Digital Shock: Cybercrime & The Future Of Policing. Part 3
With an online crime reported to police every ten minutes, British forces are investing in cyber security training. In the final of our three part series focusing on cyber-crime, CEO and co-founder of Cyber Security Intelligence Alfred Rolington (pictured) says whilst forces are making progress, there’s a long way to go.
The rise in crime is accelerating, with the latest figures showing a 13% increase in 2017 in all police-recorded offences across England and Wales, and even greater rises for violent offences including knife crime, sexual offences and violence against the person and the number of cyber-crimes has significantly increased.
The cost to the UK economy of cyber-crime is currently about £30 billion which includes all commercial attacks as well as personal individual hacks and thefts. Some UK police are just learning about cybersecurity and the extent of cybercrime as a problem has meant that police forces across the UK will have to get much more familiar with cybersecurity.
The amount spent on cyber police training in the UK is far too low, and will not reduce cyber-crime, and its effects on the UK population
Cybercrime in the UK is reported once every 10 minutes, new figures from the Office for National Statistics revealed. In fact, you’re more likely to be a victim of cybercrime than any other criminal offence, but traditional law enforcement lack the technical skills needed to respond to cyber crime. That’s why thousands of police officers in the UK are now getting specialist cyber security training.
Law enforcement is now learning to fight cybercrime with the help of training providers, like Firebrand Training. 80 per cent of constabularies across the UK are learning to become specialist cyber security investigators. This is the future of policing.
Police current understanding of cyber crime and the effects of leaving the EU, but, as we explained in our previous article, the amount spent on cyber police training in the UK is far too low, and will not reduce cybercrime, and its effects on the UK population.
The ‘Policing and Cybercrime’ report revealed that in terms of cybercrime training budgets the total spend across all forces that responded, including the British Transport Police and Ministry of Defence Police Service, was just £1,320,341 over across the last three years.The total number of officers and staff receiving cyber-crime training across all forces was 39,438. However, as with the training budgets themselves, the numbers varied greatly from force to force.
Leading the pack in terms of expenditure was North Wales Police which trained 1,043 people on a budget of £375,488 (£360 per person).
As far as numbers trained are concerned, the leading force was Norfolk and Suffolk which educated 12,540 people but on a budget of just £70,100, just £5.59 per person, which brings into question the extent and quality of the training.
Training police officers to understand cyber-crime with a budget of less than £6 per head seems inadequate, although preferable to the Port of Dover Police who trained precisely nobody in 2015, 2016 or 2017.
Given this growing threat, the City of London Police has established a new training programme to help officers understand the world of crypto-currency
North Wales Police definitely shone as far as cyber-crime training was concerned, with a five-day course for 147 key staff and one-day ‘Initial Police Learning and Development Programme’ cyber-crime input courses for 183 officer recruits and 68 CID officers.
What is both clear, and somewhat shocking, is that there appears to be no central, national police cyber-training strategy. Individual police forces are left alone to develop training programmes and determine budgets for doing so.
The National Cyber Crime Unit (NCCU) leads the UK response to cyber-crime and works with both the Metropolitan Police Cyber Crime Unit (MPCCU) and Regional Organised Crime Units (ROCUs) providing support and resources as deemed currently necessary.
Overall, cyber training of police and their response to cyber-crime is low and needs far more attention from the Home Office, Government in general and senior police officers.
So far, the best response to cyber criminality has been within the City of London Police.
Leading the way in London
As the National Lead Force for Fraud, the City of London Police has the responsibility to share best practices on tackling fraud with other forces around the UK. This is achieved through the ECA, the Economic Crime Academy, which continues to evolve in response to the shifting financial landscape.
“In recent years the crypto-currency market has grown considerably, with more and more people using it and investing their money,” says Mike Betts, head of skills and development at the ECA.
“However, this surge in popularity has also given rise to more fraud in this area, with criminals identifying crypto-currencies as a new way to defraud people and steal their money, and also launder money.”
“The Economic Crime Academy (ECA) continues to develop national and international courses in response to emerging threats and this new course will provide training to counter the growing risks that cryptocurrencies pose,” Betts says.
As stated on its website, The Economic Crime Academy educate not only the police force, but also public sector bodies and private companies, organisations that have in the past been educated by big companies in the space, like Coinbase, who have helped various US Federal agencies get better training in handling and monitoring crypto-crimes.
In 2017 hackers stole a total of £130bn from consumers, including £4.6bn from British Internet users and the number of denial of service, DoS attacks, has severely increased and is very important to monitor and respond to.
Correct organisational/staff culture to minimise risk
Located at the epicentre of London’s financial district, the City of London Police are jurisdictionally unique and operate separately from the much more high-profile Metropolitan Police Service, which oversees the greater London area.
This state-of-the-art court is a further message to the world that Britain both prizes business and stands ready to deal with the changing nature of 21st-century crime
Although it is a tiny district of just over one square mile, the City of London includes London’s famed financial district, with its police force on the frontlines of the war against increasingly sophisticated cybercriminals.
The capital has seen a recent increase in cybercrimes, and just last month London Police seized Bitcoins worth half a million pounds from a London computer hacker who had launched phishing attacks on major British firms like Sainsbury’s, Asda and the British Cardiovascular Society, and sold the stolen information on the Dark Web.
Given this growing threat, the City of London Police has established a new training programme to help officers understand the world of crypto-currency.
This is a first of its kind initiative in the UK, and was launched in response to the concerns of rank and file police officers, who thought the lack of training in the crypto field left them unaware of the opportunities provided to criminals by the technology.
The one-day course, called Cryptocurrencies for Investigators, will train fraud investigators in how to deal with cryptocurrency, and be taught by the force’s Economic Crime Academy.
With the pilot course complete, another is scheduled for August, and it is hoped that the course will then be rolled out nationally.
State-of-the-art cyber court
Further to expanding its capacity to deliver ‘digital justice’, The City of London Corporation has also stated its intention to develop a new Cyber Court specifically designed to tackle cyber-crime, fraud, and economic crime,
“This state-of-the-art court is a further message to the world that Britain both prizes business and stands ready to deal with the changing nature of 21st-century crime.” said Lord Chancellor David Gauke at the launch.
Increasingly, front-line officers must use covert techniques, like advanced network analysis, both before and during crime scene searches.
This comes as part of a £1 billion courts modernisation programme by the Ministry of Justice, which has been welcomed by cyber fraud and crypto-currency experts like asset recovery expert Jennifer Craven, whose firm Pinsent Masons specialises in litigation surrounding foreign and domestic commercial frauds.
“Its launch is no doubt a response to the sheer scale of cyber fraud and the huge cost of it to UK businesses who continually suffer losses at the hands of cyber-attacks such as hacking, business email compromise and theft of crypto-currencies,” she says.
With Brexit on the horizon, these developments will help London remain at the global epicentre of a legal and financial world where crypto-currency is a significant factor.
Further afield, law enforcement agencies and public prosecutors met with crypto experts in The Hague recently to discuss how legitimate use of crypto-currency can be encouraged, amid abuse by hackers, and international drug dealers.
Figures released from US cyber-security company CipherTrace indicated that crypto-currency exchange theft has increased threefold since 2017, making it one of fastest growing crimes ever.
Denial of Service Attacks
A Denial of Service DoS, or Distributed Denial of Service DDoS, attack aims to take-down networks and make websites and or an email address unattainable for the user. The DoS floods systems with traffic and drowns them down.
A Distributed Denial-of-Service (DDoS) is a large-scale DoS attack where the perpetrator uses more than one unique IP address, often thousands of them.
Since the incoming traffic flooding the victim originates from many different sources, it is impossible to stop the attack simply by using ingress filtering. It also makes it very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
As an alternative or augmentation of a DDoS, attacks may involve forging of IP sender addresses (IP address spoofing) further complicating identifying and defeating the attack.
