how do ‘we’ police cyber crime - the · pdf filehow do we police the uk ? the...
TRANSCRIPT
How do ‘we’ Police Cyber Crime ?
Thursday 4th June 2015
Craig Jones, SEROCU
OFFICIAL
Presentation Content
• UK policing cyber crime programme
• Cyber threat landscape and impact
• Cyber business resilience
• Future Challenges & Opportunities
OFFICIAL
How do we police the UK ?
The civil force of a state, responsible for the
prevention and detection of crime and the
maintenance of public order.
(Oxford dictionaries)
OFFICIAL
What is Cyber Crime ?
The Home Office, NCA Strategic Governance Group and the Serious
Organised Crime Strategy and now ACPO use a three-fold categorisation
dividing cyber crime into:
- ‘pure’ online crimes where a digital system is the target as well as
the means of attack. These include attacks on computer systems to
disrupt IT infrastructure, exfiltration of data, compromise the integrity of
data or make data unavailable.
- ‘existing crime that have been transformed in scale or form by their
use of the internet. The growth of the internet has allowed these
crimes to be carried out on an industrial scale
- use of the internet to facilitate drug dealing, people smuggling and
other traditional crime types.
Definition used in House of Commons Home Affairs Committee, E-Crime, 2013/14
OFFICIAL
Cyber Crime – The Legislation
Computer Misuse Act 1990
Section 1 - contains the basic 'hacking' offence of gaining unauthorised access to any
program or data held in a computer.
Section 2 - makes it an offence to 'hacking' with a view to commit, or facilitate the
commission of, a further offence i.e. fraud
Section 3 - contains the offence of doing any unauthorised act in relation to a
computer with intent to impair / alter data
Section 3A – making, supplying or obtaining articles for use in S1 or 3
Telecommunications Act
Public Order Act
OFFICIAL
What is Cyber all about ?
• UK Cyber Security Strategy - Protecting and promoting the UK
in a digital world (2011)
• The cost to the UK economy of cyber crime is £27 Billion
(Cabinet Office 2011)
• The cost to the US economy estimated $300 Billion (MacAfee
2013)
• The cost to the worldwide economy estimated at one trillion
dollars (MacAfee 2013)
• Funding via the National Cyber Security Programme - £650
million (not estimated)
OFFICIAL
Strategic Drivers for Cyber
OFFICIAL
UK Cyber Security Strategy
Our good friends...the 4 p’s
Serious and Organised Crime Strategy
Pursue
Criminal investigations and disruption
activity targeting the top tier cyber
threats
Prevent
Stopping individuals becoming involved in
cyber crime
OFFICIAL
Prepare
Responding effectively to major cyber
attacks and mitigating their impact
Protect
Helping businesses and the public to
avoid victims of cyber crime
• Nature of the threat
- Complex, global and constantly changing
- Perpetrated remotely
- Difficult to trace
- Significant impact in the longer term
• Threat Actors in Cyber Space
- Hacktivists – to cause disruption
- Criminals – financial impact
- States, conduction cyber espionage or disruptive attacks on critical infrastructure
- Terrorist, physical attacks remain
The Threat
• Cyber Crime “As-A-Service”
• Forums
• Malware
• Exploit Kits
• Intrusion (“Hacking” or unauthorised access to systems)
• DDOS
• CAV
• AVC
• APT
• Bulletproof Hosting
• E-Currencies
The Threat
National Crime Agency
OFFICIAL
Regional Organised Crime Units
OFFICIAL
ROCU Core Capabilities
Confidential Unit
Prison Intelligence
Technical Surveillance
Regional Fraud Teams
eForensics
Operational Teams
Operational Security
Covert Unit
Protected Person
RART
Cyber Crime
Gain
Regional Cyber Crime Units
OFFICIAL
Present Capabilities
• Estates
• Staffing
• Training
• Equipment
OFFICIAL
I’ve been a victim of Cyber Crime
Reporting Cyber Crime ?
OFFICIAL
Cyber Crime Workflow Process
NCCU
Action Fraud
SEROCU Cyber
Crime Unit
5 South East
Forces
OFFICIAL
Copied In
Campaign Dermic
FBI took executive action on the owners of “Blackshades” which is a remote access tool.
Functions include:
- Remote Desktop Control
- Keylogging
- Webcam control
- Credit card capture
- Distributed denial of service (DDOS), and more…
OFFICIAL
DDOS
• Victim in Hampshire
• Suspect in Cornwall
• Servers based in the UK
• Further victims identified World Wide
OFFICIAL
Network Intrusion
Hacker stealing data from a private medical company.
• Suspect stole confidential client data
• Website defacement as proof
• Blackmail attempt via Email, and Social Media
Possible link to Russia
OFFICIAL
Network Intrusion
• Former employee
• Sent a “Wipe Command” to hundreds
of employees devices – BYOD
• Further access and alterations made
into companies system.
• Impact, loss of contract and
reputation
.
OFFICIAL
OP ASPEN
OFFICIAL
Answers on a………..
New (‘joint’) ways of working
• Law Enforcement Agencies
• Government
• Industry
• Business
• Academia
OFFICIAL
Law Enforcement Partnerships
• NCCU – SAM / Embeds
• Regional Forces – CRUG, HTCU User Group
• FBI, Secret Service, Homeland Security, Europol
OFFICIAL
Government
• Cert UK
• CisP
• BiS
• Cabinet Office
• Home Office
• Other Offices……… OFFICIAL
Government Initiatives
‘The Ten Steps’
Key Government Cyber Guidance
Cyber Essentials Scheme
Innovation Vouchers (£5,000)
OFFICIAL
Industry
• Chamber of commerce
• FSB
• TechUK
• Tech Companies……………………………
OFFICIAL
……………..And a few others
Potential Opportunities and
Implications for Insurance
Companies
SUMMARY
• Helping firms to get to
grips with cyber risk
• Helping the insurance
industry to establish cyber
insurance as part of firms
cyber tool-kits
• Helping London to be a
global centre for cyber risk
management
Cyber Insurance ?
• Generally policies will/can cover the following:
• First party damage to data
• Business interruption
• Privacy and security liability, including notification and credit monitoring
costs
• Brand reputation
• Cyber extortion
• Technology professional liability
• Multimedia liability
• Payment Card Industry Data Security Standard (PCI DSS) compliance
• Cyber terrorism
OFFICIAL
Insurance Considerations
• Within the sector, the cyber threat is not well defined, confusion over
definitions
• Incomplete data in respect of the scale of cyber crime
• Risk management for cyber insurance
• Cyber insurance is a business opportunity
• Individuals/businesses unable to understand the risks in protecting
their data/information
OFFICIAL
Policing Summary
• Incomplete data in respect of the scale of cyber crime
• NOT a local or regional type investigation – International reach
• Cyber crime can be committed remotely, therefore difficult to identify
offender/s.
• Victims unwilling or unable to report crimes
• Staff, knowledge, training gap, retention
• Knowledge of Law Enforcement Agencies/Courts
• Data protection and storage
OFFICIAL