From my perspective, I see cyber crime as a classic example of what is known in the service as ‘invisible’ policing: one in the rapidly growing array of tasks which the service carries out away from public view.
Though so critical to public safety, cyber crime is recognised by the National Security Council as second only to international terrorism in terms of the risk it poses.
I’m not sure how aware the public are of the work which goes on behind the scenes to counter cyber crime. We do need to change the narrative a little to recognise that, actually, while it’s global in nature and active in a virtual space which may seem remote, it’s individual citizens who are harmed by cyber crime.
The connection between what my officers are doing and what happens locally is felt directly by every person who has an account compromised, a credit card cloned or their identity stolen, and indirectly by everyone else who pays for the damage caused in higher prices and insurance premiums.
Cost of cyber crime in the UK
It’s estimated that cyber crime now costs the UK GB pound 27 billion every year1 and, over the past three years, considerable funds and resources have been invested in setting up the Police Central E-Crime Unit (PCeU), housed within the Metropolitan Police Service but providing a national response.
This operation requires a high level of technical expertise from the officers charged to do the job, plus high-tech kit. That all adds up to a considerable outlay, but it’s definitely a case of ‘can we afford not to do it?’
For every GB pound 1 invested in the operational activity the Police Central eCrime Unit runs through a ‘Virtual Task Force’, we currently return GB pound 21 in savings. That provides a good business case for investment.
The task force approach is absolutely crucial to the way in which we tackle the problem. Made up of partners in industry, academia and other law enforcement agencies, the Virtual Task Force harnesses intelligence that the business sector possesses and couples them with the investigative skills of my officers.
This approach has been so successful that investigations which would previously have taken three years are now taking three months or less.
We are able to see online criminality happening in real-time, and to disrupt illegal transactions as they happen.
Take two examples. Operation Poplin led to the arrest of 13 non-UK nationals who had planned an attack using a Trojan virus. The group had access to GB pound 18.5 million through compromised accounts.
Meanwhile, Operation Pagode saw four individuals jailed for a combined total of over 20 years for their part in an online criminal forum trading credit cards and information.
The financial losses linked to this forum added up to over GB pound 20million.
Challenges that lie ahead
There are some challenges we need to look at. One example is the time it takes to gather evidence from foreign jurisdictions using the existing ‘Commission Rogatoire’ system.
As the name suggests, that system dates to another day and age and hundreds of years of legal practice, but the criminality we now face recognises no boundaries. Transactions leap from country to country in the blink of an eye, and those who exploit that potential deliberately make the trail as difficult to follow as they can.
Excellent collaboration with other law enforcement agencies and the private sector has helped us, but requesting evidence through the ‘Commission Rogatoire’ takes time. It hasn’t stopped us bringing prosecutions but certainly slows us down. Therefore, that time which could be spent targeting other criminals is lost.
That’s a description of the problem, though. It will be for the Home Office to look at it and consider whether there’s a case for updating legislation to keep pace with the situation.
Another challenge is developing forensic tools to help us extract the information we need from computers.
Peoples’ whole lives these days are on their hard drives and the forensic capability to sift that information quickly to find what we need is really important.
At the moment, the high-tech officers we use on that task across the country are working almost exclusively in the child protection area. We are working closely with industry on this to develop and give those specialist officers faster tools for this job which will let them cover more ground.
If we can do that, we can then free up more time for them to cover cyber crime in the wider sense.
Taking stock of telecoms and energy
Looking to the future, I see us taking the taskforce approach to other sectors like telecoms and energy where we know it can be as successful as it has proven to be in the financial services sector.
We will move further ahead of this problem if people are willing to share intelligence with each other and with us.
Another significant step forward will be to establish three regional hubs working with PCeU. This is something we aim to do later on this year. These will be small units, probably including two very highly-trained detectives and a sergeant with some high-level kit linked into existing regional capabilities created to tackle organised criminality.
Finally, we do need people to realise that they can really make a difference and help themselves by ensuring they are adequately protected online.
I’m sometimes asked whether I use the Internet myself to shop or bank. The answer is ‘Yes’ to the former and ‘No’ to the latter (but that’s more because I haven’t got round to it than anything else!)
There are lots of things that citizens can do to protect themselves, some of them pretty straightforward (like not using the same password across every online account). We’re working with Get Safe Online, a Government service that provides free advice to both businesses and members of the public about how to use the Internet on a safe basis.
This is an area of policing that we consider to be a priority. The progress we’ve made in the three years since the PCeU was established shows that.
We’re working technically from the ‘back office’, but in my mind the service we provide is quite clearly frontline: protecting the public on a daily basis as they carry out routine transactions online.
Again, it demonstrates how the job of a uniformed police officer must marry up with the unseen work we do in order to keep the public safe from harm.
Janet Williams is deputy assistant commissioner of the Metropolitan Police Service and ACPO’s lead on the subject of e-crime
Reference
1Office of Cyber Security & Information Assurance and Detica report: ‘The Cost of Cyber Crime’
This blog appears on the official ACPO website (access the site via our dedicated web link at the foot of this page)
