Post on 30-Jun-2018
Detective Sergeant Gary Sirrell
Detective Sergeant
Martin Taylor
Rccu@west-midlands.pnn.police.uk
Twitter:- @ROCUWM
Why are we here ?
• Police cannot tackle this alone
• Develop working partnerships and collaborations
• The BCS and others outside of law enforcement have a key role to play
• Difficult Landscape
• Under Reporting
Following review, it’s now 1.9 billion!
Local Policing Structures
• 43 Separate Forces
• Mainly Operating Independently
• Range from 973 in Warwickshire up to 33,367 in London (Met Police)
Regional & NationalPolicing Structures
10 Regional Organised Crime Units (ROCU's)
Hacking Motivations
Who is doing this computer hacking and why?
Threats / Motivation• Hacktivism
• Fame / Kudos (Experimenters and Gamers• Financial (Theft, Fraud, Blackmail – DDOS )• Insider• Business - IP & Competitive Advantage• State
Common Reports
• RANSOMWARE Malicious emailsRDP Vulnerabilities
• INSIDER THREAT Account privilegesSuspension/Termination
• DDoS Motive?• BANKING MALWARE Malicious Emails
Often a combination of attacks and data sources
Human vulnerability is often the biggest threat
The video used is
https://www.youtube.com/watch?v=lc7scxvKQOo
‘This is how hackers hack you using simple social engineering’
Hackers don’t just hack computers. This video shows hacking a Human through ‘Vishing’. There’s also Phishing & Smishing!
Cyber Crime Strategy… The four P’s
PROTECT – Ensure adequate protection against the threat. (Think of this as traditional Crime Prevention)
PREPARE – Reduce the impact where it does take place (Encryption, Backups, Exercising, Plans etc)
PREVENT – Stop people from engaging in criminal activity. (Diversion from Crime, offer alternatives)
PURSUE – Identify, disrupt, and take action against those engaged in criminal activity. (You know this one)
RCCU Structure
The ‘Protect’ Role
• My role is predicated on the premise that 80% of all Cyber Crime in relation to the public and small businesses is preventable by the implementation of basic advice and controls.
• In the physical world we are pretty good at security. This is reflected in the fact that traditional crime is falling. Yet Cyber Crime is a massive problem, is under reported, and is growing.
Passwords really are the keys to the Kingdom..
• Video Used is
• https://www.youtube.com/watch?v=opRMrEfAIiI
• Search Youtube on ‘What is your Password.. Jimmy Kimmel Live
Some examplesof the basic advice I give…
• Password Hygiene• Anti Malware / Internet Security Software• Firewall• Update and Migrate• Data Recovery (Backups)• Staff Awareness• Secure your website• Data Encryption• Managing User Accounts and Privileges• Cyber Liability Insurance
Did I mention privacy settings?
• Video Used is • https://www.youtube.com/watch?v=yrjT8m0hcKU
• Search Youtube on ‘How private is your personal information? Action Fraud’.
What support is out there for the public and for business?
ResourcesGet Safe Online (www.getsafeonline.org)
ResourcesCyber Aware (www.cyberaware.gov.uk)
Resources
Cyber Essentials(www.cyberaware.gov.uk/cyberessentials)
Resources
WWW.NCSC.GOV.UK/CISP
CiSP is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
Reporting…Cyber Crime is under reported…We encourage the reporting of Cyber Crime through the National Reporting mechanism….Online:- www.actionfraud.police.uk (24 hours)Telephone:- 0300 123 2040
Current Challenges
• Digital Crime Scene• New sources of evidence - OS, Servers, DBs• Digital threat and risk - encryption• Limited Capabilities in Digital Forensics - Cost & Scale• ACPO Guidelines & ISO standards• Challenge of outdated laws and rules - grey areas• Internet of Things – explosion of devices• International co-operation• Bulletproof Hosting/Regulation• Remote & Hidden Storage• Cryptocurrencies and confiscation• Attribution• Dark Web
Digital Crime Scene
Digital Currencies andthe challenge to Policing…
• 1BTC = £1335.00 (01/05/17) - was £465.05 in Aug 2016
Case Studies
Detective Sergeant Gary Sirrell
DS Martin Taylor
Rccu@west-midlands.pnn.police.uk
Twitter:- @ROCUWM
Questions?