Tony Neate has spent a total of 27 years as a detective, 13 years of this working in commercial fraud and eight years in computer crime, so he knows all about crime – cybercrime and other forms. He is the Industry Liaison Officer at the NHTCU and the fact that he has such extensive experience demonstrates how much importance the unit places on its relationship with business.
The NHTCU, which became operational in October 2001, has a multi-agency approach to tackling problems raised by the use of computers and the Internet for criminal activity of various types.
The unit, based in Docklands, East London, is headed by Detective Chief Superintendent Len Hynds, a career detective from the National Crime Squad. The unit comprises representatives from the National Crime Squad, The National Crime Intelligence Service (NCIS), HM Customs & Excise and the Military. It also has strong links with Computer Crime Units (CCUs) in all police forces throughout the UK and with other law enforcement agencies across the country.
The NHTCU conducts operations at national and international levels. It has responsibility for making strategic assessments and developing intelligence;
supporting local law enforcement with advice and co-ordination; developing best advice for law enforcement and business practice on computer crime prevention. It also liaises closely with the IT industry, including Internet Service Providers (ISPs), telecommunications companies and software houses.
Tony Neate says: ‘The aim of the NHTCU is to assist in the policing of cyber- crime nationally and transnationally, and to add to the capabilities already existing at a local level. By its very nature cybercrime does not recognise national borders. It is a global problem and needs a global solution. The NHTCU is just one part of the joined-up approach being taken by the police around the world that has been necessary to deal with its unique new crime.
‘The idea is to create a partnership between law enforcement and industry. We can provide industry with strategic and practical intelligence examples of attacks so that they are aware of the problems and can put the necessary policies and hardware in place. What we do we do together, not alone. We want to make business aware that there is highly capable expertise locally, and on top of that there are well-trained officers, who are experts in dealing with serious and organised crime, that have turned their attentions to hi-tech attacks. We deal with incidents sympathetically, in partnership, and in a way whereby the businesses do not lose control.’
Computers and the Internet present great benefits to society. However they also present opportunities for crime, much of it simply conventional crime using new technology. Computer crime takes many forms and is grouped into two broad types of activity: existing offences that can become more complicated to prevent and detect with new technology; and new offences that can only be committed with the use of such technology. As Tony says, ‘Anything that can happen in the real world can happen in the cyberworld – theft, deception, extortion, whatever.’
Cybercrime covers fraud of many types – hacking, industrial espionage,
‘viruses’ and ‘denial of service’, organised paedophilia, intellectual property theft (ie the illicit copying of video, other recordings and software), money laundering and crimes of violence such as kidnap.
Tony says: ‘Viruses are the scourge of business. Time is paramount to most businesses; when a virus attaches itself to a company’s critical system, the system can be taken down for hours or even days. “Denial of service” attacks can lead to major extortion demands.’ In order to explain the nature of a denial of service attack, Tony uses the delivery of a traditional letter by way of example. ‘A postman may deliver two or three letters a day; similarly with emails, you might expect several a day. But can you imagine what would happen if your postman delivered millions of letters to your postbox every second. You wouldn’t be able to move; and similarly with a denial of service attack, millions of pieces of data being received by your computer in seconds would very quickly use up all your available bandwidth and you can’t do business.’
Part of the problem for business is that many are aware of cybercrime, which may put them off embarking on an e-commerce strategy. But if businesses are aware of the problems they can profit as long as they put the right safeguards in place.
‘Businesses need to be aware of the problems. One part of a simple strategy is setting up firewalls. A simple firewall, properly configured, can cost as little as
£50–60; for far bigger businesses, an intrusion detection system may cost thousands of pounds – it really is horses for courses.’
And it is not just about dealing with the threat from outside. Companies also need to look inside, to internal threats from employees. ‘It is important that employees are aware of the company’s policies and procedures and that the contracts of employment clearly state what these are. Companies need to put security protocols and emergency responses in place. Employers must also keep up with the new and changing laws and regulations in this area, so that they are aware of their responsibilities.’
Of course one of the problems with cybercrime and how it affects business is that quite often, due to commercial sensitivities, businesses do not want word getting out that they have been hit. The NHTCU is sympathetic to these concerns and has put in place a confidential reporting system and is prepared to enter into a non-disclosure agreement. ‘We want to build up trust, but that trust will take time.
We are fully aware that if we break that trust then industry will lose all confidence in us.’ It is for this reason that Tony couldn’t provide any good-news stories on how the unit had worked with industry in this way, but did say that the fact that he couldn’t was in itself good news. What he could say was that they were working closely with
STAMPING OUT THEBUGS 49 ឣ
all sectors of industry – manufacturing, services, finance and transportation – and that within those sectors the NHTCU have helped a number of businesses.
To find out more about the National Hi-Tech Crime Unit see www.nhtcu.org or contact Tony Neate, Industry Liaison Officer at [email protected].