Computer crime sentences are ‘not good enough’
Get Tough, Police urge
A senior policeman has called for higher sentences to combat hi-tech crime.
Detective Superintendent Mick Deats, second in command of Britain's National High Tech Crime Unit, said that computer crime sentences are "not good enough".
"What we're dealing with is hi-tech burglary - and sentences don't reflect that or the full impact on business of cybercrime."
Det Supt Deats made his comments during a panel discussion on cybercrime at this week's Infosecurity show in London. During the session the Hi-Tech Crime Unit outlined its progress to date in investigating hi-tech crimes. These include investigations concerning: denial of service attacks, hacking, hi-tech fraud, extortion intellectual property theft and the use of the Internet by paedophiles and drug dealers.
Since its foundation in 2001 the NHTCU has dealt with 2,000 crime reports, conducted 41 operations and made 101 arrests, 25 per cent of which relate to paedophilia charges. Det Supt Deats said 85 per cent of these arrests result in prosecutions, the majority of which are waiting to go to trial.
Of those who have gone to trial, Det Supt Deats is far from satisfied with the outcome.
So is additional legislation needed?
Not according to Detective Chief Superintendent Les Hynds, head of the National Hi-Tech Crime Unit, who said existing laws - such as the Computer Misuse Act and the Regulation of Investigatory Powers Act - are adequate. However he added a rider that neither piece of legislation has been fully tested in court.
And there is now "incontrovertible evidence" that organised criminals are becoming involved in hi-tech crime, Hynds says.
A recent NOP survey on cyber-crime revealed that even excluding the most common offences of lap-top theft and viral attacks three in four of 150 business surveyed had suffered from some type of hi-tech crime. Financial fraud and sabotage by insiders are the biggest problems.
According to Deats, 56 per cent of organisations hit by hi-tech crime do report offences to police. However there remains a lack of openness about reporting cybercrime in particular sectors of the economy.
Banks less than Frank
Banks, for example, are not sharing information about serious fraud among themselves and this makes it easier for criminals to operate, Det Supt Deats believes.
Ged Edgcumbe, security risk control manager, at investment bank UBS Warburg, conceded this point.
"Bank don't talk about cybercrime, even internally. And if they do talk it is not necessarily open and frank," he said.
Jeremy Beale, head of e-business at the Confederation of British Industry (CBI), said business concerns about cybercrime differ markedly from those of the police.
Business are principally concerned that the rising problem of cybercrime might discredit ecommerce, which many firms are successfully adopting to improve their competitive advantage. For individual companies, damage to brand reputation caused by cybercrime incidents is the principal concern.
The police want to catch criminals involved in cybercrime and prosecute them as a deterrent whereas firms hit by e-crime are principally interested in making sure it has a minimal impact on the businesses.
"Police and business perspectives on cybercrime are world's apart," said Beale. ®