Feeds

UK police 'not prioritising cybercrime', Microsoft says

'Inadequate' reporting structure

High performance access to file storage

The Home Office is not taking cybercrime and related fraud seriously enough, Microsoft says.

The software giant says that cybercrime reporting mechanisms in the UK have been inadequate, since the closure of the National Hi-Tech Crime Unit (NHTCU), whose operations were folded into the Serious Organised Crime Agency (SOCA) last year.

Its critique comes in a hard-hitting submission to a House of Lords Science and Technology Committee inquiry into internet security.

In a written submission to the committee ahead of its oral testimony last week, Microsoft described the scope of the cybercrime problem as "wide and growing". The 22-page document contains a number of significant factoids about the scale of the problem. Microsoft describes internet security problems as encompassing spam messages ("of which we block over three billion a day in Hotmail/Windows Live Mail"), phishing attacks (aiming to tricking users into handing over login credentials for online accounts), malware, spyware, Trojans, viruses and bots.

Last year, Microsoft identified 104 phishing sites in 39 European countries that subsequently becoame the subject of legal enforcement action. Based on these actions, Microsoft concludes that the majority of phishers are males aged between 16 and 20 and that Spain, France, the UK and the Netherlands are the centres of the phishing fraud within Europe.

According to the company, improving online security requires a multi-pronged approach including consumer education, technological practices, and improvements and legal enforcement.

Microsoft critics will doubtless be quick to point out how insecurities in Microsoft's own software have supplied a fertile breeding ground for virus writers and hackers. Naturally enough, Microsoft prefers to emphasise the security improvements brought by Windows XP SP2 and Vista.

SOCA it to them

That debate has been well aired and it's where Microsoft's response to questions about how well the government is equipped to combat cybercrime and on the UK's existing cybercrime laws that the software giant (uncharacteristically) holds forth.

"In the UK, one issue that needs addressing is the problem that cybercrime and related fraud are not presently priority indicators for the police as set by the Home Office. With the changes around SOCA, the proposed re-structuring of police forces, and the disappearance of the NHTCU it is unclear how cybercrime and reporting mechanisms are being systematically addressed. There is no single reporting mechanism in the UK (as there is in the US), thus, no reasonably supported statistics aside from anecdotal information and surveys," it states.

Microsoft suggests that providing a framework for third parties to take action against cyber criminals could provide a way forward.

"What is equally as important is establishing a right of action for third parties. Individual users often lack the technical expertise and financial resources to take action against spammers and other cyber criminals. A third party right of action could protect consumers, which could include our own customers, by bringing damage claims that deter cyber criminals from continuing their activities. Companies could also recover some of the economic losses that cyber criminals cause to them in increased security costs and reputational damage," it said.

Tom Bishop MP (Lab.) comments that comments that Microsoft is essentially saying (albeit diplomatically) that the Home Office "is not interested in cybercrime" and "has no idea of the scale of the problem".

We wanted to speak to the author of Microsoft's submission, but the company was reluctant to discuss the issue any further, at least until the House of Lords committee has completed its inquiry. Instead, Microsoft issued a bland statement that sheds little extra light on the matter.

"Microsoft continues to support and work with the Home Office in helping to combat online crime. We engage with governments and communities worldwide on issues concerning security and internet safety. We welcome the UK government's efforts both in updating the law to help deal with new criminal activity online and with its ongoing dialogue with industry in this area," it said

"We fully support the launch of the House of Lords Science and Technology Committee inquiry into personal internet security. The committee are exploring various options as to how better consumer education, technological improvements, and enhanced legal enforcement can all play a key role in tackling the growing problem of cybercrime. We hope that this inquiry will help highlight the importance of this issue to us all." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.