Computer Crime Research Center

Cyber crime crackdown

Date: February 02, 2004
Source: Computer Crime Research Center
By: James Thompson

The police are tightening the net against high-tech crime. James Thompson investigates

They had defrauded three UK banks out of £350,000 over two years. But in November last year, six men finally got their comeuppance in a London court. In one of the biggest ever cases of its kind, the men – aged between 21 and 39 – were sentenced to a combined total of 15 years for obtaining false identities over the internet and using them to open bank accounts and apply for loans. They also used credit cards, cheque books and overdraft facilities to siphon £315,000 from Lloyds TSB and £30,000 from the Halifax and Cooperative banks. The men had used the money to fund lavish life styles, including the purchase of properties in the UK and Nigeria, as well as jewellery and sports cars. Alerted to the fraud by Lloyds TSB, the National High-Tech Crime Unit (NHTCU) threw its full weight behind investigating the case. And just several weeks later, it arrested the group. In the process of their investigations, the unit’s officers retrieved thousands of pieces of evidence ranging from passports to utility bills from a variety of addresses in London and the Home Counties. In fact, the NHTCU has been involved in over 70 operations and has arrested more than 100 people involved in serious and organised computer related crime since the unit was established in April 2001. It has also provided assistance and support on a number of other occasions to local, national and international law enforcement agencies. John Lyons, the NHTCU’s crime reduction co-ordinator, said: “One of the most important things that the unit does is to coordinate our activities to bring about a reduction in high-tech crime – and to make the UK a less attractive target for criminals.”

High-tech crime

The government set up the unit – which is the UK’s first national law enforcement organisation tasked to combat computer-based serious and organised crime – when it became clear that it needed a dedicated body to try and mitigate the widespread, and increasingly sophisticated nature, of online crime. The internet has spawned a myriad of illegal online activities ranging from electronic images of child pornography and money laundering to computer viruses. The web is also to largely blame for a startling 15-fold increase in child porn crimes since 1988, according to NCH (formerly National Children’s Homes). NCH has warned that new software and mobile devices only look set to exacerbate the situation. Hosted by the National Crime Squad with support from local police, the National Criminal Intelligence Services, the military and HM Customs &Excise, the NHTCU certainly has plenty of work. At the end of 2002, all but three of the 105 private sector companies surveyed believed they had experienced a computer-enabled crime in the previous 12 months, according to a poll by NOP Research survey commissioned by the NHTCU. Of these crimes, nearly 70 per cent said they had suffered virus attacks. Lyons acknowledged that high-tech criminal activity had become far more sophisticated and organised over the past two years. “The nature of the attack, such as a distributed denial of service or virus propagation, has not changed but the ability of groups to execute those crimes has improved. And the technical resources they are deploying are better.” In a worrying development, Lyons said that the unit has recently witnessed an escalation in the involvement of organised crime. In particular, traditional organised crime groups in Eastern Europe are increasingly targeting UK financial services companies with sophisticated forms of fraud and extortion via the internet. “It is clear that some of the attacks that are taking place fall within the realms of serious organised crime, in other words it is not just some individual sitting in their room having a play,” says Lyons. “These groups have got access to fairly sophisticated technical expertise at the back-end. Whether they are buying that in – as a service – or whether there are people within the group who are technically competent is not absolutely clear, but the fact remains that they are improving.” Despite the work of the NHTCU staff, including local services officers, in trying to get across its message, some IT directors are still unaware of how the unit can help them. But Lyons says: “Awareness is certainly improving among UK businesses, actually quite rapidly. For instance, we run some briefing sessions for the financial services sector. Clearly, they are a major target for organised crime. I would be surprised if there were any banks in the City who were not aware of us.” After spending 20 years in the Royal Air Force involved in operational and investigative roles including crime, counter intelligence and counter terrorist activities, Lyons now spends most of his days meeting UK IT and information security chiefs. To increase awareness, the unit is running its second annual conference, e-Crime Congress on February 24 and 25 in Victoria, London. Even among IT directors who are aware of the unit, however, confusion still exists about what they should do when their company becomes the victim of a high-tech crime.

Police contact

Several executives attending a major financial services IT forum late last year, said they were unsure who they should contact – and what to do – if images of child pornography landed on their computer, for example. Under the law, it is illegal to open, delete or forward on the image to another person – even if it is to alert a senior member of staff to the problem. Lyons’ advice is clear: “They should not interfere with or distribute that material in any way, but they should pick up the phone to their local police station.” Part of this confusion stems from the fact that there are so many law enforcement bodies, including the NHCTU, local police forces, the National Crime Squad and the National Criminal Intelligence Services. Each of which at some point might deal with a high-tech crime. The right organisation for an IT director to contact about a high-tech crime depends largely on the location and size of their company. “It depends where they are in the country. They should contact their local police force in the first instance. And if they are a large company, with offices spread around the country or with an international presence, they should speak to us,” says Lyons. For instance, a small and medium-sized enterprise, experiencing a distributed denial of service attack – which seeks to cripple an organisation’s systems with huge volumes of unsolicited and anonymous traffic from ‘infected’ computers – should call their local police force’s computer crime unit. If the company is a large multi-national, with multiple offices around
the UK, then they should contact the NHTCU. The unit runs a 24-hour telephone service. “A company might want to call us to have a discussion about what they are experiencing. Because it is through that discussion – and that confidential exchange – that the company can decide what to do for the best and what action to take: whether it is a formal report of crime or whether it is a sharing of information for intelligence purposes. Also, it gives us the opportunity to gauge whether or not it falls within a pattern of activity we are seeing. So first and foremost, a UK business suffering a high-tech crime attack should to pick up the phone,” says Lyons. And all of the UK’s 43 police services now have their own computer crime unit. In fact, some forces, including Manchester and the Metropolitan police, already had their own unit before the NHTCU was even established. “Part of the funding to set up the NHTCU involved the distribution of those funds, £10 million, throughout the UK’s police forces to either bolster up or enhance their existing capability,” says Lyons. Expressing the limits of just how much work the NHTCU can do, Lyons says there are about 1.9 million businesses in the UK ranging from small corner shops to multi-nationals.

Cyber scam

The ‘phishing’ scam highlights the scale of the cyber crime mountain the unit has to climb. Phishing is the name often given to the activity of spoofing emails or websites. The two-tier scam – which the NHTCU says is still ongoing and originated from Eastern Europe last summer – targeted several UK banks, including Lloyds TSB, Nat West and Barclays in the autumn. The first-tier is an email sent to customers purporting to be a security check from their bank, which in reality it is an attempt to trick users in to handing over sensitive account information to fraudsters. The email asks them to ‘re-register’ or ‘reactivate’ their accounts by inputting their debit card details on a bogus site, whose URL is disguised to hide its identity. After detecting the problem, Lloyds TSB quickly issued a statement: “Please be advised that Lloyds TSB never sends emails that ask for your internet banking log in details to be recorded, in full, in this way.” The second-tier of the scam involves fraudsters sending emails to people offering them the chance to make some easy money by acting as a UK agent for a business overseas. Those behind these replica sites need a UK intermediary because typically they are located outside the UK, which means they are unable to transfer money directly out of their victim’s online account overseas. These intermediaries are asked to receive funds into their accounts and send them to an overseas location, for a certain commission. If they agree to do so,...

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo