Met admits police e-crime unit is under-resourced

Writing in the Sunday Telegraph, Metropolitan Police commissioner Paul Stephenson, said, "At any time, the police service is only actively targeting 11% of the 6000 organised crime groups in England and Wales."

He said only 15% of the 385 officers dedicated to online crime were investigating terrorism, fraud, identity theft and other serious non-personal crimes; the rest were investigating child exploiters and tracking the online exchange of child pornography.

Stephenson said the Met's Police e-Crime Unit (PeCU) budget for 2009 was about £2.75m. "It has been estimated that for every £1 spent on the virtual task force, it has prevented £21 in harm from potential theft," he said.

The task force includes detectives, banks, the payment services sector, the internet and telecommunications industry and universities, he said.

Stephenson's comments came days after UK police arrested 19 Eastern European suspects in connection with the use of the Zeus trojan malware to steal bank account details that led to the theft of more than £6m over a few months.

Following related arrests in the US, the Ukraine and the Netherlands, the FBI reported that the gang had stolen $70m.

"This was a major theft ring," said Gordon Snow, assistant director of the FBI's cyber division. "Global criminal activity on this scale is a threat to our financial infrastructure, and it can only be effectively countered through the kind of international co-operation we have seen in this case."

The FBI said hackers in Eastern Europe used the Zeus trojan to infect computers around the world. The virus was carried in an e-mail. When targeted individuals in businesses and public authorities opened the e-mail, the malicious software installed itself on the victim's computer, secretly capturing passwords, account numbers and other data used to log into online banking accounts.

The hackers used this information to take over the victims' bank accounts and make unauthorised transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of "money mules", the agency said.

"Many of the US money mules were recruited from overseas. They created bank accounts using fake documents and phony names. Once the money was in their accounts, the mules could either wire it back to their bosses in Eastern Europe, or turn it into cash and smuggle it out of the country. For their work, they were paid a commission," the FBI said.

Stephenson gave further examples of cybercrimes. Four criminals had stolen the personal financial details of hundreds of people that allowed them to identify up to £8m they could steal. "They siphoned off £750,000 from 64 victims before police arrested them," Stephenson said.

He said detectives working with the financial sector had uncovered 600 bank accounts criminals planned to use to "cash out" the proceeds of cyber theft.

He said he knew of a chief executive who feared having to lay off more than 8,000 workers because his £100m-a-year company was losing sales to websites that sold counterfeit versions of his company's fashion jewellery.

Stephenson said "cyber-extortionists" had threatened to rent or buy botnets to mount distributed denial of service attacks against websites that refused to pay.

"My investigators tell me the expertise available to them is thin compared to the skills at the disposal of cyber criminals," Stephenson said.

Stephenson said online fraud had generated £52bn worldwide in 2007. "We believe there is major under-reporting of all types of cybercrime," he said.

"There is a risk that cybercrime will become [criminals'] main source of cash flow," Stephenson said. He said the shift to "superfast broadband" would help criminals as well as businesses and private individuals. It could boost online trade by nearly £20bn, he said. "This is a huge opportunity for legitimate commerce – and for online fraudsters."

Stephenson called on companies and individuals to ensure their anti-malware protection is up to date and switched on.

"We must also ensure that, if British crime gangs take up e-crime as enthusiastically as we fear, we can match the skills at their disposal. We must have the expertise to stay ahead of the criminals," he said.

It was essential to keep a uniform presence on the streets, but specialist detectives are just as crucial to ensuring we are all better protected, he said.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?