LONDON, UK – Speaking to Illena Armstrong, VP Editorial at SC Magazine, Jackson presented an honest assessment of the unit's ability to handle online fraud and cyber-crime and revealed how the new National Crime Agency (and the body underneath it – the National Cyber Crime Unit) is impacting on the policing of cyber crime.
Jackson described how he has seen a massive change in the way that cyber-crime influences police work. As a police investigator with 30 years' experience in dealing with drugs traffickers, murderers, kidnappers and other conventional criminals, he says that he has been on a steep learning curve making the switch to covering fraud and cyber crime.
“To say that cyber has been a big change for law enforcement would be an understatement,” he commented, during his SC Congress London keynote.
Indeed, when Jackson started investigating cyber-crime last year, he says that he encountered some police attitudes that seemed to suggest cyber-crime really wasn't that important
“The clocked ticked on over the last 12 months and I must say that we've been naive to say that no-one would be interested, or ask any difficult questions,” said Jackson.
And yet cyber-crime has quickly become a big issue. In his presentation, Jackson noted that fraud and cyber-crime had cost £81 billion to the UK economy in 2013 – up from £27 billion according to government figures from 2011 - and also revealed that the figures had increased 60 percent in HOCR (Home Office Counting Rules) crimes reported between April and September of last year.
“Online is the high street that hasn't been policed,” he continued. “Law and legislation hasn't caught up with this type of crime. Why go into the bank with a shotgun when [criminals] can do it online from home. If they're really unlucky and get caught, they go to prison for a short amount of time.”
His added that reporting cyber-crime was a “whole different process” and that the victims of cyber crime were not treated like those for a physical crime. Whereas a stolen bicycle would be investigated, often nothing happened after reporting a cyber crime. There was also no way to report bulk crime, and banks were'n't going to make 3,000 reports for each cyber fraud in an attack. Jackson also pointed out the global nature of cyber crime, saying that there are “no international boundaries” for criminal investigators to adhere to. Tackling cross-border cyber-crime investigations was also raised as a difficulty at two other panels at SC Congress London as well as at the International Forum on Cybersecurity – by NCCU deputy director Andy Archibald - in Lille, France in January.
Cyber-crime takes priority, but skills gap remains
Jackson said that his group – which replaced the Police Central e-Crime Unit (PCeU) in November - is beginning to recognise that fraud and cyber have a ‘massive impact' on crime and frankly admitted that it was once a low priority – set at MOPAC7. According to this PDF document in April 2013 from the Metropolitan Police, MOPAC7 crimes include burglary, robbery, violence with an injury, theft of a motor vehicle and criminal damage.
However, things have started to gather pace in recent times with the National Crime Agency coming into effect on October 1, with the National Cybercrime Agency part of the group. The Met Police cyber head admitted that there are still discussions to be had on logistics and how these groups communicate with each other, but said that a bigger concern is recruiting – and retaining – cyber security experts within the police.
[Scotland Yard has been making a big play with cyber-crime and announced last November that it was to quadruple the number of officers tackling such crimes in the city.]
Jackson said that this was a common problem in the public sector – where money and benefits are weaker than in the private sector – but said that it could also prove tricky considering that some highly-technical staff were moving across to the NCA, “leaving a void” in the police departments that they leave.
Training replacements is also difficult. “We're still trying to train our people like its 1987 so we need to look how we train our people,” said Jackson who added that he needed people with “multidisciplinary tech skills and a detective's investigative mentality”.
Met to introduce cyber security centre
But Jackson said that the unit – which started in October with 32 staff but which could rise to as many as 500 in future - is improving by focusing on, amongst other things, the deployment of malware, phishing scams, network intrusions and DDoS attacks. Its mission is helped by Sir Bernard Hogan Howe, the commissioner of police of the Metropolis, who ‘gets it' and who is looking to introduce the first fraud and cyber centre in London.
“The Met will do that,” said Jackson. “So we have a plan, it's a starting point, a significant step forward.”
“This is real police work, as I keep telling my colleagues. Ultimately it's about bad people making money,” he concluded, commenting that just this week cyber criminals involved in a bank fraud had been arrested.
In response to the news, Adrian Culley, global consultant at Damballa and a former Met Police Computer Crime Unit detective, told SCMagazineUK.com that Jackson's comments were proof that the policing model is outdated and not equipped for the cyber era.
“His concerns highlight that the 1827 policing model defined by the then Home Secretary, Sir Robert Peel, which has served us admirably for 187 years, is now seriously struggling to provide the policing that Digital Society and the Digital Economy now requires," he said via email.
"It should be of no surprise to anyone, but it seems to many in power, that a model which envisaged police handling the physical, tangible world of the early 19th century is now struggling. There is also a paradox here best voiced as "training our staff is expensive, and then they leave", "really, you should see the cost of not training them."
“Police units around the world are struggling with these same issues, and some pause for thought and deeper thinking is required from both the police and society.”