Police set up regional hacking units

Police forces around the UK are setting up regional surveillance units that will use technical methods, such as computer hacking, to monitor suspects.

The police in Derbyshire, Leicestershire, Lincolnshire, Northamptonshire and Nottinghamshire jointly began setting up a unit on 1 July, according to documents released within the past few days by the Lincolnshire Police Authority. While the documents lay out the basis of the collaboration, not all of the measures have been signed off yet, the Lincolnshire police told ZDNet UK on Tuesday.

The aim of the East Midlands Technical Surveillance Unit (EMTSU) is to provide "technical surveillance, covert hi-tech, covert forensics and covert method entry", according to the documents.

Surveillance techniques

Surveillance techniques used by police include remote hacking and placing keylogging software on computers, according to Jonathan Krause, a former analyst and civilian employee in the Metropolitan Police's child protection unit. Covert forensics involves performing forensic analysis of a suspect's PC or device without that person's knowledge.

"The police use extremely advanced techniques and capabilities," Krause told ZDNet UK.

In some investigations, police units sit outside premises in unmarked vans and intercept Wi-Fi traffic, according to the information security expert. WPA2 and other Wi-Fi encryption protocols are "fairly straightforward to crack", he added.

Sometimes police can enter a property or break in — they need a court order to do that — to go into a house and place a keylogger.

– Jonathan Krause

"Sometimes police can enter a property or break in — they need a court order to do that — to go into a house and place a keylogger," said Krause, who is now managing director of UK technology company Forensic Control.

Once officers have a suspect IP address, they can go to ISPs or to web email providers such as Google or Microsoft and request access to account information. Then they can check whether the suspect is using a fake username.

In addition, the police get into systems remotely using techniques more commonly associated with hacker groups such as LulzSec, according to Krause. Investigators have used network penetration techniques and malware, he said. "[Police] usually use one of the easier ways, just as LulzSec got into websites via unpatched servers," he added.

Surveillance units also fool suspects into downloading Trojan horses or other malware so that the police can monitor their systems. "Social engineering always seems to be the easiest," Krause said.

Budget cuts

The regional technical units are a response to government budget cuts, the Association of Chief Police Officers (Acpo) told ZDNet UK on Tuesday. Previously, the police forces and authorities would have worked with the Serious Organised Crime Agency, which is being rolled into the National Crime Agency (NCA).

"Forces are forming these units as a response to the loss of funding," said an Acpo spokesman.

A similar project to the EMTSU, called the South East Covert Operations Unit, is being undertaken by Hampshire, Surrey, Sussex and Thames Valley police forces, said the Acpo spokesman, confirming a report in The Guardian.

The covert technical units are using surveillance techniques as part of the local police forces' investigations into serious crime, according to the Acpo spokesman. Those investigations are separate to those carried out by the Metropolitan Police Central eCrime Unit (PCeU), which focuses on looking into cybercrime and is currently carrying out an operation designed to track down members of LulzSec.

The PCeU has used covert techniques to monitor suspects and is participating in the East Midlands unit's forensics work, a source at the Met told ZDNet UK.

"All of our work involves covert [operations]," the PCeU source said. "Different parts of a national programme are going ahead."

---

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.