The Police Chiefs' Blog
One year on from the start of the first lockdown
Police Chiefs' Blog: Martin Hewitt - Chief Constables Council January 2021
What have we learnt about dealing with mental health during the pandemic?
DCC Julie Cooke discusses the importance of Pride
How we can stop female genital mutilations
Data Protection Day
Police Chiefs' Blog: Martin Hewitt - Chief Constables Council January 2020
International Day to End Violence Against Sex Workers
Drones and the police
Next >>>

 

Policing cyberspace: Janet Williams, Deputy Assistant Commissioner of the Metropolitan Police and ACPO lead on E-Crime, on how UK police are tackling e-crime.

I see cyber crime as a classic example of what is known in the service as 'invisible' policing: one in the rapidly growing array of tasks which the service carries out away from public view. Though so critical to public safety cyber crime is recognised by the National Security Council as second only to international terrorism in terms of the risk it poses, I'm not sure how aware the public are of the work which goes on to counter it. We need to change the narrative a little to recognise that actually, while it is global in nature and active in a virtual space, which may seem remote, it is individual citizens who get harmed by cyber crime. The connection between what my officers are doing and what happens locally is felt directly by every person who has an account compromised, credit card cloned or identity stolen, and indirectly by everyone else who pays for the damage caused in higher prices and insurance premiums. It's estimated that cyber crime costs the UK £27billion a year. (1)

Over the past three years considerable funds and resources have been invested into setting up the Police Central E-Crime Unit (PCeU), housed within the Metropolitan Police but providing a national response. It requires a high level of technical expertise from the officers charged to do the job, plus hi-tech kit. That all adds up to a considerable outlay, but it's definitely a case of 'can we afford not to do it?’. For every £1 invested in the operational activity the Police Central eCrime Unit runs through a ‘Virtual Task Force’, we currently return £21 in savings. That provides a good business case for investment.

The task force approach is absolutely crucial to the way we tackle the problem. Made up of partners in industry, academia, and other law enforcement agencies, the Virtual Task Force harnesses intelligence that the business sector possesses and couples them with the investigative skills of my officers. The approach has been so successful that investigations which would previously have taken three years are now taking three months or less. We are able to see online criminality happening in real time and disrupt illegal transactions as they happen. To take two examples, Operation Poplin led to the arrest of 13 non-UK nationals who had planned an attack using a Trojan virus. The group had access to £18.5million through compromised accounts. Operation Pagode saw four individuals jailed a combined total of over 20 years, for their part in an online criminal forum trading credit cards and information. The financial losses linked to this forum added up to over £20million.

There are some challenges we need to look at. One example is the time it takes to gather evidence from foreign jurisdictions using the existing 'Commission Rogatoire' system. As the name suggests, the system dates to another day and age and hundreds of years of legal practice. But the criminality we face recognises no boundaries. Transactions leap from country to country in the blink of an eye, and those who exploit that potential deliberately make the trail as difficult to follow as they can. Excellent collaboration with other law enforcement agencies and the private sector has helped us but requesting evidence through the Commission Rogatoire takes time. It hasn't stopped us bringing prosecutions but certainly slows us down, and therefore that time which could be spent targeting other criminals is lost. That's a description of the problem: it will be for the Home Office to look at it and consider whether there is a case for updating legislation to keep pace.

Another challenge is developing forensic tools to help us extract the information we need from computers. People's whole lives these days are on their hard drives and the forensic capability to sift that information quickly to find what we need is really important. At the moment, the hi-tech officers we use on that task across the country are working almost exclusively in the child protection area. We are working closely with industry on this to develop and give those specialist officers faster tools for this job which will let them cover more ground. If we can do that, we can free up more time for them to cover cyber crime in the wider sense.

Looking to the future I see us taking the taskforce approach to other sectors like telecoms and energy, where we know it can be as successful as it has proved to be in financial services. We will get further ahead of this problem if people are willing to share intelligence with each other and with us. Another significant step forward will be to establish three regional hubs working with PCeU, which we aim to do later this year. These will be small units - probably around two very highly trained detectives, and a sergeant with some high level kit, linked into existing regional capability created to tackle organised criminality.

Finally, we do need people to realise that they can really make a difference and help themselves by ensuring they are adequately protected online. I'm sometimes asked whether I use the internet myself to shop or bank. The answer is yes to the former and no to the latter - but that's more because I haven't got round to it than anything else! There are lots of things that citizens can do to protect themselves - some of them pretty straightforward like not using the same password across every online account. We're working with Get Safe Online, a government service that provides free advice to both businesses and members of the public about how to use the internet safely.

This is an area of policing that we consider to be a priority and the progress we have made in the three years since PCeU was established shows that. We're working technically from the 'back office' but in my mind the service we provide is quite clearly frontline - protecting the public on a daily basis as they carry out routine transactions online. Again, it demonstrates how all the job of a uniformed police officer must marry up with the unseen work we do in order to keep the public safe from harm.

 

ENDS

 

Notes:

1. Office of Cyber Security & Information Assurance and Detica report, The Cost of Cyber Crime