Tackling Cyber Crime in the UK

Andy Archibald

Deputy Director National Cyber Crime Unit

In 2013, 73% of

adults in Great Britain

accessed the internet every day

Symantec reported

blocking 5.5 billion attacks

globally in 2011, and saw a 42%

increase in targeted

attacks in 2012

Worldwide 3 Billion people will be using the internet

by 2016Loss suffered by the UK by banks from card not present (CNP)

fraud undertaken online to be

140.2 million229 median

number of days that threat

groups were present on a

victims network before detection

Reports of cyber crime

to Action Fraud

increase

d by 30%

Cybercrime Facts Cost of Cybercrime

McAfee have reported a

conservative estimate on the global loss to

cybercrime to be $375 billion

losses

US average direct cost

per cybercrime

victim inthe past 12

months estimated at

US$101

British Retail Consortium

survey showed that 79% of the retailers

who responded had suffered a cyber attack in

2012-13

Access to the internet from

mobile phones more than doubled

in the three years between

2010 and 2013

Five key cyber crime threats

Malware targeting businesses & individual users for fraud

Network intrusion ('hacking')

Enablers of cyber dependent crime (e.g. money laundering / digital currencies / anonymisation).

Cyber crime 'as a service

Targeted disruption of access to UK networked systems and services (e.g. DDOS / Ransomware)

Emerging threats - mobile malware and the targeting of mobile platforms.

Impact of Cyber Crime

Loss of consumer confidence

Cost of service disruptions

Cleaning up after the incident

Cost increased spending in cyber security

Damaging to the brand and reputation

Drive business away from the UK if perceived to be a risky place to trade

Attacks against the critical infrastructure pose a threat to the national security

Lead the UKs fight to cut cyber crime

Provide a specialised investigative response, nationally and internationally, to the most serious incidents of cyber crime

Work proactively to eliminate criminal opportunities and create a hostile environment for cyber criminals

Assist law enforcement to tackle cyber and cyber-enabled crime

Support a step-change in UK law enforcements mainstream cyber capabilities.

The NCCUs Mission

Our Approach

Most serious cyber OCGs and SGG

priorities

Cyber Criminals & those on the fringes

of Cyber Crime

Victims and infrastructure

Major Cyber Incidents & CT

PURSUE

PREPAREPROTECT

PREVENT PURSUE

What have we achieved so far

Introducing a collaborative approach to partnerships, including across Government, Policing and Industry.

Coordinating the global operational response to cyber crime, with priorities, targets and investigations joined-up across international partners.

Implementing a comprehensive, multi-dimensional Pursue response to the cyber crime threat, including:

Disruption techniques targeting criminal infrastructure;

High priority operations targeting the most significant cyber crime threats to the UK, in particular malware & network intrusion.

All cyber crimes are international

International reach and relationships are critical success factors:

Access to dataCollaboration with overseas law enforcementProsecution or disruption of overseas offenders?NCA Liaison officers with access to data and localknowledge INTERPOL, Europol, US.

A range of international partnerships and networks:

ICANN / RIPE

Priority countries

G8 24/7 contact points.

JCAT Joint Cybercrime Action Taskforce

Fice Eyes Law Enforcemnet Group

International capacity building

NCCU International Reach

Two strands to our approach:

1) Identification of collaborative research and development opportunities.

2) NCCU to be an employer of choice for graduates with relevant subject matter expertise.

Emphasis on delivering tools and techniques to enhance our capabilities and underpin operational delivery.

Currently delivering seminars and presentations to relevant courses to raise awareness.

Ambition to create opportunities for student placements and provide direction/support for dissertations and PHD projects.

Focused and managed engagement Napier a priority.

NCCUs Approach to Academic Engagement

Effective partnerships can provide access to private sector data, capabilities and skills.

NCCU invests heavily in outreach to the private sector banks, anti-virus companies, retailers.

NCCU leads cyber partnerships across Government - Cyber Strategic Governance Group

Single intelligence picture

Joined-up response across UK LE

Coordinated action plan

Partnerships

I can do more damage on my laptop in my pyjamas, before my first cup of Earl Grey, than you can do in a year in the field.

Q - Skyfall

Skills and Capability Development

New crimes need new skills

High end skills coders, programmers, technical engineers.

Challenge to attract, retain and reward these individuals.

General increase in skills, knowledge and awareness across law enforcement.

Example Tovar: Protect

International operation targeting GameOverZeus and Cryptolocker malware variants.

These malware variants are estimated to have cost the UK 500 million in losses.

Coordinated activity across 10 countries led to the botnet behind the malware being taken offline for two weeks, allowing the public to take steps to protect themselves (e.g. update anti-virus).

Combined with extensive global media coverage

32% drop in GameOverZeus infections, estimated 100 million in losses prevented

Example Dermic: Pursue & Prevent

UK investigation targeting the users of Blackshades, a Remote Access Tool able to access users webcams.

FBI intel - over 1100 UK-based purchases on Blackshades.

NCCU coordinated a week of arrests, involving ROCUs, MPS & Police Scotland, targeting 50+ individuals for Pursue action.

20 arrests across 10 Regions.

Remaining individuals subject to Prevent activity cease & desist letters, visits by ROCU & NCA officers, media coverage

Linked to a global day of action with over 100 arrests in the US, Australia, Asia & Europe.

An important test of the NCCUs coordination of UK law enforcement.

Global/Local

Use of intelligence

NCCU will focus on the highest priority, top tier threats, but we will also focus on supporting:

International capabilities

Partnerships

Development of capability and skills

We can only tackle cyber crime by working together.

Conclusions