With exclusive comments from the Operation Falcon, Metropolitan Police, Colin Nicholls QC, Esther George, Philip Virgo, Simon Fordham OBE, Philip Manning – Read the Full Story Below.
Giants in the Cyber Justice Industry gathered to discuss the future of Cyber Justice and how businesses and law enforcement can work together to prosecute Cybercriminals and recoup losses.
The Event was live tweeted and covered by City AM, Computer Business Review amongst others and covered the launch of the Cyber Detect & Protect Service to by Esther George and 8MAN UK.
What is the current climate between Businesses and Law Enforcement regarding Cybercrime?
Operation Falcon, Metropolitan Police: “U.K. Law enforcement (NCA, Met Falcon, Regional Organised Crime Units) are really keen to build better working relationships with businesses. This area was never a priority so frankly forces largely ignored it. Businesses didn’t often report as they had no confidence we would do anything about it and if we did, often we didn’t have the capability or experience to investigate effectively. That’s changed, the Home Office has substantially invested in new capacity and capability but it needs to be bigger. The Met are also investing up to 500 officers and staff in this area now, a huge increase in the face of 20% cuts. No other forces have invested to this level. Most haven’t increased staffing at all. This led to the creation of Falcon (Fraud and Linked Crime Online). Since we started Aug 2014 we’ve made more than 1000 arrests. Everyone is getting charged, very few are getting acquitted and we’re getting good sentences. If we can identify a real person (the big challenge) all the evidence is on their devices or in their bank accounts so they’ve got nowhere to go.”
Given the spiralling increase of data breaches and cybercrime why aren’t more cybercriminals being brought to justice?
Simon Fordham, ICSPA: ‘Key problem is always if there is enough evidence to bring to trial – especially if it crosses borders’
Colin Nicholls QC: ‘Legislation is very slow, it’s difficult to say how well we’re keeping up with fast moving cybercrime’
Operation Falcon, Metropolitan Police: ‘More cyber criminals aren’t convicted because forces don’t investigate as they don’t have the capability or capacity. The 2 biggest challenges are the fact the crime is often global so there are jurisdictional issues and delays and we need communications data to prosecute. Often that data is in countries or companies that can’t/won’t give it to law enforcement. Increasing levels of encryption also make it harder and harder to intercept comms or retrieve it evidentially through digital forensics. The government’s draft Investigatory Powers Bill addresses some of this and is a big step forward but only covers UK based providers. What about overseas? That’s a massive gap. These are the biggest challenges to successful prosecution although there are plenty of UK based cyber criminals to tackle as well as the international ones.’
Why are businesses failing to report cybercrime to the police?
Philip Manning: ‘Most businesses still aren’t reporting crimes out of embarrassment. Basic controls would prevent most cases’
Philip Virgo: “Most businesses (and their insurers) are more concerned with “asset recovery”, more often than not using civil law against those who aided and abetted the attack and/or failed to help identify the attackers as well as those along the money chain rather than have the hassle of trying to find some- one who will accept a crime report and the subsequent uncertainty of getting a criminal conviction. Such action also appears to have a greater deterrent effect. The “justice” can be quite brutal, with criminals exacting retribution on those who cost them money.”
What mistakes are companies making in preparing for potential prosecutions?
Operation Falcon, Metropolitan Police: “Companies leave it too late to tell us they’ve had a problem or we often only communicate through lawyers. This delays everything, leads to misunderstanding and means evidence is often lost. Tell us early what is happening in a big breach. If you change your mind about cooperating/prosecuting later we’ll walk away. We understand businesses desire for confidentiality and need to get business back to normal as quickly as possible and we won’t undermine that. The only time anything is public from our point of view is when someone is charged and a reporter sees them in court. A cyber incident crisis might be the first for the company but it won’t be for us. We can advise you on what worked and didn’t work in other incidents to help businesses make the right decisions under pressure.”
How can companies aid in the investigation process?
Operation Falcon, Metropolitan Police: “Where business can help is firstly to report everything so we all understand the scale of the problem and properly resource an effective response. Where big businesses can help is supporting us through their resources, be it skilled staff supporting investigations, training, access to business intelligence and technology or sponsorship to help fund our work.”
What additional practices can help?
Operation Falcon, Metropolitan Police: “Lack of education for teenage hackers using criminal malware to open up targets for criminal exploitation and the mules who help launder the money, criminal apprentices on the first rung of a lucrative career. Most are relatively easy to identify, assuming law enforcement is doing its job and those taking civil action can be bothered. They are expendable and better viewed as the modern equivalent of the “forlorn hope” in siege warfare – the mix of the ambitious and the desperate sent to assault the breach in the walls, with the promise of promotion if they succeed and survive.“
Cyber Detect & Protect
The take away from this discussion is that a link between businesses and law enforcement needs to be established. Businesses need to know they can recoup their losses and bring the Cybercrimal to justice with minor business interruption.
What happens if we don’t bring them to justice? Quite simply the risk is as high as before the attack, no matter what actions are taken.
Panellist Esther George is clear “victims should report cybercrime so others are aware of risks and the risk does not occur again for the business owner”
With this in mind, Esther has joined forces with Jens Puhle of 8MAN UK to form the CDP Service which tackles these issues head on and creates the foundations for businesses to work hand in hand with law enforcement to not only prevent and detect cyber criminals but bring them to justice too.
The Cyber Detect & Protect Service has been created to fill the gap between companies and law enforcement, enabling companies to navigate the sensitive issues of Cybercrime and to protect themselves from attack and breach.