Detective chief superintendent Jayne Snelgrove, the head of Falcon (Fraud and Linked Crime on-line), the Met's new cyber-crime and fraud unit, has told SCMagazineUK.com that a third 'volume crime hub' is to be established in Havering, east London, and then a fourth in west London, joining the existing hubs in Edmonton and Peckham. Each of the units will employ about 45 officers including specialists in digital forensics, as well as constables with computer science degrees being trained as detectives in addition to experienced detectives being trained in cyber investigations.
At Falcon's launch Commissioner Sir Bernard Hogan-Howe issued a statement saying: "Falcon will see the Met have the best and, I believe, largest cyber-crime and fraud team in Europe, with up to 500 specialist officers dedicated to tackling this crime.” Currently the team comprises 300 officers, including those based at head office covering complex cyber-frauds and pro-actively targetting serious cyber-crime gangs.
Snelgrove explained the background to SC: "MOPAC (The Mayor's Office for Policing And Crime*) research found that only 12 percent of business crime in London was being reported to the police, and a lot of that was cyber-crime and fraud. Plus cyber-crime and fraud that was reported wasn't being prioritised, with both resourcing issues and boroughs prioritising issues such as burglary and robbery. Now Falcon is prioritising cyber-crime and fraud, and the hubs have been set up to encourage cyber-fraud to be reported directly to the Met. Falcon is only involved in crimes where there is some impact in London, so it targets cyber-crimes where either the victim or suspected perpetrator is in London. But we liaise with NCCU where there is a national impact and work closely with international colleagues (where appropriate)."
Helen Dickinson, director general of the British Retail Consortium, commenting to press during the launch, said: "The creation of Falcon, and indeed the new dedicated business crime strategy for London, represents an important step forward in tackling retail crime. The close engagement between police and businesses in London is a partnership approach which we would like to see replicated elsewhere."
In addition to the previous apparent lack of police response, another reason for underreporting is suggested by Guillermo Lafuente, security consultant at MWR InfoSecurity who commented in an email to SC: "People think that online fraud can only happen to stupid people and therefore they feel embarrassed to report when they are affected by cyber-fraud. But the reality is that gangs are constantly evolving and performing more sophisticated attacks that could fool the most savvy of technical users. Social engineering is popular among cyber-criminals because it is effective. You just need to invest enough time to build a successful story which will be effective against your targets.”
Around 54,000 reports of fraud were recorded by Action Fraud – the Home Office fraud recording body – in London last year, but this is regarded as the tip of the iceberg. Also the Met Intelligence reports that there are more than 200 organised crime groups engaged in cyber-fraud that hits Londoners. Currently the Metropolitan police has 18 investigations into these groups underway or at the charging stage, while the hubs have 3,000 investigations underway. Since launching in October the unit has made more than 100 arrests, hitting online scams covering dating, auctions, retail fraud, courier fraud, and mortgage scams among others, with detectives targeting several organised crime groups engaged in cyber-fraud - ranging from home grown gangs and individuals to attackers from Russia and elsewhere in Europe as well as the US.
Bob Tarzey, an analyst and director with Quocirca, the business analysis house, noted that the international cyber-crime gangs would not be targeting London as such: “They don't care where the victims are, though with 12 percent of the UK population in London including many of the wealthiest, London will be subject to a lot of attacks by default.” Tarzey also questioned whether a London-based approach was appropriate, given the national and cross-border nature of the crime, and endorsed the cooperative approach that has also been adopted saying: “It needs be tackled nationally, and trans-nationally such as in cooperation with EC3 – there's a lot of activity globally and (ideally) we would want to see global coordination.”
Lafuente aslo drew attention to the difficulties posed by the cross-borer nature of the crime saying to SC: “Prosecutors will be faced by jurisdiction issues and the current limitations of the law to combat cyber-crime. Cyber-crime is a global issue and it is still difficult for law enforcement agencies to prosecute criminals who hide in foreign countries. Some countries are working together to help fight the issue, an example of this would be Interpol, however political tensions between countries can make information sharing an issue. For example, the US may not be as keen to share information with Russia and vice-versa.
The will is there, the resources are being put in place, but its clear that this will be an arduous ongoing battle. As Lafuente points out: "It is difficult for law enforcement to apply the law in the same way in which they do in real life. First of all, criminals can hide by using encryption, identity anonymising services, botnets, and a handful more technologies which make it difficult to identify their identities. A technically advanced gang will be able to compromise other people's computer and launch their attacks from them, making very difficult to identify the real culprit behind a cyber-fraud scheme."
* the strategic oversight body which sets the direction and budget for the Metropolitan Police Service.