High-tech's thin blue line

Cybercriminals are getting smarter. Luckily, so is the National Hi-Tech Crime Unit
Written by Dan Ilett, Contributor

The latest research figures from the UK law enforcement agency charged with tackling cybercriminals — a motley mixture of lone hackers, organised criminal gangs and disgruntled employees — makes for pretty grim reading.

Launched on Tuesday at the NHTCU's annual e-Crime Congress, the survey claims the minimum combined cost of high-tech crime on UK companies with more than 1000 employees is around £2.45bn. Of the 200 companies surveyed, 89 percent said they had experienced some form of high-tech crime such as unauthorised access to internal systems or even theft of data.

According to the deputy-head of the NHTCU, detective superintendent Mick Deats, levels of online crime and hacking have increased substantially since last year's survey.

"All indicators show an increase," he says. "It's on the up. It's the uptake of broadband that hackers and the botnet herders [are exploiting]. Botnet technology continues to be the common denominator for the investigations we carry out."

Botnets consists of thousands of compromised computers networked together, typically for malicious use. The combined processing power of these hijacked PC networks can then be harnessed — the 'herding' process — and used to send huge quantities of spam or carry out denial-of-service attacks, explains Deats.

The NHTCU is now working to track down professional gangs who hire technical experts to build botnets to help carry out extortion, identity theft and spam assaults.

The force is also investigating the trade in paedophilic images on the Internet. Last year, the main focus of the unit was on individual cases of paedophilia, but increasingly the NHTCU is finding that the people who conduct other types of cybercrime have also latched onto selling child pornography as lucrative money-making scheme.

"The majority of material is sold by organised crime groups. There's clear evidence that paedophile material is sold by organised crime groups and phishing people," says Deats.

The NHTCU was set up in October 2001 and has conducted more than 70 investigations and arrested around 170 people since it began its operations. As a multi-agency unit, the group has seconded staff from the military, the intelligence agencies and Customs and Excise.

"The quality of the investigations and the fact that [officers] find themselves deployed all over the world is incredible," explains Deats. "I doubt whether when they joined the force ever thought they'd get into the situations they get into. You might find your self in a Ukrainian back water, in central Russia carrying out an arrest, going on raids with the locals, or going into prisons there. It's an incredible experience for them and that helps to retain staff."

The group receives roughly £5m a year in funding on top of the initial £25m injection it received nearly four years ago to get started. Despite the increasing sophistication of the criminal gangs the NHTCU finds itself up against, the force has never lost a case. Deats says there are two main ways to catch people — you can follow the money or sniff out the technical trail.

"Money is designed to have an audit trail with it," he says. "And obviously connectivity through the Net isn't. It's difficult to trace it technically, but nevertheless we will try. By following both lines you find different [specialists]."

The NHTCU is currently using the "follow-the-money" tactic to track down two Russian men who have been on the run since a multi-million pound money-laundering plot was foiled.

Five other Russians have been charged in relation to the operation in question and ten men in Latvia have been arrested after authorities caught them withdrawing money that was extorted from a UK-based online gambling company. The company was told to pay up or face a series of hacking and denial-of-service attacks against its Web servers.

The NHTCU advised the betting firm to pay extortion demands after the betting site received several emails threatening to bring down their business.

"We did so to watch where the money went," says Deats. "[It] went to Latvia. It was one of the places we'd done training and put surveillance teams on the ground.

"We watched for them to come for the money. Some people came to pick it up in foreign currencies, but they weren't picking up our money. Then they picked up ours. They took a slice and transferred the rest to Moscow. Two individuals are still wanted in Russia."

Eastern Europe and Russia have been two of the hardest regions for the NHTCU to penetrate. Deats freely admits that the majority of online crime stems from this area, but over the last year his team has been there working with counterparts to train officers in methods of tackling cybercriminals.

The best way to catch a cybercriminal is by acting fast, he advises. Hesitation and the plodding routine that can be effective in some areas of police work can often result in lost evidence in the online world.

"In a typical drugs case, you need a pretty rapid entry otherwise you're going to lose the evidence and the drugs go down the toilet," says Deats. In our scenario, plugs come out of the wall and encryption kicks in. You've got to be able to react fast. When encryption kicks in, things become harder."

Editorial standards