Police in twelve countries have dismantled WebStresser which is the globes biggest DoS attack service. The joint campaign known as Operation Power Off appropriated WebStresser’s infrastructure in the US, UK and the Netherlands, and took down site administrators from Hong Kong to Australia.
Similar to a lot of cyberattack-for-hire services, WebStresser could take sites off-line in an instance and the cost was a small as £15, regardless of your IT knowledge.
This is a good success for all forces but unfortunately this is just a start as it is easy to create new DoS networks and staying in focus for the next network take down is very necessary for the forces.
Frontline skills
Increasingly, devices are being discovered on crime scenes which must be dealt with quickly by frontline police officers. Previously, officers did not possess the skills needed to assess and triage these devices. The result: critical evidence was lost or ‘dead-boxed’, trapped for months in a long- winded evidence process.
When police arrive at a crime scene, speed is essential, every second a computer or device is left unattended, data stored in its memory cache is irretrievably lost. IT systems must remain running to enable a first responder to collect the necessary volatile data and make initial assessments of running processes.
Police also need the technical skills to respond to other forms of cybercrime, including hacking and possession or distribution of malicious software. Increasingly, front-line officers must use covert techniques, like advanced network analysis, both before and during crime scene searches.
How police become cyber-security experts
Law enforcement also learn how to capture volatile data from RAM and caches and how to forensically image a computer on the scene.
Law enforcement is gaining cyber security skills on courses designed from the ground up incorporating popular cyber security qualifications.
Frontline police officers on this cyber security training are introduced to the basic concepts of computers and networking, with an emphasis on components and operating systems.
Officers are taught networking using OSI and TCP/IP reference models, and how this relates to specific network devices and protocols.
Firewalls, switches and routers, are also a massive focus. Police need the practical skills to quickly examine networking devices in real time during raids and seizures to access sensitive information.
Law enforcement also learn how to capture volatile data from RAM and caches and how to forensically image a computer on the scene. To do this, police are taught basic scripting using Command Line and PowerShell before being introduced to tools like FTK Imager, USB Review and screen capture software.
For specialised officers that required a greater knowledge of cyber security, we’ve developed advanced training programmes. On these intense courses, police officers are taught advanced networking and wireless skills, before being tested in a live crime scene scenario, requiring them to conduct a scene search under warranted conditions.
They’ll then use their networking knowledge to conduct wireless surveys, capture volatile data and use popular network-protocol analysis tools, like Wireshark.
When interviewed on BBC Breakfast News, DC Steve Mersh said: “It’s a case of learning the practical skills that we can utilise, no different to a finding a gun at a crime scene that we can make safe from the public and attribute to the criminal”.
With the unstoppable rise of cybercrime, the skills taught in these programme will filter down to become mainstay training for all UK law enforcement officers, regardless of their role. Now also seeing heightened interest in Open Source Intelligence, Digital Currency and The Dark Web’s marketplaces. While these topics are already taught on our courses, demand for police to possess these skills is set to increase.
What more can we do?
Ultimately, user training and awareness will always be an evolving area of cyber security and one that law enforcement can exercise little power over. Law enforcement cannot prevent all cybercrime and employees are now the top source of security incidents.
One example the Commissioner gave was people posting screenshots of their newly acquired driving licenses on Facebook; the risks are obvious.
It must be a regular part of a company or enterprise policy to ensure good training of all employees. However, a recent report from PWC revealed that cyber security budgets for UK businesses have actually decreased in the last year. With the rising incidence of cybercrime in the UK, cyber security training isn’t just essential for law enforcement.
Can the UK police tackle cyber-crime?
Ian Dyson QPM, Commissioner, City of London Police, shared his insight on how the UK police are handling the ever expanding scale of cyber attacks. He stated that 70% of fraud is now cyber-enabled, with crypto mining and jacking among the top cybercrime trends, as well as social engineering.
With regards to latter, Commissioner Dyson described how young people, in particular, have chosen convenience over security when it comes to the data they share in order to use certain apps – which, yes, make life easier and more interesting with transport updates and restaurant recommendations – but essentially they’re giving away their data, unaware of how it’s being used.
