UK broadsheet The Guardian reported recently that London’s Metropolitan Police Service, colloquially known as The Met, has quadrupled the size of its cybercrime unit in the last two months.
This should make happy reading for readers of this site.
Last year, after news that funding for fighting cybercrime in the UK had been cut significantly, we ran a Naked Security poll asking if this was the right way forward.
More than 75% of participants said, “No. Cybercrime is on the rise, and we need more resource to fight it.”
Of course, ongoing violent civil unrest in London has been making global headlines over the weekend. Arson, looting and wanton destruction of property has taken place in more than one part of Britain’s capital, putting lives, jobs and the economy at a clearly-visible risk.
So it’s reasonable to ask whether cybercrime operations at the Met are more deserving of funds than more traditional aspects of policing aimed at directly protecting life and property.
Former commissioner of the Met, Sir Paul Stephenson, noted last year that some observers wanted the specialist work done by the Police Central e-Crime Unit (PCeU) to be left to industry, banks and retailers.
But he disagreed with this approach, arguing that law enforcement could not afford to fall behind cybercriminals in the skills at their disposal.
(Ironically, Sir Paul recently resigned from the Met in the wake of the News of the World phone hacking scandals.)
I agree that law enforcement and our economy cannot simply rely on industry verticals – including security companies like Sophos – for our collective ability against cybercrime. Few crimes these days have no cyber-element. From investigation, through arrest and the bringing of charges, prosecution and sentencing, most modern criminal cases require cyberskills.
I’m not talking just about the ability to use a PC and do internet searches.
I’m talking about the ability to perform forensic data recovery, to make sense of arcane system logs, to extract data reliably from seized mobile phones, and much more.
And I’m talking about the need to package and present this evidence in a way which not only satisfies the meticulous rules of evidence imposed by the courts, but also makes sense to a jury and a judge without any of those cyberskills.
The physical damage wrought over the weekend in London by rampant crowds of law-breakers is heart-wrenching. But cybercrime can be equally damaging, though less obviously so.
Don’t forget that in a recent FBI-driven bust, a small Latvian cybergang was charged with ripping off a whopping $72 million from some 960,000 victims in less than two years. That’s just one scam (selling fake security software) operated by just one gang of crooks.
The collective threat of cybercrime is thousands of times – perhaps tens of thousands of times – larger than that single $72,000,000 bust. Sir Paul was right to say that our police can’t afford to fall behind the cybercrooks.