Meet the ex-Marine hunting the world’s most dangerous cybercriminals

Victoria D. Doty

A career in cybersecurity was in all probability the final factor on John Fokker’s thoughts as he was speeding across the Indian Ocean with his fellow Marines towards a ship crewed by pirates. But as it turns out, there are a astonishing selection of similarities concerning the two disciplines.

Now Head of Cyber Investigations at protection firm McAfee, the beat Fokker finds himself in today is extra virtual than bodily, but significant-stakes nonetheless.

In a globe in which cybercrime is increasingly lucrative and ever extra refined, attackers and defenders are now engaged in perpetual conflict, each seeking to outwit and outmaneuver the other.

While he acknowledges his route into cybersecurity was an atypical just one, Fokker told TechRadar Professional his experience in the military services really presented him with the perfect grounding.

“When you consider absent all the technological elements, ransomware is incredibly a lot like a hostage negotiation scenario. Particularly when you glance at the psychological condition of risk actors and victims,” he explained.

“Ransomware is just one of the couple of cyberattacks the place you as the target interact with the cybercriminal. From a psychological position of perspective, it’s incredibly exciting all people needs some thing from a person else.”


(Image credit history: Shutterstock / Sapann Design)

A exceptional grounding

A occupation with the Royal Netherlands Maritime Corps was, for Fokker, an antidote to the drudgery of the office occupation he took up after graduating with a degree in personal computer science. It wasn’t about the beat essentially, extra about accomplishing some thing distinct.

He invested 8 yrs as a Maritime in whole, the final 5 of which with the Distinctive Operations Department doing work counterterrorism, counterpiracy and hostage rescue, which took him across the globe.

In North Afghanistan, the place he was stationed for a time, Fokker was tasked with provincial reconstruction, which associated serving to regional civilians build infrastructure these types of as educational institutions and water pits, and holding the engineers risk-free in the procedure.

At a further publishing in Somalia, he was component of a crew based mostly on a Navy ship, whose occupation was to monitor pirate action in the location.

“We did a good deal of shut vary reconnaissance at night to see the place the primary camps ended up and who was all set to sail out it was a good deal of intelligence gathering,” he explained. “If there was any sign a pirate ship was about to sail out or was working at sea, or if there was a hostage scenario, we would intervene.”

As glamorous as this may well audio, Fokker explained he finally worn out of the lifestyle, which stored him absent from household for all but a couple of months each yr. He selected to move up a part as a ranking officer in the Maritime Corp in favor of a distinct taste of beat. 

“I saw the character of what was going on in the globe change,” he told us. “Even however I wasn’t actively in the cybersecurity realm, I could see that this was the foreseeable future.”

Cybersecurity will come calling

Even though Fokker experienced set his sights on a occupation in cybersecurity, he didn’t changeover promptly to civilian life, as a substitute using on a part as a digital investigations specialist with the Dutch national law enforcement.

As component of the arranged crime crew, he went after drug kingpins, assassins and other criminals of a very similar class, tapping their telephones and examining the recordings. On celebration, however, he observed himself lurking in the undergrowth in a ghillie match aiming to “sniff their Wi-Fi”, proving that cyber investigation doesn’t all consider spot at the rear of a desk.

He also played a part in a variety of malware investigations and botnet takedowns all through his time with the law enforcement. According to Fokker, despite the country’s diminutive sizing, the Dutch obtain by themselves the coronary heart of many intercontinental cybercriminal investigations.

“The Netherlands is small, but a good deal of web backbones terminate in the state, so it’s a central hub and there is a good deal of website hosting,” he explained. “From the incredibly beginning, the Dutch law enforcement have been associated in a good deal of investigations, purely since that’s the place cybercriminals host their programs.”


(Image credit history: / Gorodenkoff)

Even so, while the law enforcement get to handle the most really serious cybercrime there is – the “dire stuff”, as Fokker termed it – the extent of their impact is confined in some respects. The primary challenge is that only a small proportion of cybercrime victims file a official report, restricting the scope of law enforcement investigations.

“[The police’s] perspective on cybercrime is not essentially incomplete,” Fokker told us, “but it could be confined to the stories that get there on their plate. And the whole risk landscape may well really be a lot bigger.”

To illustrate his position, he gestured towards the official figures from the World wide web Criminal offense Complaint Middle (IC3), which recommend business e-mail compromise is the most threatening kind of attack. Even so, anyone working in cybersecurity will convey to you that the hurt from ransomware is a lot better it just doesn’t get documented via official channels.

A different challenge is that intelligence sharing can be demanding, since government entities are hamstrung by specific procedures and intercontinental politics.

“Right now, I can hang up the telephone with you and simply call the NCAA or FBI and I can share information no challenge. In the law enforcement, the a variety of procedures and intercontinental treaties make that form of collaboration a good deal harder,” Fokker told us.

