Digital Shock: Cybercrime & The Future Of Policing. Part 3

An Introduction to Cyber-Crime and its Effects on Current UK Policing.  Part 3
 
This Article Is Available To Premium Subscribers: Please LogIn Or Subscribe
 

With an online crime reported to police every ten minutes, British forces are investing in cyber security training. In the final of our three part series focusing on cyber-crime, CEO and co-founder of Cyber Security Intelligence Alfred Rolington (pictured) says whilst forces are making progress, there’s a long way to go.

The rise in crime is accelerating, with the latest figures showing a 13% increase in 2017 in all police-recorded offences across England and Wales, and even greater rises for violent offences including knife crime, sexual offences and violence against the person and the number of cyber-crimes has significantly increased.

The cost to the UK economy of cyber-crime is currently about £30 billion which includes all commercial attacks as well as personal individual hacks and thefts. Some UK police are just learning about cybersecurity and the extent of cybercrime as a problem has meant that police forces across the UK will have to get much more familiar with cybersecurity.

The amount spent on cyber police training in the UK is far too low, and will not reduce cyber-crime, and its effects on the UK population

Cybercrime in the UK is reported once every 10 minutes, new figures from the Office for National Statistics revealed. In fact, you’re more likely to be a victim of cybercrime than any other criminal offence, but traditional law enforcement lack the technical skills needed to respond to cyber crime. That’s why thousands of police officers in the UK are now getting specialist cyber security training.

Law enforcement is now learning to fight cybercrime with the help of training providers, like Firebrand Training. 80 per cent of constabularies across the UK are learning to become specialist cyber security investigators. This is the future of policing.

Police current understanding of cyber crime and the effects of leaving the EU, but, as we explained in our previous article, the amount spent on cyber police training in the UK is far too low, and will not reduce cybercrime, and its effects on the UK population.

The ‘Policing and Cybercrime’ report revealed that in terms of cybercrime training budgets the total spend across all forces that responded, including the British Transport Police and Ministry of Defence Police Service, was just £1,320,341 over across the last three years.The total number of officers and staff receiving cyber-crime training across all forces was 39,438. However, as with the training budgets themselves, the numbers varied greatly from force to force.

Leading the pack in terms of expenditure was North Wales Police which trained 1,043 people on a budget of £375,488 (£360 per person).

As far as numbers trained are concerned, the leading force was Norfolk and Suffolk which educated 12,540 people but on a budget of just £70,100, just £5.59 per person, which brings into question the extent and quality of the training. 

Training police officers to understand cyber-crime with a budget of less than £6 per head seems inadequate, although preferable to the Port of Dover Police who trained precisely nobody in 2015, 2016 or 2017.

Given this growing threat, the City of London Police has established a new training programme to help officers understand the world of crypto-currency

North Wales Police definitely shone as far as cyber-crime training was concerned, with a five-day course for 147 key staff and one-day ‘Initial Police Learning and Development Programme’ cyber-crime input courses for 183 officer recruits and 68 CID officers. 

What is both clear, and somewhat shocking, is that there appears to be no central, national police cyber-training strategy. Individual police forces are left alone to develop training programmes and determine budgets for doing so.

The National Cyber Crime Unit (NCCU) leads the UK response to cyber-crime and works with both the Metropolitan Police Cyber Crime Unit (MPCCU) and Regional Organised Crime Units (ROCUs) providing support and resources as deemed currently necessary.

Overall, cyber training of police and their response to cyber-crime is low and needs far more attention from the Home Office, Government in general and senior police officers.

So far, the best response to cyber criminality has been within the City of London Police.

Leading the way in London

As the National Lead Force for Fraud, the City of London Police has the responsibility to share best practices on tackling fraud with other forces around the UK. This is achieved through the ECA, the Economic Crime Academy, which continues to evolve in response to the shifting financial landscape. 

“In recent years the crypto-currency market has grown considerably, with more and more people using it and investing their money,” says Mike Betts, head of skills and development at the ECA.

“However, this surge in popularity has also given rise to more fraud in this area, with criminals identifying crypto-currencies as a new way to defraud people and steal their money, and also launder money.”

