Britain's FBI wants 'Five Eyes' cosy hookups with infosec outfits

Cloudsec The UK's National Crime Agency – Blighty's equivalent of the FBI – wants its staff to "colocate" with private-sector IT security companies around the world. In other words, investigators and infosec employees placed alongside each other to sniff out cyber-criminals.

This will apparently help the agency reach across jurisdictions, and bust underworld gangs around the planet. This is according to a keynote address delivered on Thursday at the Cloudsec event in London – a presentation the media was banned from attending.

Speaking at the conference, Oliver Gower, Head of Strategy, Partnerships, and Transformation for the NCA's National Cyber Crime Unit (NCCU), said a globally scaled security threat required a globally scaled security response.

Such a response should emulate the cosy Five Eyes spy relationship between America, the UK, Australia, Canada and New Zealand, said Gower, in that agents and employees in friendly countries and businesses should work shoulder-to-shoulder to combat cyber-crime.

He is keen to get beneath the sheets with information security outfits amid this international tie-up – having already bagged memorandums of understanding with Trend Micro and Intel Security.

As well as lauding the trans-jurisdictional efforts of the Joint Cybercrime Action Taskforce and the European Cybercrime Task Force, Gower mentioned a model the NCA was especially keen to copy:

The US's National Cyber-Forensics and Training Alliance (NCFTA), which is based in Pittsburgh, and "colocates" law enforcement agents with private sector security companies.

As the alliance states: "The NCFTA is a productive environment because we operate as one unit with our private and public sector partners. Our partners are located both on-site and off-site, and come from private industry, law enforcement, academia, and government."

Joining the dots internationally @CLOUDSEC2015 #cloudseclondon @SecureITUK_ @TrendMicroUK @TrendMicro @ayazrath pic.twitter.com/DB0eEfhS9O

— SecureIT Consult (@SecureITUK_) September 17, 2015

Noted in a single slide of Gower's talk was the Five Eyes Law Enforcement Group. Known previously as the Strategic Alliance Group Principals' Meeting, the shadowy organization was formed post-Snowden to "seek to reduce the international threat and impact of organised crime."

Although its methodology is unclear, it is, we're told, not a counter-terrorism intelligence partnership, though membership of the group is comprised of the anglophone Five Eyes nations.

Running a trans-jurisdictional effort to combat organized crime is more difficult than you'd imagine, Gower suggested. Police investigators struggle to accept their technical limitations, and need the help of talented information security types to keep up with progress.

Deconfliction between difference police forces is increasingly an issue for crime-busting coalitions, too. The possibility of undercover cyber-cops having their investigations blown by blue-on-blue bungling – an officer in one country interrupting and scuppering the work of another – is increasingly an issue.

Data glut

Gower also confessed that the NCA is struggling to deal with the volumes of data and intelligence it receives. The agency increasingly gets its information and evidence from "seized media" – confiscated memory cards, server hard drives, and so on, we assume.

Now these piles of data are mounting up and straining resources – putting pressure particularly on officers investigating pedophiles handling child-abuse images.

As a result of these "resource challenges," house visits by officers are not always possible. Some miscreants – such as those launching denial-of-service attacks against websites – simply receive warning emails. These missives are shared in cybercrime forums, usually accompanied with the usual prison-rape jokes, much to the delight of the agency: it means the miscreants are spreading the cops' message for them.

Excellent question. @CLOUDSEC2015 #cloudseclondon @SecureITUK_ @TrendMicroUK @TrendMicro @ayazrath pic.twitter.com/0EaqVqfRlu

— SecureIT Consult (@SecureITUK_) September 17, 2015

The NCA is also keeping a close eye on mobile malware and Tinba – or the Tiny Banker Trojan. Ranging from a mere 20KB to 100KB in size, the bank-account-raiding software nasty surfaced in 2012.

Interestingly, he also asked: "Can government take action to systematically remove malware from everybody's computers without them knowing it?"

"Probably not," came his firmly comforting reply.

The Register was told by the Cloudsec organisers that the agency wouldn't allow journalists in its session. Which is odd given that the keynote slides were widely photographed and tweeted by attendees without issue. Of course, this vulture pulled up a pew anyway and watched on. ®