At McAfee, in the personal sector, he suggests he enjoys a stage of adaptability and dynamism that was unavailable to him in the previous part.

“I assume it’s the finest occupation in the globe,” he explained. “We get to hunt cybercriminals, figure out what’s going on and protect our clients. And if we have worthwhile information that could lead to attribution or be practical to the law enforcement, inside particular instances we’ll share it.”

Questioned no matter if there is ever a reluctance in the marketplace to share intelligence with other protection vendors, owing to competitiveness concerning them, Fokker laughs.

“Nobody is on the lookout to steal technology or criticize other people today,” he suggests “Actually, all people has a piece of the puzzle and we all attempt to function alongside one another to build as entire a photo as probable. It is not as cutthroat as you may well visualize.”

A distinct form of hostage negotiation

A good deal of Fokker’s time today is invested pondering about just one variety of cyberthreat in particular: ransomware.

According to all method of scientific tests, ransomware attacks are turning into extra elaborate, extra successful and extra lucrative for operators, who have been emboldened and are demanding better and better ransom expenses.

A report authored by researchers at Coveware, for instance, observed that the average ransom payment achieved an all-time significant in Q1 2021, at $220,298. The rise was attributed to just one notably opportunistic team, termed CloP, which capitalized on a specific vulnerability to seize the data of a raft of corporations.

Recent data from Kaspersky, in the meantime, displays ransomware is also turning into ever extra qualified, with attacks on significant-profile victims these types of as businesses and government businesses rising by 767{394cb916d3e8c50723a7ff83328825b5c7d74cb046532de54bc18278d633572f} yr-on-yr.

What fascinates Fokker, however, is the psychological element of ransomware attacks and the peculiar dynamic founded concerning the attacker and target.


(Image credit history: Shutterstock / binarydesign)

“As with true-life hostage situations, victims are incredibly vulnerable in the very first couple of minutes and hours after an attack. Generally, they are seeking to get their bearings and sometimes make over-hasty selections without the need of using the time to evaluate what’s going on,” he spelled out.

There is an element of tactic to mitigating ransomware that does not apply to regular malware attacks, he suggests. It is not just a technological challenge, but a psychological just one that involves the target to “size up the criminal” and respond accordingly.

“I’ve also seen lots of scenarios of cyber Stockholm Syndrome, the place the victims that do finish up negotiating are thankful to the perpetrator,” Fokker told us. “It’s practically like a true hostage scenario the place any individual kinds an psychological bond with their captor.”

To shell out or not to shell out

In 2017, in a bid to help the many victims of ransomware, Fokker started a undertaking termed No A lot more Ransom, which archives no cost decryptors that can help people today recuperate their data without the need of caving in to ransom requires.

The service grew rapidly and grew to become the very first ransomware portal designed off the back of collaboration concerning law enforcement and the personal sector fitting, presented Fokker’s particular career path.

No A lot more Ransom at the moment features decryption tools for a vary of distinct ransomware strains, these types of as Avaddon, Zigggy, Fonix, Decide and Darkside, with extra becoming additional all the time. It also can help people today diagnose the variety of an infection they are suffering from, by cross checking information presented with known destructive URLs and Bitcoin addresses.

When there is no decryptor out there, however, the issue results in being no matter if or not to negotiate with the attacker. According to the No A lot more Ransom web page, the assistance is hardly ever to shell out the ransom, total prevent.

“Paying the ransom is hardly ever encouraged, predominantly since it does not assurance a option to the challenge. There are also a selection of difficulties that can go improper unintentionally. For case in point, there could be bugs in the malware that will make the encrypted data unrecoverable, even with the suitable critical,” reads the FAQ webpage.

“In addition, if the ransom is paid out, it proves to the cybercriminals that ransomware is successful. As a end result, cybercriminals will continue on their action and glance for new strategies to exploit programs.”

Even so, Fokker concedes that the sophisticated mixture of variables at play suggests the challenge is not very that slice-and-dry in fact, notably for organizations.

“In the trenches, some businesses are presented with a distinct risk, since it turns into a business determination. For case in point, they may possibly obtain by themselves in a scenario in which they would have to lay off workers if they refused to shell out the ransom and data was leaked. There are tons of businesses that are in a scenario the place they have no choice but to shell out.”

The final purpose, he suggests, is that the tactic to cybersecurity matures to the position at which ransomware victims no extended have to make that determination. By owning stable backups in spot and a crystal clear tactic in anticipation of an attack, the hope is that the ransomware business model can be shattered once and for all.

Next Post

Kendall Automotive Group

Your MPGe/MPG will range for a lot of reasons, including your car’s condition and how/the place you drive. EPA-estimated 40 city/37 hwy/39 combined mpg for 2021 Venza. EPA-estimated fifty four city/50 hwy/52 mixed mpg for 2021 Prius LE, XLE, 2020 Edition and Limited. EPA-estimated 30 metropolis/38 hwy/33 mixed mpg for […]

Subscribe US Now