- A much greater emphasis on training in cybercrime and digital forensics for all police officers and staff ( College of Policing is starting to deliver this)
- Greater collaboration between Police and Industry. (The CISPs and other projects as well as Police and Industry led fora are making this relationship closer)
- Tighter legislation to protect against Identity Theft
- Moving ActionFraud within the direct responsibility of the National Crime Agency or more closely to CERTs
- Investing more in Preventative campaigns including those targeting Small and Medium Enterprises and building on the Regional initiatives
- Expanding CISPs to cover all regions and sectors
- Investment in research to consider the impact of preventative campaigns and reduction strategies
- Greater public awareness of specific focus days such as Safer Internet Day
- Greater collaboration internationally between Police and Industry
- A clear joined up strategy between police forces including regional units and national agencies to analyse, investigate and prevent cybercrime.
Sunday, 4 October 2015
Reengineering Crime Recording
Reengineering Crime Recording
There are many deep questions people ask. What is crime? How is it recorded? What are the rules for recording? Is it a complete representation of all criminality?
Recent attention has focused on a change that will dramatically alter the amount of crime recorded and change the relationship between “normal” crime and its digital cousin. The Crime Recording system will also alter people’s perception of what crime is, how it’s recorded and how it’s investigated. These recent changes have created a debate that no doubt will have at least two sides and probably no ends.
The vision of Crime Recording in England and Wales is that it is renowned for being the best crime recording system in the world: one that is consistently applied; delivers accurate statistics that are trusted by the public and puts the needs of victims at its core. A brave statement. The new change should be focused on those aims.
The rules for Crime Recording are regularly reviewed and each force is inspected as to how it then executes and enforces the rules. Individual Force Crime Registrars are held accountable for crime recording performance. Police and Crime Commissioners continue to hold Chief Constables accountable for their ability to record crime accurately, effectively and in compliance of the rules.
All the data from Crime Recording systems across England and Wales is collated and published by the Office of National Statistics (ONS) having been removed from the Home Office to make them appear more independent and therefore reliable.
Over the past weekend the media announced that the crime statistics from ActionFraud (the UK response to fraud and computer crime), would be added to National Police Crime figures published by the ONS. The net result will be a 40% increase in crime overnight. The announcement, made by the Commissioner of the City of London Police, may not be great news for those who have heralded a reduction in recorded crime around the UK.
However there is little doubt that this will lead to a much more accurate assessment of criminality in England and Wales. Yet even with the addition of ActionFraud data, it is unfortunately not the full picture of criminality.
Police Crime Recording still excludes a small range of data recorded elsewhere, for example:
· Where the Serious Fraud Office (SFO) has been solely responsible for an investigation and arrest of a suspect, although the police charge the suspect and submit papers to the Crown Prosecution Service on behalf of the agency. The SFO has primacy of investigation.
· Where the police provide information, but no other assistance, to a Department of Business Innovation and Skills fraud investigation.
· Where the police offer custody facilities to customs officials who have apprehended smugglers and Her Majesty’s Revenue & Customs (HMRC) has primacy of investigation.
· Where the police accompany customs officials in raiding a ship suspected of smuggling and HMRC has primacy of investigation.
· The Department of Work & Pensions (DWP) provides the police with the names of benefit fraud offenders for intelligence purposes. The DWP has primacy of investigation.
· The police assist DWP officials in surveillance work that leads to the apprehension of benefit fraudsters. DWP has primacy of investigation
These examples are cited in the Crime Recording Rules. They all involve operational activity by Police for which there is no Police Crime Record for national statistics purposes. Each of the agencies keep separate accounts which need to be considered alongside “Police Recorded Crime” to get a full picture of criminality in England and Wales. Until now crime reported to ActionFraud was also excluded
Some other crime incidents do not have to be recorded by the Police. For example, if the National Fraud Intelligence Bureau (NFIB) has recorded an incident, and has not allocated it for investigation, and determined there are insufficient lines of enquiry to warrant further investigation. This assessment will be managed by the NFIB (which currently sits under the remit of the City of London Police). This data is however used for NFIB briefings with other Departments and Central agencies as well as industry but is not part of Police Crime Recording.
Most people would probably accept that incidents of online or cyber-crime (where the offence is committed within a digital environment rather than merely to perpetrate a “normal” crime) should be recorded and investigated. That simplistic approach is slightly frustrated for many reasons which can discourage victims from reporting incidents to the police such as:
· Where there are multiple victims across the globe or in the UK making the investigation too costly or unmanageable
· Where the likelihood that offenders live or operate in countries without mutual assistance for investigations, or extradition treaties.
· Where the embarrassment caused to companies of having been attacked and the consequential loss of confidence amongst its customers.
· Where the victim considers the cost of reporting (staff downtime, disruption etc.) to exceed the potential loss.
The reality is that such incidents do not become part of the rich picture of recorded crime. However, these incidents are sometimes within the knowledge of major cyber-security companies and of course the victims. There is an argument that they should all be included in the National Police Crime statistics.
Bringing all this information together to create a full and accurate picture of cybercrime and fraud sounds simple. However, unless this data can be collated, analysed and disseminated within a usable timeframe, it will be of little value. There has to be a balance between collating all relevant and accurate data about online criminality, and providing something useful and timely for investigation and prevention.
The ActionFraud data will help to provide greater granularity to f criminality in England and Wales but at the expense of a substantial shift upwards in crime numbers overall. Such granularity, however, can help to tackle broad national issues, but unless the data is relevant to locally instigated criminality, and is available to local officers, it will only be relevant to national agencies. It is believed the move by ActionFraud will not deliver localised data for all reports.
Even with ActionFraud data, the picture of cybercrime and fraud will still be incomplete. Data on cybercrimes and attacks including hacking and other digital related criminality is sometimes held by other centrally based Agencies or businesses.
For example, the UK Computer Emergency Response Team has led a number of Regional Cyber Information Sharing Partnerships (CISP) to allow industry and business to share incidents of cybercrime. These incidents, unless they lead to a prosecution or investigation, will probably not make it to the Police Crime statistics.
Looking at some recent incidents there are many different cyber focused crimes
Any sporting or social event can create the opportunity for scams and fraud. The current Rugby World Cup is no exception. To be able to respond with an effective investigation or to warn and prevent further offences requires swift and effective dissemination of intelligence and data through ActionFraud which is what ActionFraud and National Fraud Intelligence Bureau were established to deliver. Such advice is regularly provided to Forces and other organisations.
A crime involving “parcel mules” who steal from major distributors such as Amazon is not strictly a Cybercrime but is a fraud and/or theft dependent upon how it is executed. Unlikely to be identified at an early stage and possibly creating a lower level response from the Police if at all, the most that can be achieved is broad prevention strategy. Yet, with effective analysis by ActionFraud and the NFIB, offenders could be brought to justice. Bringing the ActionFraud data into line with Police Crime Data will make such an outcome much more likely
The need for prevention advice and swift investigative ability is highlighted by a recent case
In this instance using social engineering and digital skills a company was duped into giving away its data and allowing criminals to escape with £1M. Clearly this is a serious crime owing to both the substantial financial loss and gain. However, many much smaller, similar offences could be perpetrated without victims knowing for some time, or even ever at all. Yet these lesser offences are possibly held within NFIB or ActionFraud and so bringing them into the main Crime Recording system is a positive move
In this digital age you don’t need a sawn off shotgun and a mask to rob people, far easier to do it from the garden in your far away timeshare with your iPad. Understanding the difference between the two crime styles and the overlaps is an important aspect of crime recording and more importantly crime investigation.
Responding to the many types of online/digital crime and incidents requires the collection, analysis and dissemination of effective crime data enabling investigations, both proactive and reactive, as well as prevention campaigns. England and Wales have the institutions to deliver that including ActionFraud, CERTs and CISPs in addition to existing Crime Recording systems in police forces and the National Crime Agency. Bringing the data together, however unpalatable it will be in the short term, will improve our understanding of online criminality and help us to prioritise police resources accordingly
No discussion of crime policy should ignore the current financial restrictions facing Police Forces. There is no intention to create an additional workload when there may not be sufficient staff to manage even the current demand. By bringing the ActionFraud data into mainstream crime recording it will lead to a massive increase in the total crime recorded, it is suggested that it will be 40%. However, that crime already exists and this is a more open and honest way or reproducing it. The public will want to have some confidence that these crimes are being investigated properly or are at least used to prevent further offending.
If ActionFraud is operating as it was designed, and the NFIB is disseminating appropriate crimes for local investigation then crime has not “Increased” by bringing the data into Police Recorded Crime. It is just that people will have a better and fuller understanding of online criminality. Additionally it will allow far greater effort in tackling those crimes that affect people on a daily basis such as spamming, hacking and identity theft. Having a more open and transparent approach to crime recording allows policy makers and the electorate to make much more informed decisions about how public spending should be used.
Further changes that could make the investigation of cybercrime and fraud much more effective might include the following
Popular Posts in last 7 Days
Ransomware Seminar 19th May 09.30-11.30 Ransomware is now one of the biggest threats to industry, charities, health and citizens. Fin...
The company Wethersoons seems to have been hit by the next in a long series of hacks. See http://www.computerweekly.com/news/4500260119/Wet...
Today HRH Prince Charles visited Cumbria and was given the opportunity to meet a range of people, businesses and buildings across the county...
A few days ago the Register published an article about the waste of £20million pounds on Cyber Prevention. http://www.theregister.co.uk/2016...
The Apple FBI saga The disagreement over Apple and the FBI has become a microcosm of the world of cyber and digital crime. Warrant...
So we started the day with some trepidation or at least I did. A longer swim than ever before for Me. A stroll in the lake for Tom and Mich...
This week I attended a seminar on how to be a SIRO, Senior Information Risk Owner In other words how to protect the organisation from data a...
So Saturday was the Big March. Anywhere between 300 and 500,000 peaceful protesters protesting. All magnificently managed by the Met suppo...
I am helping Leeds University with a business Cybercrime Survey go to www.bit.do/cybersurvey to complete it or use the QR code. Many tha...
I have posted a guest blog about the TalkTalk saga on https://www.getsafeonline.org/business-blog/talktalk-saga-lessons-and-thoughts/ Please...