“The Economic Crime Academy (ECA) continues to develop national and international courses in response to emerging threats and this new course will provide training to counter the growing risks that cryptocurrencies pose,” Betts says.

As stated on its website, The Economic Crime Academy educate not only the police force, but also public sector bodies and private companies, organisations that have in the past been educated by big companies in the space, like Coinbase, who have helped various US Federal agencies get better training in handling and monitoring crypto-crimes.

In 2017 hackers stole a total of £130bn from consumers, including £4.6bn from British Internet users and the number of denial of service, DoS attacks, has severely increased and is very important to monitor and respond to.

Correct organisational/staff culture to minimise risk

Located at the epicentre of London’s financial district, the City of London Police are jurisdictionally unique and operate separately from the much more high-profile Metropolitan Police Service, which oversees the greater London area.

This state-of-the-art court is a further message to the world that Britain both prizes business and stands ready to deal with the changing nature of 21st-century crime

Although it is a tiny district of just over one square mile, the City of London includes London’s famed financial district, with its police force on the frontlines of the war against increasingly sophisticated cybercriminals.

The capital has seen a recent increase in cybercrimes, and just last month London Police seized Bitcoins worth half a million pounds from a London computer hacker who had launched phishing attacks on major British firms like Sainsbury’s, Asda and the British Cardiovascular Society, and sold the stolen information on the Dark Web.

Given this growing threat, the City of London Police has established a new training programme to help officers understand the world of crypto-currency.

This is a first of its kind initiative in the UK, and was launched in response to the concerns of rank and file police officers, who thought the lack of training in the crypto field left them unaware of the opportunities provided to criminals by the technology.

The one-day course, called Cryptocurrencies for Investigators, will train fraud investigators in how to deal with cryptocurrency, and be taught by the force’s Economic Crime Academy.

With the pilot course complete, another is scheduled for August, and it is hoped that the course will then be rolled out nationally.

State-of-the-art cyber court

Further to expanding its capacity to deliver ‘digital justice’, The City of London Corporation has also stated its intention to develop a new Cyber Court specifically designed to tackle cyber-crime, fraud, and economic crime,

“This state-of-the-art court is a further message to the world that Britain both prizes business and stands ready to deal with the changing nature of 21st-century crime.” said Lord Chancellor David Gauke at the launch.

Increasingly, front-line officers must use covert techniques, like advanced network analysis, both before and during crime scene searches.

This comes as part of a £1 billion courts modernisation programme by the Ministry of Justice, which has been welcomed by cyber fraud and crypto-currency experts like asset recovery expert Jennifer Craven, whose firm Pinsent Masons specialises in litigation surrounding foreign and domestic commercial frauds.

“Its launch is no doubt a response to the sheer scale of cyber fraud and the huge cost of it to UK businesses who continually suffer losses at the hands of cyber-attacks such as hacking, business email compromise and theft of crypto-currencies,” she says.

With Brexit on the horizon, these developments will help London remain at the global epicentre of a legal and financial world where crypto-currency is a significant factor.

Further afield, law enforcement agencies and public prosecutors met with crypto experts in The Hague recently to discuss how legitimate use of crypto-currency can be encouraged, amid abuse by hackers, and international drug dealers.

Figures released from US cyber-security company CipherTrace indicated that crypto-currency exchange theft has increased threefold since 2017, making it one of fastest growing crimes ever.

Denial of Service Attacks

A Denial of Service DoS, or Distributed Denial of Service DDoS, attack aims to take-down networks and make websites and or an email address unattainable for the user. The DoS floods systems with traffic and drowns them down.

A Distributed Denial-of-Service (DDoS) is a large-scale DoS attack where the perpetrator uses more than one unique IP address, often thousands of them. 

Since the incoming traffic flooding the victim originates from many different sources, it is impossible to stop the attack simply by using ingress filtering. It also makes it very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.

As an alternative or augmentation of a DDoS, attacks may involve forging of IP sender addresses (IP address spoofing) further complicating identifying and defeating the attack.

Police in twelve countries have dismantled WebStresser which is the globes biggest DoS attack service. The joint campaign known as Operation Power Off appropriated WebStresser’s infrastructure in the US, UK and the Netherlands, and took down site administrators from Hong Kong to Australia.

