Cybercrime Is The Biggest Evolving Source Of Crime In The UK

Uploaded on 2018-12-12 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber-crime is the biggest evolving crime type in the UK and beyond in terms of volume and complexity, according to detective chief superintendent Pete O’Doherty, lead of cyber and head of economic crime at the City of London Police.

“But it is difficult to police, because unlike other crimes where there is an offender, victim and location, cyber-crime tends to be multi-national. If you look at the globalisation of goods, people and services, and an epic evolution in technology, it is without doubt the most significant harm in the UK,” he told the information security track of the International Security Expo 2018 in London.  

“I have been a detective my whole career and the training I have been given has not equipped me with the skills and techniques that I need to investigate cyber-crimes involving multiple actors in multiple countries,” said O’ Doherty.

Capability to investigate cyber-crime is one of the top challenges, he said, particularly when it comes to cyber dependent crime involving botnets, distributed denial of service (DDoS) and malware, as opposed to the more traditional types of crime that are cyber enabled.

“The next problem is capacity. In the UK we are pleased to say we police by consent, but cyber, terrorism and economic crimes are not top of the list of what citizens [are worried about]. They are worried about things like anti-social behaviour, so there is a big gap between what the public wants from policing and our national threat strategic risk assessment.

“The challenge for us is finding a way to bridge the gap between the threat intelligence and the public voice if our main aim is to achieve public value.”

The third major challenge, said O’Doherty, is that while law enforcement and locking people up is important, it is not going to solve the problem of cyber-crime.

“There needs to be a massive focus on intervention, disruption, security by design and intelligence sharing if we are ever going to make a difference, and we need to start looking for digital skills in our recruitment and selection processes,” he said.

Another necessary change, said O’Doherty, is to increase the use intelligence to find links between cyber criminals and more traditional crimes “to leverage the politics” to get local policing to treat it as a priority. “Al Capone was not put in prison for homicide, but for fraud,” he said.

Adapting to Challenges

The switch from using credit cards to crypto-currencies on the dark web is another challenge for police who are now no longer able to use covert credit cards to buy goods to catch criminals offering illegal goods and services.

In the face of these challenges and the increased use of personal data stealing and illicit crypto-currency mining malware spread through social engineering emails, O’Doherty said the police are adapting their approach to combating cyber-crime.

The first area policing has achieved success is in shutting down websites providing unauthorised access to copyrighted content by cutting off their advertising revenue, which was around $50,000 a month.

The City of London Police stepped in by contacting the website operators, inviting them to contact the police for help to legitimise the business. “If they fail to contact us, we put them on a blacklist sent to UK advertisers who remove their brands from the offending websites, cutting off advertising revenues.

“We then share the intelligence with Mastercard and Visa, who take down the payment enabler so that any money generated can’t be generated overseas, and we share the information Europol, Interpol, the FBI and others so that each country can work within its own legal framework to take down offending sites. 

“In this way, we have saved millions of dollars for the [creative arts] industry, we have dismantled 70,000 websites and over 100 organised crime gangs operating in this space no longer exist.”

Cyber Griffin is another initiative by the City of London Police to provide a free service aimed at helping people protect themselves from cyber-crime. “Every month, we use the intelligence we receive to brief industry to help organisations to build robust cyber security practices to prevent the external and internal threats from damaging the business.

“We also do incident response exercises in which we map out an organisation’s infrastructure, identify the threat vectors and help design internal regimes to prevent the threats,” said O’Doherty.

In response to the capability challenges, police forces are building capabilities and volunteers. “There is now the opportunity to become a volunteer police officer called a special constable to work in investigations to use their expertise in risk mitigation and cyber security to help police do a better job.”

The use of “direct-entry detectives” is another effective strategy being used by police in combating cyber-crime. “Many people want to be a detective, but don’t want to walk the beat. So were are currently designing a way for experts to join the police as a detective by ‘direct entry’ to investigate fraud and cyber-crime as a specialism,” said O’Doherty.

“We are also in the process of designing a cyber academy to offer courses around, such as cryptocurrency and cyber investigations for policing and law enforcement,” he said.

In an attempt to get public support for investment in cyber-crime fighting, O’Doherty said police forces are giving police chiefs and commissioners a profile that “articulates the impact of cyber-crime on local people and draws the links between cyber and organised crime to give them the appetite to invest”.

As a result, he said there has been a “massive improvement” in the level of investment being made by policing and the cases that officers are now able to investigate.

Internationally, O’Doherty there is a UK policing representative in the office of the district attorney of New York in the US who shares intelligence about organised crime gangs that operate across the Atlantic to help coordinate investigations.

UK also has a team of specialists dedicated to working with convicted cyber criminals to understand how their crimes were committed with the incentive of getting their prison terms reduced. One success story, said O’Doherty, is about a 22 year old in the US who designed a chipset that enabled him breach voicemail services around the world to access linked computers and servers to access sensitive databases.

“Under this initiative, he helped police design prevention advice that we disseminated to industry and design a mechanism to ensure that this type of attack can never happen again.”

Another key tool in the police arsenal for fighting cyber-crime is disruption activity. “Action Fraud, receives about 24,000 reports a month, which policing does not have the capacity to investigate. But we have a capability that identifies bank accounts, email addresses, VoIP platforms and websites linked to fraud and we have a team that disrupts those entities to prevent further offences, and we estimate that through that work we save around £400m from being lost through fraud,” said O’Doherty.

In closing, he said that “partnership” is a key element of everything policing is doing to address the challenges associated with fighting cyber-crime. “Partnership with industry, government and education systems. We cannot do it alone.

“We want every victim of crime, which includes businesses to report those crimes, because if we know what the true scale of the problem is, we can start to develop and intelligence-led, coordinated response to cyber-crime, which is significantly under-reported, and that is a big problem,” he said.

Computer Weekly:

You Might Also Read:

Tackling UK Cyber Crime

« Germany Develops Offensive Cyber Capabilities Without A Coherent Strategy
Cyber Weapons Are Proliferating Beyond Control »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Subex

Subex

Subex leverages its award-winning telecom analytics solutions in areas such as Revenue Assurance, Fraud Management, Asset Assurance and Partner Management, and IoT Security.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Cyscale

Cyscale

Cyscale is a consultancy and development agency helping Enterprises adopt and migrate to the Cloud by providing an Automated Cloud Security Platform.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator invests in early stage disruptive companies in the security industry including, Cybersecurity, Internet of Things (IOT), Blockchain and AI.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

CI-ISAC Australia

CI-ISAC Australia

CI-ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors.