How do we Police Cyber Crime?

Transcription

1 How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU

2

3 Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges & Opportunities

4 How do we police the UK? The civil force of a state, responsible for the prevention and detection of crime and the maintenance of public order. (Oxford dictionaries)

5

6

7

8

9 What is Cyber Crime? The Home Office, NCA Strategic Governance Group and the Serious Organised Crime Strategy and now ACPO use a three-fold categorisation dividing cyber crime into: - pure online crimes where a digital system is the target as well as the means of attack. These include attacks on computer systems to disrupt IT infrastructure, exfiltration of data, compromise the integrity of data or make data unavailable. - existing crime that have been transformed in scale or form by their use of the internet. The growth of the internet has allowed these crimes to be carried out on an industrial scale - use of the internet to facilitate drug dealing, people smuggling and other traditional crime types. Definition used in House of Commons Home Affairs Committee, E-Crime, 2013/14

10 Cyber Crime The Legislation Computer Misuse Act 1990 Section 1 - contains the basic 'hacking' offence of gaining unauthorised access to any program or data held in a computer. Section 2 - makes it an offence to 'hacking' with a view to commit, or facilitate the commission of, a further offence i.e. fraud Section 3 - contains the offence of doing any unauthorised act in relation to a computer with intent to impair / alter data Section 3A making, supplying or obtaining articles for use in S1 or 3 Telecommunications Act Public Order Act

11 What is Cyber all about? UK Cyber Security Strategy - Protecting and promoting the UK in a digital world (2011) The cost to the UK economy of cyber crime is 27 Billion (Cabinet Office 2011) The cost to the US economy estimated $300 Billion (MacAfee 2013) The cost to the worldwide economy estimated at one trillion dollars (MacAfee 2013) Funding via the National Cyber Security Programme million (not estimated)

12 Strategic Drivers for Cyber

13 UK Cyber Security Strategy

14 Our good friends...the 4 p s Serious and Organised Crime Strategy Pursue Criminal investigations and disruption activity targeting the top tier cyber threats Prevent Stopping individuals becoming involved in cyber crime Protect Prepare Helping businesses and the public to avoid victims of cyber crime Responding effectively to major cyber attacks and mitigating their impact

15 The Threat Nature of the threat - Complex, global and constantly changing - Perpetrated remotely - Difficult to trace - Significant impact in the longer term Threat Actors in Cyber Space - Hacktivists to cause disruption - Criminals financial impact - States, conduction cyber espionage or disruptive attacks on critical infrastructure - Terrorist, physical attacks remain

16 The Threat Cyber Crime As-A-Service Forums Malware Exploit Kits Intrusion ( Hacking or unauthorised access to systems) DDOS CAV AVC APT Bulletproof Hosting E-Currencies

17 National Crime Agency

18 Regional Organised Crime Units ROCU Core Capabilities Confidential Unit Prison Intelligence Technical Surveillance Regional Fraud Teams eforensics Operational Teams Operational Security Covert Unit Protected Person RART Cyber Crime Gain

19 Regional Cyber Crime Units

20 Present Capabilities Estates Staffing Training Equipment

21 I ve been a victim of Cyber Crime

22

23 Reporting Cyber Crime?

24 Cyber Crime Workflow Process NCCU Action Fraud SEROCU Cyber Crime Unit Copied In 5 South East Forces

25 Campaign Dermic FBI took executive action on the owners of Blackshades which is a remote access tool. Functions include: - Remote Desktop Control - Keylogging - Webcam control - Credit card capture - Distributed denial of service (DDOS), and more

26 DDOS Victim in Hampshire Suspect in Cornwall Servers based in the UK Further victims identified World Wide

27 Network Intrusion Hacker stealing data from a private medical company. Suspect stole confidential client data Website defacement as proof Blackmail attempt via , and Social Media Possible link to Russia

28 Network Intrusion Former employee Sent a Wipe Command to hundreds of employees devices BYOD Further access and alterations made into companies system. Impact, loss of contract and reputation.

29 OP ASPEN

30 Answers on a..

31 New ( joint ) ways of working Law Enforcement Agencies Government Industry Business Academia

32 Law Enforcement Partnerships NCCU SAM / Embeds Regional Forces CRUG, HTCU User Group FBI, Secret Service, Homeland Security, Europol

33 Government Cert UK CisP BiS Cabinet Office Home Office Other Offices

34 Government Initiatives The Ten Steps Key Government Cyber Guidance Cyber Essentials Scheme Innovation Vouchers ( 5,000)

35

36 Industry Chamber of commerce FSB TechUK Tech Companies

37 ..And a few others

38 Potential Opportunities and Implications for Insurance Companies

39

40

41

42

43

44 SUMMARY Helping firms to get to grips with cyber risk Helping the insurance industry to establish cyber insurance as part of firms cyber tool-kits Helping London to be a global centre for cyber risk management

45 Cyber Insurance? Generally policies will/can cover the following: First party damage to data Business interruption Privacy and security liability, including notification and credit monitoring costs Brand reputation Cyber extortion Technology professional liability Multimedia liability Payment Card Industry Data Security Standard (PCI DSS) compliance Cyber terrorism

46

47

48 Insurance Considerations Within the sector, the cyber threat is not well defined, confusion over definitions Incomplete data in respect of the scale of cyber crime Risk management for cyber insurance Cyber insurance is a business opportunity Individuals/businesses unable to understand the risks in protecting their data/information

49 Policing Summary Incomplete data in respect of the scale of cyber crime NOT a local or regional type investigation International reach Cyber crime can be committed remotely, therefore difficult to identify offender/s. Victims unwilling or unable to report crimes Staff, knowledge, training gap, retention Knowledge of Law Enforcement Agencies/Courts Data protection and storage

50

51 Any questions? Craig Jones