Police will not pursue ransom hackers

Police will not pursue ransom hackers

Summary: After a Manchester woman was held to ransom by hackers, experts and senior police officers have voiced concern that such cases are falling between the cracks

TOPICS: Security

Greater Manchester Police (GMP) will not be pursuing the criminals who used a Trojan horse program to lock a Manchester woman's files and demanded a ransom to release them.

The malicious Archiveus program was unintentionally downloaded by Helen Barrow of Rochdale, who found it locked her files into a 30-character password-protected folder. A ransom note instructed her to avoid going to the police, and buy pharmaceutical products online to gain the password to release her files.

Barrow did not pay, and managed to recover some data. The police, however, will not be investigating the crime.

"We aren't investigating the incident as it's an Internet crime, and not within the GMP area — technically it's international," a spokeswoman for GMP told ZDNet UK.

"Trying to find who did this it would be a monumental task," a spokeswoman for GMP told Out-Law.com.

No other police force appears to be investigating the incident either. "We are not aware of any ongoing investigations," the GMP spokeswoman said.

Legal experts questioned the wisdom of sending a message to hackers that they would not be chased for commmitting Internet crime.

"To say it's difficult to trace a hacker is a dangerous message for the GMP to send," said Struan Robertson, senior associate at solicitors Pinsent Masons. "It's unrealistic for police to investigate every single incidence of hacking, but their response in this case is disappointing," Robertson said.

Senior ex-police officers and security experts are understood to be concerned that cases of this kind will not be investigated as they fall outside the remit of both local police forces and international crime agencies.

Cases such as the Archiveus incident would previously have been dealt with by the National High Tech Crime Unit (NHTCU), which was amalgamated into the Serious and Organised Crime Agency (SOCA) in April.

"This is the kind of attack that presumably would have been within the NHTCU's remit," said Robertson. "There is a risk that people will perceive crimes of this kind as falling outside the remit of SOCA, because they do not appear to be the work of organised criminals."

SOCA refused to comment on whether this case falls within its remit, and could give no suggestion as to whether this incident is actually being investigated by any police unit at all.

"If it falls within our remit, we will investigate. E-crime is a concern of SOCA, but we can't comment on individual cases. SOCA doesn't comment on ongoing or possible investigations at all," a SOCA spokesman told ZDNet UK.

Cambridge University security expert Richard Clayton pointed out that the police simply aren't in a position to handle every reported crime, but also warned that some cybercrime offences — including international cybercrime committed by individuals — may be a priority for neither local officers nor SOCA.

"Firstly, it is not realistic to expect the police to investigate every crime — we all know that from personal experience, if our house has been burgled or our car broken into," said Clayton.

"The second issue is the demarcation issue that is occurring, hopefully temporarily, in the UK whereby local police with local targets to achieve do not have any resources or incentive to investigate out-of-area criminality. However, the national force is concentrating on 'organised' crime, and so if the crime looks like a one-off, committed by an individual, then even if they might be able to track them down, they may not be interested either," Clayton said.

Antivirus companies have now cracked the Archiveus Trojan, and determined that the password used to unlock data is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw".

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This might explain why I've been trying for two days to get an ISP in the UK to shut down a website that's being used in a debit card scam in the USA but have received no response from them. Neither have my emails been acknowledged nor has the site been shut down. It wouldn't surprise me to find that the law prevents the ISP from shutting them down without a police investigation but the police won't investigate because it might not be local (or that serious).
  • Good CMA then. Let's not forget this is a criminal action and no resources are wasted on criminal activities due to them being concentrated on political activities, eg disgruntled kid sending multiple emails, someone looking for UFO info.
  • Why is Ms Barrow paying taxes? I think she should stop. But _then_ the police would go after her for doing something criminal. Ms Barrow is paying taxes to support the agenda of Britain's powerful, and _her_ only place in that agenda is to pay taxes.