Forewarned: forearmed

By on
Forewarned: forearmed

Good intelligence is the key to defeating cybercrime, Sharon Lemon, new head of the National Hi-Tech Crime Unit, tells René Millman. But that will only happen when there is a true partnership between UK plc and the police

The attempted theft of £220m from Sumitomo Mitsui Bank made big headlines in May and proved to be a huge publicity coup for the UK's National Hi-Tech Crime Unit (NHTCU).

The crime was thwarted, and an Israeli hacker arrested. But the ease with which keyloggers had been planted at the bank sent shockwaves through the financial services industry.

The revelation of the crime followed months of undercover work and negotiation by the NHTCU and Sumitomo, and the subsequent publicity was carefully agreed between both parties. But the fact anyone outside the bank got wind of the crime at all is a sign of a new approach to computer crime – companies are more willing to work with law enforcement, and the NHTCU has increasingly won the confidence of victims.

New head of the NHTCU, detective chief superintendent Sharon Lemon, who took on the role in April, is keen to build on that trust. "We want to engage people. We want to work in partnership with industry," she says, from her office in Londons' Docklands.

To this end, the role of the NHTCU is being slimmed down, with paedophile work being split off into a Child Exploitation Online Protection Centre.

"From April next year, this unit will not be dealing with any child abuse investigations," says Lemon, whose last job was head of the Paedophile On-Line Investigation Team. "It needs a separate unit and it needs the charities, the Home Office and the police – all the different agencies – working together."

This will leave Lemon and her team to concentrate on fighting hackers, and organised criminals who are turning to the internet to make a fast buck.

Lemon explains that criminal gangs operate on the principle neatly summed up by American bank robber Willie Sutton. When asked why he robbed banks, Sutton simply replied: "Because that's where the money is." And criminals are increasingly turning to the internet as a way of making previously unimaginable sums, she explains.

Criminals don't care what they deal in as long as they can make a profit, says Lemon. She points out that Operation Ore caught a group of people who changed their website, which originally dealt in adult porn, to child porn when they found there was a lot more interest in it. "They swapped the commodity because that's where the money was," she says. She adds that people involved in selling child abuse images will also deal in guns and drugs and online extortion.

"They're not interested in the commodity, they are not in it for the titillation. They are doing it for the money. We see the same people over and over again; they are just involved in different things."

With online crime rates growing exponentially, the way it is being fought is changing. The NHTCU is adapting to proliferating crime with intelligence-based policing, explains Lemon.

"Intelligence is the cornerstone of Soca [the Serious Organised Crime Agency, which comes into being next year]. Everything is intelligence-led policing. We are not going to wait until they've done the bank robbery and then go chasing after them, arresting them at gunpoint. We are going to find out what is happening to stop it happening in the first place by using our intelligence sources."

Soca will work with the Government to shape legislation. "Say that criminals are managing to get away with a particular area of crime due to a lack of legislation," says Lemon. "We will be working to come out with legislation to cover any loopholes."

The word "intervention" will characterise Soca's modus operandi, says Lemon. This means finding new ways to tackle crime beyond the traditional 'catch them when they've done it' methods. "Intervention is all about legally audacious ways of tackling criminality," she says, "in partnership with the judicial system and industry, for example."

Lemon explains that part of the unit's remit will be to "reduce harm". "At the moment, we measure how many criminal enterprises we disrupt and how many we dismantle. But how can you measure how much harm you have reduced? It is unquantifiable and that's why it's exciting, because it is just going to open new opportunities for us to try different ways to reduce harm."

One way the NHTCU is going about this is via its Outreach programme, which communicates potential threats to computer users of all shades. Part of this programme, its Banker's Briefing, which it runs every six months, highlights current and emerging threats to the financial sector.

Lemon says the sector has found the information useful. "It is about telling them what is coming over the horizon and how to protect their resources. It allows them to look out for these threats and, hopefully, build in some crime prevention and reduction."

What really excites Lemon is Project Endurance, which talks to home PC users and small businesses. Botnets are increasingly used as a conduit for crime, so the unit has been working with the infosec industry to help home-computer users and small businesses secure their PCs. The project could have a major impact on cybercrime, she argues.

"I was at an antivirus company this week and they were saying that they think 60 per cent of attacks could be stopped if people at home could secure their computers."

If people were to spend just one hour patching and securing their computers, the result would be a sharp decline in the strength of botnets and, subsequently, a decrease in the amount of crime committed through them, she says.

And the outreach work goes beyond the UK's borders. Lemon is keen to spread the unit's expertise to other countries. For example, Eastern European gangs control many of the botnets, phishing websites and online extortion rackets. Lemon says the NHTCU now has links with, or is in the process of developing links with, law-enforcement agencies all over the region.

"These law enforcement agencies want to learn from us. They come and look at the set up we have here and they ask: 'Can you give us some clues about how to start up a unit?' They also want to know about best practices. There is that kind of sharing."

Another aspect of this communications drive is to work with the media to make the general public aware of the unit's successes against the online mafia. This interview, the first Lemon has given since joining the NHTCU, is part of that push.

But the communications process can't all be one way, believes Lemon. People need to bring information to the unit. "Intelligence is simply information that people give us," she says. "When you piece all the bits of intelligence together, then it becomes something."

But most companies are still reluctant to report their security concerns to the law enforcement for fear of the police coming in, cordoning off offices and taking away servers as evidence. The unit has worked hard to dispel this myth and Lemon says her industrial liaison staff do a lot of networking with companies so that "corporations have a person they know and recognise and have somebody to phone up". This approach makes dealing with companies "much less of a challenge", she adds.

And if a company does report a crime to the unit, the NHTCU will work in confidence with that firm to minimise the commercial impact of investigation and disruption. It will also talk with the firm before acting upon and distributing any information received.

The investigative process starts with a confidential consultation run according to the NHTCU's Confidentiality Charter. The consultation consists of a meeting between unit staff and key employees of the organisation that approached the unit. It covers, among other things, the extent of any internal investigations to date, the likely disruption and cost to business from the investigation, and agreements to keep this disruption to a minimum.

The information can either be used in investigations or as intelligence to be analysed by the unit, depending on the wishes of the company that has provided it. If the information is used for intelligence purposes, the unit will agree with the company what information should remain confidential and what can be distributed for the benefit of the industry in general, while protecting the source of the information.

Lemon's final message is simple: if your company has been the victim of serious computer crime, you know who to call.

Copyright © SC Magazine, US edition
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?