By Will Sturgeon, 26 January 2005 12:00
NEWS A UK high-tech crime buster has warned that his investigations are being severely hampered by a lack of money and has said funding could still be pared down further to the point that police units such as his become untenable.
Speaking at the Computer and Internet Crime Conference in London, DC Tony Noble from Surrey Police Computer Crime Unit said many reported incidents of cybercrime, such as hacking or data theft from within a company, don't get investigated due to "an accountancy culture" in the police force.
"If I have a company come to me with something they want investigated I have to personally battle for the funding," he said. "Just because you report a crime it doesn't mean you will get it investigated."
"As an investigator I've seen crimes where £100,000 has been lost turned down."
Noble said the funding available doesn't even stretch as far as providing him with a car, despite the fact he has to visit sites all over Surrey, and much of his budget goes on hiring outside expertise such as forensics companies, due to a lack of expertise in-house.
Noble actually describes the level of funding he receives as "very lucky" and expressed concern that this 'luck' may run out.
"We've been very lucky but we're aware this funding may dry up."
The problem he identifies is a Catch-22 situation whereby he lacks the funding to secure significant numbers of convictions, yet must do so to prove there is even a problem of cybercrime in the UK.
"If we can't prove we have a cybercrime problem in the UK then the funding will be directed to whatever else is flavour of the month," he said.
Noble also admitted the police still have a long way to go before they are up to speed on the various ways in which cybercrime can manifest. While each of the 45 constabularies in the UK now has a dedicated cybercrime investigator, Noble admitted these individuals may still be the only person who comes close to understanding a technical complaint, citing a "sorry, we don't do computers" culture among front desk and uniformed police.
And even if companies do get through to the dedicated computer crime investigator, they may be surprised by the level of expertise. Noble warned that many will be novices on many types of cybercrime and complete strangers to some.
"You might speak to an officer on one high-tech crime unit with a complaint about a DoS [denial of service] attack and he really might not know where you are going with it.
"You may have to help him out because he's going to need you to be the expert."
Perhaps it's unsurprising then that convictions for cybercrime are still few and far between but Noble offered some reassurance to those companies whose crimes do get investigated.
"If we don't get them in the criminal court, we'll sure get them in the civil court," he said. The evidence collected in association with forensics specialists means "if we can't get them beyond reasonable doubt we'll certainly get them on balance of probability," said Noble.
But such good news comes with a slight catch.
"We will give that evidence to the company at a price," he said. "We may pay £10,000 for a specialist forensic investigation. We have to recover our costs somehow."
Comments
There are 3 comments. Join the discussion
1. anonymous
Perhaps the lack of understanding is at government level as well as else where?
Most forces have considerable IT expertise within them, but the knowledge is held by support staff and very very rarely a few police officers. The culture of the police usually prevents non-police officers from being involved at a senior level which doesn't help. Turf wars and treading on toes and other sensitivities are endemic.
While forces need to make much better use of their expertise, the establishment of sufficiently large high tech units is a must. Cyber crime may well be large but it isn't as high profile as conventional crime. Its effects are dramatic and swift especially in a denial of service or other attack. Such actions are undertaken as usual without regard to the likelihood of being found out, and in any event there is often a quasi-suicidal approach to what transgressors do. They do it and don't care about the consequences for themselves, especially if they know that the likelihood of getting caught, far less having a significant sentence is relatively trivial.
2. anonymous
Maybe then the Police should set up program where volunteers help them - a bit like the community Policing thing.
Even if it's just to get their skills up. It makes me sick the amount of scams etc. where people try to rob hardworking people and companies. If the money's not there I'm sure the help could be.
3. anonymous
The trouble is being an IT expert is not the end of it. You make be the bees knees at programming etc, but not be able to present a forensic disciplined report that would stand up in court. I have seen many such people balls up evidence. Also not all forces are som badly equipped. The Met Police has over forty trained forensics experts in this field.