National Cyber Crime Unit Kevin Williams Partnership Engagement & National Cyber Capabilities Programme

National Cyber Crime Unit
Kevin Williams
Partnership Engagement &
National Cyber Capabilities Programme
[email protected]
Official
Problem or opportunity
Office for National Statistics
In 2013, 36 million adults (73%) in Great Britain accessed
the Internet every day, 20 million more than in 2006, when
directly comparable records began.
Access to the Internet using a mobile phone more than
doubled between 2010 and 2013, from 24% to 53%.
In 2013, 72% of all adults bought goods or services online,
up from 53% in 2008.
In Great Britain, 21 million households (83%) had Internet
access in 2013.
Broadband Internet connections using fibre optic or cable
were used by 42% of households, up from 30% in 2012
Release Date: 08 August 2013
National Security Strategy 2010
Tier One Threats
The National Security Council judges that currently – and for the
next five years – the four highest priority risks are those
arising from:
•international terrorism, including through the use of chemical,
biological, radiological or nuclear (CBRN) materials; and of
terrorism related to Northern Ireland
•cyber attack, including by other states, and by organised crime
and terrorists
•international military crises, and
•major accidents or natural hazards.
Tier Two Threat - A significant increase in the level of
organised crime affecting the UK
UK National Cyber Security Strategy
Slide 5
Challenges
• Understanding the
language and the threat
• Legislation & regulation
• Multi-jurisdictional
• The speed of the internet
• Skills gap in policing
• The cost of training & kit
• Competing priorities
• The Snowdon effect
What is cyber crime? – Serious and Organised Crime
Strategy
Cyber crime describes two distinct, but closely related, criminal
activities:
•Cyber-dependent crimes can only be committed using computers,
computer networks or other forms of information communication
technology (ICT). They include the creation and spread of malware
for financial gain, hacking to steal important personal or industry
data and denial of service attacks to cause reputational damage.
•Cyber-enabled crimes (such as fraud, the purchasing of illegal
drugs & child sexual exploitation) can be conducted on or offline, but
online may take place at unprecedented scale and speed.
https://www.gov.uk/government/publications/serious-organised-crime-strategy
Published 7th October 2013
Action Fraud
NCA Vision
Message from Keith Bristow
“Protecting the public: leading our fight against
serious and organised crime”
Working with our partners will be critical to the
success of the agency and it will be our
combined efforts, working to protect the public,
that will have a real impact.
Lead, Support, Co-ordinate
Protecting the Stuff that matters.
2013 NORTON REPORT
GLOBALLY
UK
(24 countries)
Protecting the Stuff that matters.
CYBERCRIME EXPERIENCES
58%
39%
45%
12 m
57%
63%
61%
41%
50%
378 m
64%
66%
US$1 bn
US$101
US$113 bn
US$298
25%
22%
32%
18%
38%
33%
42%
27%
54%
57%
•
• Workingof
adults
who use their personal device
for both
work and play
Adults who have been victim
cybercrime
and
risky
behaviors 32%
• Working adults who access or send personal emails through their
49%
•
work device **
Number of victims in the •past
months
Working 12
adults who
store personal info on their work device **
31%
14%
49%
27%
•
**
18% lifetime
Percentage of males who device
have
been victim of cybercrime in their
dults who say their company has no policy on the use of
•
Percentage millennials who
have
been
ofoncybercrime
in their
lifetime30%
• Parents
who let their
kids play,victim
download and shop
work devices **
26%
•
Adults who have experienced cybercrime in their lifetime
•
Adults who experienced cybercrime in the past 12 months
•
Adults who have been victim of cybercrime and risky behaviors
•
Number of victims in the past 12 months
•
Percentage of males who have been victim of cybercrime in their lifetime
•
Percentage millennials who have been victim of cybercrime in their lifetime
CYBERCRIME COSTS
2013 NORTON REPORT
•
Total cost of cybercrime in the past 12 months
•
Average direct cost per cybercrime victim in the past 12 months
CYBERCRIME GOES MOBILE BUT SECURITY IS LEFT BEHIND
CYBERCRIME EXPERIENCES
•
•
•
Smartphone users who have experienced mobile cybercrime in the past
12 months
•
Smartphone users who have a basic free security software
•
•
Adults who have lost their mobile device or had it stolen
Mobile device users who aren’t aware that security solutions for
mobile devices exist
• Tablet users
who have a basic free security
Adults who have experienced
cybercrime
in software
their lifetime
Adults who experienced cybercrime in the past 12 months
LINES BLURRED BETWEEN WORK AND PLAY
CYBERCRIME COSTS
•
Working adults who access their social network through their work
•
Working a
34%
personal devices for work *
32%
36%
•
Adults who share work information with friends through online storage sites
•
•
Adults who share work information with family through online storage sites
Online file storage users who use the same online file storage account for
both work and personal documents
8%
9%
18%
21%
19%
24%
don’t know
44%
56%
48%
•
LOW
MOBILE
SECURITY
Total cost of cybercrime in
the
past
12IQmonths
• Smartphone users who delete suspicious emails from people they
•
Average direct cost per cybercrime
in the
past 12 months35%
• Smartphone users whovictim
avoid storing sensitive
files online
UK
58%
39%
45%
12 m
57%
63%
US$1 bn
US$101
RISKY BEHAVIOR ON SOCIAL MEDIA
CYBERCRIME GOES MOBILE BUT SECURITY IS LEFT 48%
BEHIND 39%
32%
25%
•
•
Social network users who do not log out after each session
•
Social network users who share their social media passwords with others
•
Social network users who connect with people they do not know
38%
31%
46%
28%
23%
50%
59%
54%
56%
29%
29%
Smartphone users who have
experienced
mobile cybercrime in the past
RISKY INFORMATION
SHARING HABITS
• Online file storage users who think that online file storage is safe
65%
• Adults who use public or unsecured Wi-Fi
49%
12 months
• Wi-Fi users who access or send personal emails on public or unsecure Wi-Fi
41%
•
• Wi-Fi users who use public or unsecure WI-FI to access their social networks
Smartphone users who have
a basic
free
security
software
• Wi-Fi users
who use public
or unsecure
Wi-Fi to shop online
•
Tablet users who have a basic free security software
•
Wi-Fi users who access their bank account on public or unsecure Wi-Fi
*Among those who use the same device for work and play
**Among those who use devices provided by their employer
25%
22%
32%
POS
NCA Structure
DG Keith Bristow
DDG Phil Gormley
CEOP
Organised
Crime
Command
Economic
Crime
Command
NCCU
Intelligence Hub
Borders
NCCU – National Lead for Cyber Crime
• NCCU Operations - Lead the law enforcement response to the
highest level cyber crime threats:
 Malware
 Network intrusion – ‘hacking’
• Operational Support - Support NCA Operations and law
enforcement partners in their response to cyber-enabled crime.
 Technical experts
 Covert capabilities
 Problem solvers
• Strategy & Partnerships - Coordinate national and
international efforts to tackle cyber crime:
 ROCU & local capabilities
 International investigations
National Cyber Crime Unit
Capability to respond in fast time to rapidly changing threats and
collaborates with partners to reduce cyber and cyber-enabled crime by:
•providing a powerful and highly visible investigative response to the most
serious incidents of cyber crime: pursuing cyber criminals at a national and
international level
•working proactively to target criminal vulnerabilities and prevent criminal
opportunities
•assisting the NCA and wider law enforcement to prevent cyber-enabled
crime and pursue those who utilise the internet or ICT for criminal means
•driving a step-change in the UK’s overall capability to tackle cyber and
cyber enabled crime, supporting partners in industry and law enforcement to
better protect themselves against the threat from cyber crime
•Using the NCA's single intelligence picture, the NCCU works with partners
to identify and understand the growing use of cyber as an enabler across all
crime types. It can then determine the most effective ways of tackling the
threat.
•It encourages the mainstreaming of cyber investigative capability across
Law Enforcement for cyber and cyber-enabled crime.
Key threats to the UK
• The large scale harvesting of personal and business
data to commit fraud (malicious software)
• The targeted compromise of UK networked systems
to modify, delete or steal (i.e. ransomware)
• The targeted disruption of access to UK networked
systems and services (Denial of Service)
• The increasing volume of cyber-dependent criminality,
due to ‘traditional’ crime groups utilising the ‘as-aservice’ nature of the cyber crime marketplace (hacking
as a service)
• The growing number of support services (cyber
enablers) critical to cyber-dependent crime, which are
facilitating the successful commission of other ‘traditional’
crime types (money mules, bullet proof hosting, ToR)
CONTEST strategy – 4 P’s
The NCA delivers this national response through the four
pillars of:
•Pursue - prosecute and disrupt people engaged in serious
and organised crime
•Prevent - prevent people from becoming involved in
serious and organised crime
•Protect - increase protection against serious and
organised crime
•Prepare - reduce the impact of serious and organised
crime where it takes place
Government response
Small and Medium Enterprises
Get Safe Online
How to protect your business
• Multi Layer security systems – invest in good
security - defence in depth
• Have a cyber security strategy that is owned by the
board and discussed regularly
• Awareness campaigns to inform and educate staff
and customers – free anti virus, phishing advice,
two factor authentication, zoning
• Penetration testing - use controlled self generated
attacks to reinforce learning
• Identify an individual to liaise with law enforcement
and industry partners – trust groups
• Protect your brand – invest in intelligence, be allive
to typo squatting and new/emerging threats
• Exercise business resilience plans regularly