Retired PCeU chief: Most cybercrime does not get reported

News by Doug Drinkwater

"In one investigation, we saw no less than 120 domains that were designed to attack banking institutions" says DS Charlie McMurdie, former head of the PCeU

McMurdie, a retired Detective Superintendent with the Metropolitan Police who set up and then headed up the Police Central e-crime Unit (PCeU), said this week that most of the cyber crime taking place today does not get reported.

McMurdie, a veteran of more 30 years with the Met, retired last summer to join business consultancy firm PricewaterhouseCoopers as its senior crime adviser and spoke of the difficulties of battling cyber crime at the Forensic Science Society's inaugural `First Responders, Digital & Cyber Forensics conference in York.

Whilst at the PCeU, her remit was to undertake cyber crime investigations that impact the UK but she explained that work has been impacted by limited funds – even though statistics showed that a growing number of companies were being hit by the problem.

The PwC consultant told visitors that 93 percent of big businesses have been impacted by data breaches of one kind or another, and added that 73 per cent of big businesses are being hit by outsider attacks.

"In one investigation, we saw no less than 120 domains [being used by cyber criminals] that were designed to attack banking institutions," she said.

But what was the greatest surprise to McMurdie, who chose to leave Met ahead of its merger with the cyber arm of the Serious Organised Crime Agency (SOCA) into the National Cyber Crime Unit (NCCU) last October, was the relative youth of the offenders.

She flagged up one report in The Sun in 2011, where teenager Ryan Clearly was arrested and accused of masterminding attacks on Sony. 

"He was just 19, yet he carried out a series of attacks," McMurdie said, adding that other members of the Anonymous hacktivist group were also arrested and found to be relatively young.

In one PCeU investigation, she added, officers retrieved an old Dell PC from an defendant's house and were amazed to find that the machine was set up to run 16 virtual PCs - for cyber criminal purposes - even though the aging PC “was the kind that you'd expect to pull from a company's rubbish skip.”

In another investigation, PCeU staff found that one person was controlling a 200,000 node botnet, which was being used for complex cyber criminal activities.

So why are so many young people involved in cyber crime?

McMurdie answered her own rhetorical question by suggesting that society's [normal] codes of conduct do not exist on the Internet.

Despite their limited resources, she explained that the PCeU - with support from other branches of the Met and Police Forces across the UK - were able to move swiftly when the need arose.

McMurdie says that the programming capabilities of cybercriminals also seems to know no limits, as when Police arrested the hacker known as G-Zero and his girlfriend, they found an application with 8.1 million lines of code on his computer.

In that case, G-Zero (real name Edward Pearson) was given a 26-month prison sentence in connection with stealing the identities of 8 million people - as well as shutting down parts of Nokia's internal network.

"The scale of that crime was very large indeed," she said, adding that some estimates put the potential value of the fraud as high as £14.7 billion.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews