How do ‘we’ Police Cyber Crime ?

Thursday 4th June 2015

Craig Jones, SEROCU

OFFICIAL

Presentation Content

• UK policing cyber crime programme

• Cyber threat landscape and impact

• Cyber business resilience

• Future Challenges & Opportunities

OFFICIAL

How do we police the UK ?

The civil force of a state, responsible for the

prevention and detection of crime and the

maintenance of public order.

(Oxford dictionaries)

OFFICIAL

What is Cyber Crime ?

The Home Office, NCA Strategic Governance Group and the Serious

Organised Crime Strategy and now ACPO use a three-fold categorisation

dividing cyber crime into:

- ‘pure’ online crimes where a digital system is the target as well as

the means of attack. These include attacks on computer systems to

disrupt IT infrastructure, exfiltration of data, compromise the integrity of

data or make data unavailable.

- ‘existing crime that have been transformed in scale or form by their

use of the internet. The growth of the internet has allowed these

crimes to be carried out on an industrial scale

- use of the internet to facilitate drug dealing, people smuggling and

other traditional crime types.

Definition used in House of Commons Home Affairs Committee, E-Crime, 2013/14

OFFICIAL

Cyber Crime – The Legislation

Computer Misuse Act 1990

Section 1 - contains the basic 'hacking' offence of gaining unauthorised access to any

program or data held in a computer.

Section 2 - makes it an offence to 'hacking' with a view to commit, or facilitate the

commission of, a further offence i.e. fraud

Section 3 - contains the offence of doing any unauthorised act in relation to a

computer with intent to impair / alter data

Section 3A – making, supplying or obtaining articles for use in S1 or 3

Telecommunications Act

Public Order Act

OFFICIAL

What is Cyber all about ?

• UK Cyber Security Strategy - Protecting and promoting the UK

in a digital world (2011)

• The cost to the UK economy of cyber crime is £27 Billion

(Cabinet Office 2011)

• The cost to the US economy estimated $300 Billion (MacAfee

2013)

• The cost to the worldwide economy estimated at one trillion

dollars (MacAfee 2013)

• Funding via the National Cyber Security Programme - £650

million (not estimated)

OFFICIAL

Strategic Drivers for Cyber

OFFICIAL

UK Cyber Security Strategy

Our good friends...the 4 p’s

Serious and Organised Crime Strategy

Pursue

Criminal investigations and disruption

activity targeting the top tier cyber

threats

Prevent

Stopping individuals becoming involved in

cyber crime

OFFICIAL

Prepare

Responding effectively to major cyber

attacks and mitigating their impact

Protect

Helping businesses and the public to

avoid victims of cyber crime

• Nature of the threat

- Complex, global and constantly changing

- Perpetrated remotely

- Difficult to trace

- Significant impact in the longer term

• Threat Actors in Cyber Space

- Hacktivists – to cause disruption

- Criminals – financial impact

- States, conduction cyber espionage or disruptive attacks on critical infrastructure

- Terrorist, physical attacks remain

The Threat

• Cyber Crime “As-A-Service”

• Forums

• Malware

• Exploit Kits

• Intrusion (“Hacking” or unauthorised access to systems)

• DDOS

• CAV

• AVC

• APT

• Bulletproof Hosting

• E-Currencies

The Threat

National Crime Agency

OFFICIAL

Regional Organised Crime Units

OFFICIAL

ROCU Core Capabilities

Confidential Unit

Prison Intelligence

Technical Surveillance

Regional Fraud Teams

eForensics

Operational Teams

Operational Security

Covert Unit

Protected Person

RART

Cyber Crime

Gain

Regional Cyber Crime Units

OFFICIAL

Present Capabilities

• Estates

• Staffing

• Training

• Equipment

OFFICIAL

I’ve been a victim of Cyber Crime

Reporting Cyber Crime ?

OFFICIAL

Cyber Crime Workflow Process

NCCU

Action Fraud

SEROCU Cyber

Crime Unit

5 South East

Forces

OFFICIAL

Copied In

Campaign Dermic

FBI took executive action on the owners of “Blackshades” which is a remote access tool.

Functions include:

- Remote Desktop Control

- Keylogging

- Webcam control

- Credit card capture

- Distributed denial of service (DDOS), and more…

OFFICIAL

DDOS

• Victim in Hampshire

• Suspect in Cornwall

• Servers based in the UK

• Further victims identified World Wide

OFFICIAL

Network Intrusion

Hacker stealing data from a private medical company.

• Suspect stole confidential client data

• Website defacement as proof

• Blackmail attempt via Email, and Social Media

Possible link to Russia

OFFICIAL

Network Intrusion

• Former employee

• Sent a “Wipe Command” to hundreds

of employees devices – BYOD

• Further access and alterations made

into companies system.

• Impact, loss of contract and

reputation

.

OFFICIAL

OP ASPEN

OFFICIAL

Answers on a………..

New (‘joint’) ways of working

• Law Enforcement Agencies

• Government

• Industry

• Business

• Academia

OFFICIAL

Law Enforcement Partnerships

• NCCU – SAM / Embeds

• Regional Forces – CRUG, HTCU User Group

• FBI, Secret Service, Homeland Security, Europol

OFFICIAL

Government

• Cert UK

• CisP

• BiS

• Cabinet Office

• Home Office

• Other Offices……… OFFICIAL

Government Initiatives

‘The Ten Steps’

Key Government Cyber Guidance

Cyber Essentials Scheme

Innovation Vouchers (£5,000)

OFFICIAL

Industry

• Chamber of commerce

• FSB

• TechUK

• Tech Companies……………………………

OFFICIAL

……………..And a few others

Potential Opportunities and

Implications for Insurance

Companies

SUMMARY

• Helping firms to get to

grips with cyber risk

• Helping the insurance

industry to establish cyber

insurance as part of firms

cyber tool-kits

• Helping London to be a

global centre for cyber risk

management

Cyber Insurance ?

• Generally policies will/can cover the following:

• First party damage to data

• Business interruption

• Privacy and security liability, including notification and credit monitoring

costs

• Brand reputation

• Cyber extortion

• Technology professional liability

• Multimedia liability

• Payment Card Industry Data Security Standard (PCI DSS) compliance

• Cyber terrorism

OFFICIAL

Insurance Considerations

• Within the sector, the cyber threat is not well defined, confusion over

definitions

• Incomplete data in respect of the scale of cyber crime

• Risk management for cyber insurance

• Cyber insurance is a business opportunity

• Individuals/businesses unable to understand the risks in protecting

their data/information

OFFICIAL

Policing Summary

• Incomplete data in respect of the scale of cyber crime

• NOT a local or regional type investigation – International reach

• Cyber crime can be committed remotely, therefore difficult to identify

offender/s.

• Victims unwilling or unable to report crimes

• Staff, knowledge, training gap, retention

• Knowledge of Law Enforcement Agencies/Courts

• Data protection and storage

OFFICIAL

Any questions?

OFFICIAL

Craig Jones– 01865 555776

Serocucybercrimeunit@thamesvalley.pnn.police.uk