Similar to a lot of cyberattack-for-hire services, WebStresser could take sites off-line in an instance and the cost was a small as £15, regardless of your IT knowledge.

This is a good success for all forces but unfortunately this is just a start as it is easy to create new DoS networks and staying in focus for the next network take down is very necessary for the forces.

Frontline skills

Increasingly, devices are being discovered on crime scenes which must be dealt with quickly by frontline police officers. Previously, officers did not possess the skills needed to assess and triage these devices. The result: critical evidence was lost or ‘dead-boxed’, trapped for months in a long- winded evidence process.

When police arrive at a crime scene, speed is essential, every second a computer or device is left unattended, data stored in its memory cache is irretrievably lost. IT systems must remain running to enable a first responder to collect the necessary volatile data and make initial assessments of running processes.

Police also need the technical skills to respond to other forms of cybercrime, including hacking and possession or distribution of malicious software. Increasingly, front-line officers must use covert techniques, like advanced network analysis, both before and during crime scene searches.

How police become cyber-security experts

Law enforcement also learn how to capture volatile data from RAM and caches and how to forensically image a computer on the scene.

Law enforcement is gaining cyber security skills on courses designed from the ground up incorporating popular cyber security qualifications.

Frontline police officers on this cyber security training are introduced to the basic concepts of computers and networking, with an emphasis on components and operating systems.

Officers are taught networking using OSI and TCP/IP reference models, and how this relates to specific network devices and protocols.

Firewalls, switches and routers, are also a massive focus. Police need the practical skills to quickly examine networking devices in real time during raids and seizures to access sensitive information.

Law enforcement also learn how to capture volatile data from RAM and caches and how to forensically image a computer on the scene. To do this, police are taught basic scripting using Command Line and PowerShell before being introduced to tools like FTK Imager, USB Review and screen capture software.

For specialised officers that required a greater knowledge of cyber security, we’ve developed advanced training programmes. On these intense courses, police officers are taught advanced networking and wireless skills, before being tested in a live crime scene scenario, requiring them to conduct a scene search under warranted conditions.

They’ll then use their networking knowledge to conduct wireless surveys, capture volatile data and use popular network-protocol analysis tools, like Wireshark.

When interviewed on BBC Breakfast News, DC Steve Mersh said: “It’s a case of learning the practical skills that we can utilise, no different to a finding a gun at a crime scene that we can make safe from the public and attribute to the criminal”.

With the unstoppable rise of cybercrime, the skills taught in these programme will filter down to become mainstay training for all UK law enforcement officers, regardless of their role. Now also seeing heightened interest in Open Source Intelligence, Digital Currency and The Dark Web’s marketplaces. While these topics are already taught on our courses, demand for police to possess these skills is set to increase.

What more can we do?

Ultimately, user training and awareness will always be an evolving area of cyber security and one that law enforcement can exercise little power over. Law enforcement cannot prevent all cybercrime and employees are now the top source of security incidents.

One example the Commissioner gave was people posting screenshots of their newly acquired driving licenses on Facebook; the risks are obvious.

It must be a regular part of a company or enterprise policy to ensure good training of all employees. However, a recent report from PWC revealed that cyber security budgets for UK businesses have actually decreased in the last year. With the rising incidence of cybercrime in the UK, cyber security training isn’t just essential for law enforcement.

Can the UK police tackle cyber-crime?

Ian Dyson QPM, Commissioner, City of London Police, shared his insight on how the UK police are handling the ever expanding scale of cyber attacks. He stated that 70% of fraud is now cyber-enabled, with crypto mining and jacking among the top cybercrime trends, as well as social engineering.

With regards to latter, Commissioner Dyson described how young people, in particular, have chosen convenience over security when it comes to the data they share in order to use certain apps – which, yes, make life easier and more interesting with transport updates and restaurant recommendations – but essentially they’re giving away their data, unaware of how it’s being used.

One example the Commissioner gave was people posting screenshots of their newly acquired driving licenses on Facebook; the risks are obvious.

Despite the fears, Commissioner Dyson said the UK’s cyber security is in a better state than we might think, being 4th best in Europe.

