UK NCA praised after arresting 57 suspected hackers

News by Doug Drinkwater

The National Crime Agency (NCA) this week arrested 57 suspected hackers in a widespread UK operation involving the Met Police and regional crime squads.

These individuals stand accused of cyber-crimes including data theft, fraud and malware writing, while other compromised cyber-crime groups were allegedly involved in phishing scams and DDoS attacks.

A 21-year-old man was arrested for his alleged involvement with the D33Ds Company hacking collective, which is believed to be behind the 2012 hack on Yahoo, which saw the loss and publication of 400,000 emails online. Another man, 23 years old from Sutton Coldfield, is said to be involved with the US Department of Defence (DoD) network compromise back in June 2014, while police also captured a suspected member of the Lizard Squad.

The youngest arrest was of a 16-year-old from Leeds who allegedly launched DDoS attacks against 350 websites, while police also captured someone who is believed to have made £15,000 from phishing.

The whole action was co-ordinated by National Crime Agency's National Cyber Crime Unit (NCCU) but also included the Met Police and specialist officers from Regional Organised Crime Units (ROCUs) – across England, Scotland and Wales.

The Met Police's newly-formed Fraud and Linked Crime Online (FALCON) unit arrested 25 suspects in the London and Essex area in connection with using the internet to steal money, launder cash and carry out other frauds.

The BBC technology correspondent Rory Cellan-Jones saw some of the arrests take place and later wrote online: “The arrest had some of the drama of a classic police operation - "Go! Go! Go!" came the command over the walkie-talkie as we approached the suspect's flat. But no doors were kicked in, and there were no shouts of "You're nicked!" The priority was to make sure any computers were seized before they could be shut down or their data encrypted.”

He added: “Teams arrived with equipment to gather data, and found a laptop and a desktop computer, both of them online. One officer was employed simply keeping her finger on the laptop's trackpad to make sure it didn't go to sleep. Later, police cyber-specialists would spend many hours examining exactly what was on the two computers.”

NCA's “strike week” also involved four forces setting up pop-up shops to give advice to the public about staying safe online and to get their devices checked to make sure they are free of malware. Ten ROCUs, meanwhile, visited 60 businesses, delivering personalised security reports identifying 5,631 compromises on servers in the UK.

“The 56 arrests around the country this week are a result of the essential partnership activity with law enforcement, industry and government that is at the heart of fighting cyber-crime,” said Andy Archibald, deputy director of the NCCU.

“Criminals need to realise that committing crime online will not render them anonymous to law enforcement. It's imperative that we continue to work with partners to pursue and disrupt the major crime groups targeting the UK."

Charlie McMurdie, senior crime adviser at PwC and ex-head of the Met Police Central e-Crime Unit, told “It's great to show what can be done with a coordinated activity amongst law enforcement across the country. It's a significant number  [of arrests] and hopefully it's improving learning and getting the message out there. But there are still plenty more people out there with cyber-crime capabilities.”

McMurdie called for wider industry support. “There's an awful lot more still to be done, but this requires a multi-sector response. It needs to be a multi-tiered response.”

She said that was now taking shape with the likes of PCU, Falcon and the ‘high-end' NCA, but warned:  “Law enforcement will never have the resources to combat the volume and severity of cyber-crime in isolation.” She said this requires localised cyber-hubs to liaise with industry and academia.

“The UK is leading the way in cyber-capabilities," said McMurdie, adding that this was down in part to the "good buy-in from the government". "I think the UK is charging ahead with improvements to its operational capability, the sharing of information and defensive measures."

The former detective added that "every crime has a technology component" and said that cyber-crime is costing "millions or billions of harm to the UK economy.”

Adrian Culley, an independent security consultant and a former Met Police Computer Crime Unit detective, told SC that this is yet more good news for the UK in its fight against cyber-crime.

“This wave of concerted arrests demonstrates both that the level of cyber-crime continues to increase and is increasingly pan-jurisdictional, but also that cyber-policing continues to rise to the challenge. It remains crucial that we all take responsibility for being safe on line, and the 'be cyber street-wise' site remains a great starting point for individuals.”

Roy Tobin, threat researcher at Webroot, added in an email to journalists: “Missions like this highlight the fact that cyber-crime is rapidly climbing up the agenda – and the more that happen the better. It's easy for cyber-criminals to believe that they can hide behind the anonymity that the internet provides, but this is a fantastic example of mass un-maskings. Cyber-criminals may start to re-consider their stance of being untouchable if there is a chance of the police raiding premises.”

Malcolm Marshall, global leader of KPMG's cyber-security practice, also said: “One of the reasons that cyber-crime has become so widespread is that the chances of getting caught are too close to zero, so it's good news that the NCA's teeth are biting. The success of their efforts will depend upon the justice system's ability to respond as effectively. Cyber-crime is no longer a niche crime, but pervasive.”

A video of some of the arrests can be seen here.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews