UK broadsheet The Guardian reported recently that London’s Metropolitan Police Service, colloquially known as The Met, has quadrupled the size of its cybercrime unit in the last two months.
This should make happy reading for readers of this site.
Last year, after news that funding for fighting cybercrime in the UK had been cut significantly, we ran a Naked Security poll asking if this was the right way forward.
More than 75% of participants said, “No. Cybercrime is on the rise, and we need more resource to fight it.”
Of course, ongoing violent civil unrest in London has been making global headlines over the weekend. Arson, looting and wanton destruction of property has taken place in more than one part of Britain’s capital, putting lives, jobs and the economy at a clearly-visible risk.
So it’s reasonable to ask whether cybercrime operations at the Met are more deserving of funds than more traditional aspects of policing aimed at directly protecting life and property.
Former commissioner of the Met, Sir Paul Stephenson, noted last year that some observers wanted the specialist work done by the Police Central e-Crime Unit (PCeU) to be left to industry, banks and retailers.
But he disagreed with this approach, arguing that law enforcement could not afford to fall behind cybercriminals in the skills at their disposal.
(Ironically, Sir Paul recently resigned from the Met in the wake of the News of the World phone hacking scandals.)
I agree that law enforcement and our economy cannot simply rely on industry verticals – including security companies like Sophos – for our collective ability against cybercrime. Few crimes these days have no cyber-element. From investigation, through arrest and the bringing of charges, prosecution and sentencing, most modern criminal cases require cyberskills.
I’m not talking just about the ability to use a PC and do internet searches.
I’m talking about the ability to perform forensic data recovery, to make sense of arcane system logs, to extract data reliably from seized mobile phones, and much more.
And I’m talking about the need to package and present this evidence in a way which not only satisfies the meticulous rules of evidence imposed by the courts, but also makes sense to a jury and a judge without any of those cyberskills.
The physical damage wrought over the weekend in London by rampant crowds of law-breakers is heart-wrenching. But cybercrime can be equally damaging, though less obviously so.
Don’t forget that in a recent FBI-driven bust, a small Latvian cybergang was charged with ripping off a whopping $72 million from some 960,000 victims in less than two years. That’s just one scam (selling fake security software) operated by just one gang of crooks.
The collective threat of cybercrime is thousands of times – perhaps tens of thousands of times – larger than that single $72,000,000 bust. Sir Paul was right to say that our police can’t afford to fall behind the cybercrooks.
2 comments on “London’s Metropolitan police re-invest in fighting cybercrime”
Great for London. What about the rest of the country? Trying to report an ecrime to Avon and Somerset is not easy for local business owners or their support workers, for example.
According to http://www.met.police.uk/pceu/, the PCeU is a national resource, at least from an investigative point of view. So the new spending _ought_ to be of value country-wide. "The Police Central e-crime Unit – PCeU, is jointly fund [sic] by the Home Office and Metropolitan Police to provide a national investigative response to the most serious incidents of cyber-crime."
Sadly, the PCeU's remit doen't cover _reporting_ of cybercrime. The same webpage says, "Internet reporting of cyber-crime will come under the control of the National Fraud Authority."
And, the NFA's fraud website, http://www.actionfraud.police.uk/ boldly says, "Report a fraud – Every fraud, no matter what scale, is important to us."
Your kilometrage may vary, but perhaps it's worth trying ActionFraud, at least the once, and seeing what happens?
If you like the results, you can tell others; if you don't you can tell us 🙂