Specialist police units tackle computer crime
Date: October 16, 2005Source: Vnunet.com
By:
‘Over time we realised we needed to do something about computer crime but there were no national guidelines then,’ he says.
Until April 2001, most of the responsibility was falling to one digital evidence recovery officer. ‘They were completely swamped and learning on the job,’ says Beer.
Additional funding from the NHTCU enabled the unit to employ another investigator.
But they were soon to be overwhelmed when news broke that detectives, working on an internet paedophile investigation in the US, had discovered the names of 7,500 British child porn web site subscribers - and handed them to the UK’s National Criminal Intelligence Service.
Hundreds of these subscribers lived in the Avon &Somerset area and were passed on to the HTCU to investigate as part of Operation Ore, which nationally led to 1,300 arrests.
‘We had 220 targets in our area and we found that the average person had more than two personal computers,’ says Beer.
‘The bottleneck was our unit. We were already stretched to the limit with each case taking, on average, about 15 hours to complete.’
Detective constable Andy Joyce says that often, Avon &Somerset had suspects in the cells and only 24 hours to keep them.
‘In some cases their computer could be the only lead we had,’ he says.
The force had to make a decision: should it outsource or invest in a more effective IT infrastructure, which could process investigations faster?
‘The cost would have run into millions if we were to send it out to private computer forensic companies,’ says Beer, who decided instead to turn to IT consultancy Compusys for assistance.
The HTCU built a system which used Compusys ProManaged Servers and IDE-RAID disk systems, which provided two terabytes of centralised storage for forensic investigations.
By improving storage facilities, the force was able to increase the speed at which it took copies of hard disks sitting on confiscated home PCs.
Using a computer investigation and auditing tool called EnCase, it was then able to locate incriminating images and files more efficiently.
Each file and image has a digital fingerprint, called a hash value, uniquely associated with it.
By storing all seized hard disks centrally and using high-speed processors from Intel, the unit was able to carry out further searches and cross-reference hashes to find incriminating files on other computers.
Sony AIT-3 tape libraries were also added so that closed cases could be securely archived, meaning vital memory on the main Compusys investigation system was not wasted on storage.
Files could also be easily retrieved over a Gigabit Ethernet network should they need to be accessed as part of another case.
When new images are discovered, the hash number is entered into the central database and then cross-referenced.
Such effort reduces the time officers must spend viewing disturbing images, and also cuts the time to process an investigation.
Avon &Somerset Constabulary now has six people working in its HTCU and the nature of its investigations is expanding.
The unit deals with a range of cases from murders and robberies, where evidence stored on computers and mobile phones can prove vital, through to hacking and distribution of online pornography.
‘It’s always changing,’ says Joyce. ‘More recently we did work connected to the London terrorist bombings.’
The history of UK computer crime units
The National Criminal Intelligence Service commissioned Project Trawler in 1996 to identify potential threats that could emerge from the growth in information technology.
Key recommendations to tackle crimes - ranging from hacking and virus writing, to online fraud and paedophilia - included the creation of national and local computer crime units (CCUs), and the education of IT users about security threats.
In response to the recommendations, the Home Secretary announced the creation of the National Hi-Tech Crime Unit (NHTCU) to Parliament in November 2000.
Some 43 local Hi-Tech Crime Units were also set up across England, Wales and Northern Ireland.
The aim of the strategy was to ‘reduce harm caused to the community from computer-enabled criminality’.
According to the Association of Chief Police Officers this would be achieved through the ‘prevention, reduction, disruption and detection of crime, and the prosecution of those responsible’.
The government provided £25m in funding: £10m was spent on local computer crime units and £15m was used to create the NHTCU.
Basic computer crime courses have been compulsory for all police recruits since September 2003, so that all officers – not just those working in CCUs – can understand and exploit high-tech evidence found at crime scenes.
In July this year, Centrex - the Central Police Training and Development Authority - looked to further plug the knowledge gap between new recruits and serving officers by launching an elearning portal.
The High-Tech Crime First Responder elearning programme provides training, ranging from how to deal with public reporting of internet crimes through to
identifying, seizing and preserving digital evidence.
On 1 April next year, the NHTCU will become part of the newly created Serious and Organised Crime Agency (Soca). The move illustrates how technology is becoming an everyday part of crime detection.
It will work with the National Criminal Intelligence Service, the National Crime Squad and parts of HM Customs &Excise, and the Home Office, involved in combating drugs and immigration.
Add comment
Email to a Friend
