Crackdown on cybercrime declared by UK police

Britain’s police forces have made a New Year resolution to crackdown on cybercrime, promising every incident reported in 2019 will be investigated.

According to Superintendent Andrew Gould, the National Cybercrime Programme Lead for the National Chief Police’s Council and one of the UK’s leading cybercrime detectives, the crackdown on cybercrime marks an abrupt shift in police policy as law enforcement recognises the challenges of the 21st century.

“Every one of those where there’s a viable line of enquiry will actually get an investigation now, whereas before…there was very little happening at all.”

He also promises that every single victim, regardless of whether or not their report can be investigated, “will get advice to hopefully prevent them becoming victims again,” said Gould.

An essential development to cope with the shattering impact of the cybercrime epidemic, as victims are often too embarrassed to admit they have been hacked.

And when they do go to the police they are unlikely to be given a crime number, so they cannot claim on insurance. It’s a timely undertaking because while this holiday season may mean different things to different people, there is one thing that we all have in common whether Christian, Jewish, pagan, Hindu or even Jedi: shopping.

And with all the Christmas crowds and cold weather, it is no surprise that many are choosing to make holiday purchases online. Yet with this increased internet usage comes an increased risk of falling victim to cyber crime. The incident rate has been increasing by as much as 25% year on year since 2015 . With the launch of the National Cyber Security Centre (NCSC) in 2016 (1), the UK police force began to demonstrate that they recognise the seriousness of the threat of cyber crime.

But what measures is the centre taking now?

CSRI Editor and Chairman Peter Warren interviewed Detective Superintendent Andrew Gould, head of the NCSS, to find out.

Awareness raising

Gould confirms that around the holiday period “there is a spike [in cyber crime] as more people are busy online buying presents”. Though admitting that those engaged in cyber crime encompass a wide range of citizens, he is keen to dispel the “perception that cybercriminals are these hugely sophisticated almost whiz-kids”:

“If anything, the complete opposite is true: there are so many tools that are readily available online that people can download and use with very limited skills or knowledge.”

He points out that this means that since such limited skills and knowledge are needed, avoiding becoming a victim of such crimes has also theoretically become easier, as long as people are aware of the risks. He repeatedly stresses the importance of being “a little more suspicious” and remembering, “If it’s too good to be true, it probably is.”

Part of the NCSC’s work includes awareness-raising work with the public and businesses to help individuals understand the risks of cyber crime so that they “don’t fall foul of it in the first place”.

A new emphasis on investigation

For those who may have already become a victim of cyber crime, the advice to be “a little more suspicious” may be coming a little late. They will probably be pleased to hear that, by next April, England and Wales will have their own cyber crime unit “dedicated to investigating every cyber-dependent crime”. Gould admits that before the creation of this unit, reporting a cyber crime gained very little results, sinced the reported crime was unlikely to be investigated; but he is confident that once the new unit is up and running,

“Every one of those where there’s a viable line of enquiry will actually get an investigation now, whereas before…there was very little happening at all.”

He also promises that under the crackdown on cybercrime every single victim, regardless of whether or not their report can be investigated, “will get advice to hopefully prevent them becoming victims again.”

International help for cybercrime crackdown

Such techniques as phishing, false flagging and gaining bank details are, as Gould puts it, “done in a click in an instant and it will take us months or years to investigate and prosecute.” The nature of the internet means that cyber criminals are rarely working within one country; as Gould says, “pretty much all crime’s international these days; there are very few local crimes any more”. The NCSC has links with Europol and the FBI and detectives use techniques garnered from international counter-terrorism policing – Gould’s background – to try to tackle cyber crime on an international level.

Although many different people may work together across borders to commit cyber crimes, it is Gould’s belief that an “organised network absolutely doesn’t exist.”

New avenues for young hackers

Rather, Gould stresses that the majority of those committing cyber crimes are individuals, very often young teenagers.

“University College London did a study onto the ‘Millennium Cohort’ and one of their findings is the fact that there are more young people engaged in hacking than are engaging in underage drinking, smoking and underage sex all put together.

I don’t think that the wider…population of parents have any idea of that at the moment.”

Gould admits that criminalising young hackers may be counter-productive or actively opposed by parents or schools, so the NCSS is looking into more imaginative approaches to combat this rise in hacking amongst young people. Early in 2019 they plan to launch what he calls “intervention panels” in London, which are aimed at programmes for young people “where they can develop their skills in a more appropriate safe space – so we can better understand the potential threat they pose if they continue to go down that road, but that also starts to get them some positive development, training, skills, education; also potential employment opportunities.”

If people are becoming skilled at hacking at such a young age, presumably their skills are of pretty high quality or can be trained to highly effective use; so it is not too difficult to guess where these “employment opportunities” might be.

Along with the NCSC’s work, Gould points out that there is already “a whole lot of work being done by the National Crime Agency (NCA)…into looking at meaningful preventative strategy and engagement with young people” such as the NCA’s overt presence on many hacking forums.

Safety begins at home

The ‘intervention panels’, once they are up and running, plan to include publicity in schools as part of a wider awareness-raising campaign, though Gould points out that this will be a challenge: “Good communication costs money; but we’ve got to find a way to do it.”

The new crackdown on cybercrime initiatives from the NCSC seem to show new commitments and recognition by the British government of the importance of cyber security in today’s society. However, Gould makes clear that alongside government action, citizens need to take responsibility for safeguarding their own online personas and possessions.

“When you leave your home you don’t leave the doors and windows unlocked…Why would you leave your online identity and your online possessions completely exposed by leaving your software doors and windows open?”

Why indeed.

An article based on this interview was published in the Sunday Times

Future Intelligence has won a number of awards for its reporting on cybercrime and also runs the Cybersecurity Research Institute here is a selection of some of the stories we have published on Fi and in national newspapers –

Police break EncroChat crime network – Future Intelligence

“Gary McKinnon was unlucky. He’s not even a very good hacker” – Future Intelligence Fi and the Independent

Anti-terror expert warns of criminals switching from high street to online crime – Future Intelligence

Tech Police chief’s plea for new powers – Future Intelligence

Chinese hackers attack UK Houses of Parliament – Future Intelligence Fi and the Guardian, Winner BT Security News Story of the year award 2007

References