One example the Commissioner gave was people posting screenshots of their newly acquired driving licenses on Facebook; the risks are obvious.
Despite the fears, Commissioner Dyson said the UK’s cyber security is in a better state than we might think, being 4th best in Europe.
However, he did point out that the City of London Police has a national responsibility around cybercrime protection. He raised the need to create a security blanket to help businesses see that they’re protected; for which he proposed a plan that’s already working elsewhere in UK law enforcement.
This idea is based upon Project Griffin which was originally established by the City of London Police in 2004 to combat the rising levels of terrorism in a post 9/11 world.
Its main goal was to foster security awareness across the capital’s business community through effective and timely information-sharing with law enforcement. The commissioner said that a lot can be learnt from Project Griffin and there’s a need to take those principles to cyber space.
The UK Police needs to act fast; Commissioner Dyson highlighted the fact that if your house is burgled, you would call the police. However, in a cyber-attack – you would more likely approach an IT team in the first instance.
Commissioner Dyson said it is crucial that UK law enforcement rethinks its approach to online crime, otherwise they risk becoming irrelevant.
Cyber cops will be on their own once Britain leaves the EU
The UK is set to lose access to the European Cybercrime Centre, after it was revealed the country will no longer be a member of Europol following its departure from the European Union in 2019.
Losing access to EC3 will mean that UK police units fighting cyber-crime will no longer benefit from intelligence-sharing between EU member states, as well as from the extensive support network offered by Europol’s cyber specialists.
The European Cybercrime Centre – also known as EC3 – was set up by the cross-border law enforcement group to provide support for EU police forces in tackling cyber-crime. EC3 assists national police with intelligence, digital forensics and strategy support, collaborating on cases involving technological elements.
Cyber security experts have expressed dismay at the news. “This is hugely disappointing,” McAfee’s chief scientist Raj Samani told IT Pro. “Europol have a proven record of success and one would hope a degree of compromise can be reached since the safety of all citizens across the globe is our joint mission.”
The government had stated earlier this year that it wished to continue its relationship with Europol following Brexit, but the EU’s top negotiator Michel Barnier said that access to Europol would not be possible once the UK leaves the EU, stating that it was a “logical consequence”.
Losing access to EC3 will mean that UK police units fighting cyber-crime will no longer benefit from intelligence-sharing between EU member states, as well as from the extensive support network offered by Europol’s cyber specialists.
“Since before the referendum, the NCA and its partners in policing and wider law enforcement have clearly stated our need to work closely and at speed with European countries to keep people in the UK safe from threats including organised crime, child sexual abuse, cyber-attack, and terrorism,” a spokesman for the UK’s National Crime Agency told IT Pro.
“We are confident that these requirements are being taken into account, and that there is broad consensus on the need to retain our ability to share intelligence, biometrics and other data at speed.
“It is also vital to ensure we can continue to provide a quick, efficient and dynamic response to crime and criminals impacting the UK and its citizens, be it from serious and organised transnational crime or local level volume crime at the heart of UK communities.”
What is the best thing police can do to reduce cyber-crime?
Crime is highly concentrated: the evidence shows that most of it is associated with only a small proportion of places, victims and offenders. This has important potential implications for the targeting of police resources.
Focusing action on crime and anti-social behaviour hotspots, repeat victims, and prolific or high volume offenders is, therefore, an effective way to allocate resources for crime reduction.
Understanding what is causing high volume offending or problems in hotspots and coming up with specific solutions, often in partnership with others, allows the police to drive down crime.
In summary, the best thing that police can do to reduce crime is to target resources based on analysis of the problem and at the same time ensure the fair treatment of all those they have contact with.
You Might Also Read:
Digital Shock: Cybercrime & The Future Of Policing Part 1:
Digital Shock: Cybercrime & The Future Of Policing. Part 2
References:
SC Magazine: SC Magazine: BraveNewCoin: BBC: Guardian: Information-Age: ITPro: Information-Age:
TEISS: Information-Age: Information-Age: Information-Age: