MPs: Policing ‘Black Hole’ Letting Cyber Crooks Generate Huge Profits

Cyber crooks are making “huge profits” because of a gap in the policing of low-level cyber crime, MPs have warned.

As noted in TechWeekEurope’s investigation of “patchy” cyber policing in the UK last year, cases where victims are defrauded a small amount of money are often not investigated by law enforcement, the Home Affairs Committee said today.

Banks often just reimburse victims without working with police to track down the criminals. Critics fear banks aren’t too pro-active in helping customers get all their money back either.

Cyber crooks getting away with it

“Criminals who commit a high volume of low level fraud can still make huge profits. Banks must be required to report all e-crime fraud to law enforcement and log details of where attacks come from,” the committee wrote in its report.

Experts believe the problem has stemmed from advice handed out by the Association of Chief Police Officers (ACPO) in 2005,  which recommended victims of cyber fraud go to their banks when they had been defrauded, not the police.

The committee also expressed concern over the sentencing of cyber crooks. “We were surprised by the fact Anonymous hackers who cost Paypal over £3.5m were given sentences of 7 and 18 months and do not believe they would have received such sentences had they physically robbed a bank of £3.5 million,” it added.

“The DPP [Director of Public Prosecutions] should review the sentencing guidance and ensure e-criminals receive the same sentences as if they had stolen that amount of money or data offline.”

Adrian Culley, global technical consultant at Damballa and former Metropolitan Police detective, told TechWeekEurope a big problem lay in the lack of education for the general public.

“By raising the level of skills and awareness across society, both citizens and officials, we can shine a light on the e-crime that is disappearing down a black hole,” he said.

“Digital crime can be much harder to prevent, detect and report due to its intangible aspects. We have to do better. If people have a raised level of awareness of what is safe and what is not safe, they are much more likely to both know that they have been the victim of crime, and also be able to provide the authorities with the technical information that its investigation will require.”

A cyber response team?

The committee also recommended establishing a “dedicated state of the art espionage response team” for British companies and institutions to contact in the event of an attack “so that effective action can be taken”, although Culley suggested one was already in operation.

“One would rather hope that a cyber espionage response team has existed for some time, and this reflects a shortcoming in the briefing of the committee rather than a lack of operational ability,” Culley added.

The committee also questioned why the government continued to use the £27 billion figure for the cost of cyber crime to the UK, when it has been so widely discredited. TechWeek has been to numerous recent events where the figure is still cited by officials.

“We are puzzled that the Government continues to use highly controversial figures, in which independent experts or indeed other government departments such as the Ministry of Defence have little confidence, as its basis for policy-making,” the report read.

Cross-border data sharing also appears to be a serious issue. “We cannot understand why the UK has refused to support funding for the new Europol CyberCrime Centre C3 which facilitates vital cross-Europe information sharing,” the committee added.

“We are deeply concerned that EU partner countries are not doing enough to prevent cyber attacks from criminals within their countries on the UK.”

Keith Vaz MP added: ““We are not winning the war on online criminal activity…  If we don’t have a 21st century response to this 21st century crime, we will be letting those involved in these gangs off the hook.”

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago