the first major cybercrime operation that he had heard of in B.C in a long time.

"We have to increase the friction to make these crimes more difficult," he said. "And certainly, wondering if the police are going to knock on the door at any moment is a good deterrent."

The cybersecurity expert said that cybercrime has increasingly been broken down into a marketplace, where some hackers gain access to computers and then other hackers buy those computers to install malware.

"Very few people have the technical skills to do an attack from the very beginning and write their own viruses and malware for computers and carry it all the way on through to the money laundering at the end," he said.

"It requires a chain of criminals working together in order to conduct these large-scale attacks that cause so much damage."

MacIntosh said people can protect themselves from cyberattacks in various ways, such as by using antivirus software or firewalls, keeping phones updated with security measures, or enabling two-factor authentication on accounts. 

"All can help make it more difficult for people to enter into their … virtual homes." 

The B.C. government, B.C. Libraries Co-operative, First Nations Health Authority and retailer London Drugs were among the organizations that suffered cyberattacks last year in the province.

WATCH | London Drugs confirms details of cyberattack:

London Drugs confirms details of ransomware attack

11 months ago

Duration 9:51

Roger Gale, industrial network cybersecurity program head at BCIT, discusses the implications of the London Drugs ransomware attack that the company says may have compromised some employee information. The retail chain closed its 79 stores for a week due to the attack.