Tackling Cyber Crime in the UK - d-fet.eu · PDF fileFive key cyber crime threats •...
Transcript of Tackling Cyber Crime in the UK - d-fet.eu · PDF fileFive key cyber crime threats •...
Tackling Cyber Crime in the UK
Andy Archibald
Deputy Director National Cyber Crime Unit
In 2013, 73% of
adults in Great Britain
accessed the internet every day
Symantec reported
blocking 5.5 billion attacks
globally in 2011, and saw a 42%
increase in targeted
attacks in 2012
Worldwide 3 Billion people will be using the internet
by 2016Loss suffered by the UK by banks from card not present (CNP)
fraud undertaken online to be
140.2 million229 median
number of days that threat
groups were present on a
victims network before detection
Reports of cyber crime
to Action Fraud
increase
d by 30%
Cybercrime Facts Cost of Cybercrime
McAfee have reported a
conservative estimate on the global loss to
cybercrime to be $375 billion
losses
US average direct cost
per cybercrime
victim inthe past 12
months estimated at
US$101
British Retail Consortium
survey showed that 79% of the retailers
who responded had suffered a cyber attack in
2012-13
Access to the internet from
mobile phones more than doubled
in the three years between
2010 and 2013
Five key cyber crime threats
Malware targeting businesses & individual users for fraud
Network intrusion ('hacking')
Enablers of cyber dependent crime (e.g. money laundering / digital currencies / anonymisation).
Cyber crime 'as a service
Targeted disruption of access to UK networked systems and services (e.g. DDOS / Ransomware)
Emerging threats - mobile malware and the targeting of mobile platforms.
Impact of Cyber Crime
Loss of consumer confidence
Cost of service disruptions
Cleaning up after the incident
Cost increased spending in cyber security
Damaging to the brand and reputation
Drive business away from the UK if perceived to be a risky place to trade
Attacks against the critical infrastructure pose a threat to the national security
Lead the UKs fight to cut cyber crime
Provide a specialised investigative response, nationally and internationally, to the most serious incidents of cyber crime
Work proactively to eliminate criminal opportunities and create a hostile environment for cyber criminals
Assist law enforcement to tackle cyber and cyber-enabled crime
Support a step-change in UK law enforcements mainstream cyber capabilities.
The NCCUs Mission
Our Approach
Most serious cyber OCGs and SGG
priorities
Cyber Criminals & those on the fringes
of Cyber Crime
Victims and infrastructure
Major Cyber Incidents & CT
PURSUE
PREPAREPROTECT
PREVENT PURSUE
What have we achieved so far
Introducing a collaborative approach to partnerships, including across Government, Policing and Industry.
Coordinating the global operational response to cyber crime, with priorities, targets and investigations joined-up across international partners.
Implementing a comprehensive, multi-dimensional Pursue response to the cyber crime threat, including:
Disruption techniques targeting criminal infrastructure;
High priority operations targeting the most significant cyber crime threats to the UK, in particular malware & network intrusion.
All cyber crimes are international
International reach and relationships are critical success factors:
Access to dataCollaboration with overseas law enforcementProsecution or disruption of overseas offenders?NCA Liaison officers with access to data and localknowledge INTERPOL, Europol, US.
A range of international partnerships and networks:
ICANN / RIPE
Priority countries
G8 24/7 contact points.
JCAT Joint Cybercrime Action Taskforce
Fice Eyes Law Enforcemnet Group
International capacity building
NCCU International Reach
Two strands to our approach:
1) Identification of collaborative research and development opportunities.
2) NCCU to be an employer of choice for graduates with relevant subject matter expertise.
Emphasis on delivering tools and techniques to enhance our capabilities and underpin operational delivery.
Currently delivering seminars and presentations to relevant courses to raise awareness.
Ambition to create opportunities for student placements and provide direction/support for dissertations and PHD projects.
Focused and managed engagement Napier a priority.
NCCUs Approach to Academic Engagement
Effective partnerships can provide access to private sector data, capabilities and skills.
NCCU invests heavily in outreach to the private sector banks, anti-virus companies, retailers.
NCCU leads cyber partnerships across Government - Cyber Strategic Governance Group
Single intelligence picture
Joined-up response across UK LE
Coordinated action plan
Partnerships
I can do more damage on my laptop in my pyjamas, before my first cup of Earl Grey, than you can do in a year in the field.
Q - Skyfall
Skills and Capability Development
New crimes need new skills
High end skills coders, programmers, technical engineers.
Challenge to attract, retain and reward these individuals.
General increase in skills, knowledge and awareness across law enforcement.
Example Tovar: Protect
International operation targeting GameOverZeus and Cryptolocker malware variants.
These malware variants are estimated to have cost the UK 500 million in losses.
Coordinated activity across 10 countries led to the botnet behind the malware being taken offline for two weeks, allowing the public to take steps to protect themselves (e.g. update anti-virus).
Combined with extensive global media coverage
32% drop in GameOverZeus infections, estimated 100 million in losses prevented
Example Dermic: Pursue & Prevent
UK investigation targeting the users of Blackshades, a Remote Access Tool able to access users webcams.
FBI intel - over 1100 UK-based purchases on Blackshades.
NCCU coordinated a week of arrests, involving ROCUs, MPS & Police Scotland, targeting 50+ individuals for Pursue action.
20 arrests across 10 Regions.
Remaining individuals subject to Prevent activity cease & desist letters, visits by ROCU & NCA officers, media coverage
Linked to a global day of action with over 100 arrests in the US, Australia, Asia & Europe.
An important test of the NCCUs coordination of UK law enforcement.
Global/Local
Use of intelligence
NCCU will focus on the highest priority, top tier threats, but we will also focus on supporting:
International capabilities
Partnerships
Development of capability and skills
We can only tackle cyber crime by working together.
Conclusions