However, he did point out that the City of London Police has a national responsibility around cybercrime protection.  He raised the need to create a security blanket to help businesses see that they’re protected; for which he proposed a plan that’s already working elsewhere in UK law enforcement.

This idea is based upon Project Griffin which was originally established by the City of London Police in 2004 to combat the rising levels of terrorism in a post 9/11 world.

Its main goal was to foster security awareness across the capital’s business community through effective and timely information-sharing with law enforcement. The commissioner said that a lot can be learnt from Project Griffin and there’s a need to take those principles to cyber space.

The UK Police needs to act fast; Commissioner Dyson highlighted the fact that if your house is burgled, you would call the police. However, in a cyber-attack – you would more likely approach an IT team in the first instance.

Commissioner Dyson said it is crucial that UK law enforcement rethinks its approach to online crime, otherwise they risk becoming irrelevant.

Cyber cops will be on their own once Britain leaves the EU

The UK is set to lose access to the European Cybercrime Centre, after it was revealed the country will no longer be a member of Europol following its departure from the European Union in 2019.

Losing access to EC3 will mean that UK police units fighting cyber-crime will no longer benefit from intelligence-sharing between EU member states, as well as from the extensive support network offered by Europol’s cyber specialists.

The European Cybercrime Centre – also known as EC3 – was set up by the cross-border law enforcement group to provide support for EU police forces in tackling cyber-crime. EC3 assists national police with intelligence, digital forensics and strategy support, collaborating on cases involving technological elements.

Cyber security experts have expressed dismay at the news. “This is hugely disappointing,” McAfee’s chief scientist Raj Samani told IT Pro. “Europol have a proven record of success and one would hope a degree of compromise can be reached since the safety of all citizens across the globe is our joint mission.”

The government had stated earlier this year that it wished to continue its relationship with Europol following Brexit, but the EU’s top negotiator Michel Barnier said that access to Europol would not be possible once the UK leaves the EU, stating that it was a “logical consequence”.

Losing access to EC3 will mean that UK police units fighting cyber-crime will no longer benefit from intelligence-sharing between EU member states, as well as from the extensive support network offered by Europol’s cyber specialists.

“Since before the referendum, the NCA and its partners in policing and wider law enforcement have clearly stated our need to work closely and at speed with European countries to keep people in the UK safe from threats including organised crime, child sexual abuse, cyber-attack, and terrorism,” a spokesman for the UK’s National Crime Agency told IT Pro.

“We are confident that these requirements are being taken into account, and that there is broad consensus on the need to retain our ability to share intelligence, biometrics and other data at speed.

“It is also vital to ensure we can continue to provide a quick, efficient and dynamic response to crime and criminals impacting the UK and its citizens, be it from serious and organised transnational crime or local level volume crime at the heart of UK communities.”

What is the best thing police can do to reduce cyber-crime?

Crime is highly concentrated: the evidence shows that most of it is associated with only a small proportion of places, victims and offenders. This has important potential implications for the targeting of police resources.

Focusing action on crime and anti-social behaviour hotspots, repeat victims, and prolific or high volume offenders is, therefore, an effective way to allocate resources for crime reduction.

Understanding what is causing high volume offending or problems in hotspots and coming up with specific solutions, often in partnership with others, allows the police to drive down crime.

In summary, the best thing that police can do to reduce crime is to target resources based on analysis of the problem and at the same time ensure the fair treatment of all those they have contact with.

You Might Also Read: 

Digital Shock: Cybercrime & The Future Of Policing Part 1

Digital Shock: Cybercrime & The Future Of Policing. Part 2

References:

SC Magazine:    SC Magazine:   BraveNewCoin:    BBC:  Guardian:   Information-Age:   ITPro:    Information-Age:

TEISS:   Information-Age:   Information-Age Information-Age:

 

« Hackers Breach Cryptocurrency Platform
Digital Shock: Cybercrime & The Future Of Policing. Part 3 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

QASymphony

QASymphony

QASymphony software testing and QA tools help companies create better software by improving speed, efficiency and collaboration during the testing lifecycle.

APWG

APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government, law-enforcement and NGO communities.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Stage2Data

Stage2Data

Stage2Data is one of Canada’s most trusted cloud solution providers offering hosted Backup and Disaster Recovery Services.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.