Police culture crippling cybercrime fight
Speaking at the Computer and Internet Crime Conference in London, DC Tony Noble from Surrey Police Computer Crime Unit said many reported incidents of cybercrime, such as hacking or data theft from within a company, don't get investigated due to "an accountancy culture" in the police force.
"If I have a company come to me with something they want investigated I have to personally battle for the funding," he said. "Just because you report a crime it doesn't mean you will get it investigated."
"As an investigator I've seen crimes where £100,000 has been lost turned down."
Noble said the funding available doesn't even stretch as far as providing him with a car, despite the fact he has to visit sites all over Surrey, and much of his budget goes on hiring outside expertise such as forensics companies, due to a lack of expertise in-house.
Noble actually describes the level of funding he receives as "very lucky" and expressed concern that this 'luck' may run out.
"We've been very lucky but we're aware this funding may dry up."
The problem he identifies is a Catch-22 situation whereby he lacks the funding to secure significant numbers of convictions, yet must do so to prove there is even a problem of cybercrime in the UK.
"If we can't prove we have a cybercrime problem in the UK then the funding will be directed to whatever else is flavour of the month," he said.
Noble also admitted the police still have a long way to go before they are up to speed on the various ways in which cybercrime can manifest. While each of the 45 constabularies in the UK now has a dedicated cybercrime investigator, Noble admitted these individuals may still be the only person who comes close to understanding a technical complaint, citing a "sorry, we don't do computers" culture among front desk and uniformed police.
And even if companies do get through to the dedicated computer crime investigator, they may be surprised by the level of expertise. Noble warned that many will be novices on many types of cybercrime and complete strangers to some.
"You might speak to an officer on one high-tech crime unit with a complaint about a DoS (denial of service) attack and he really might not know where you are going with it.
"You may have to help him out because he's going to need you to be the expert."
Perhaps it's unsurprising then that convictions for cybercrime are still few and far between but Noble offered some reassurance to those companies whose crimes do get investigated.
"If we don't get them in the criminal court, we'll sure get them in the civil court," he said. The evidence collected in association with forensics specialists means "if we can't get them beyond reasonable doubt we'll certainly get them on balance of probability," said Noble.
But such good news comes with a slight catch.
"We will give that evidence to the company at a price," he said. "We may pay £10,000 for a specialist forensic investigation. We have to recover our costs somehow."