Original URL: http://www.theregister.co.uk/2008/05/21/soca_cybercrime/

SOCA defends e-crime record as minister admits gap

NHTCU 'nostalgia' misplaced, says UK's FBI

By John Leyden

Posted in Law, 21st May 2008 12:24 GMT

Analysis The Serious Organised Crime Agency (SOCA) has defended its record in tackling cybercrime, arguing that it has more resources at its disposal in fighting e-crime than the more specialist police agency it replaced.

But the defence comes as a Home Office minister acknowledged gaps in UK e-crime strategy and announced plans to establish a new e-crime reporting and investigation agency.

SOCA opened its doors on 1 April 2006 following a merger of the National Crime Squad, the National Criminal Intelligence Service, the National Hi-Tech Crime Unit (NHTCU), the investigative arm of HM Revenue & Customs on serious drug trafficking, and the Immigration Service's unit dealing with people trafficking.

Its top priorities in fighting drug dealing and organised immigration crime have prompted criticism from sections of the IT security community, who reckon the fight against cybercrime is not getting the resources it deserves since the absorption of the NHTCU.

David Roberts, chief executive of the Corporate IT Forum, said last December that IT directors are starting to believe that the government is failing to prioritise the fight against cybercrime.

"There is no source to go to to report e-crime, other than the local police station – and they have very little understanding of it. It is a significant problem," Roberts said in comments typical of those from others in the industry we've heard repeatedly over recent months.

The battle against drugs gets 43 per cent of SOCA's budget while the fight against fraud - a category that includes cybercrime - gets just five per cent of the pie.

SOCA has a total headcount of 4,000, against which the specialist e-crime unit may look small, even taking into account that the majority of SOCA's workforce are support personnel. A spokesman for SOCA said whether the resources SOCA is allocates to the fight against e-crime are adequate is a question for ministers to answer.

But, he added, the number of specialists officers tackling e-crime has been maintained over the last two years at 58, more than it inherited from the NHTCU (though it wasn't able to say what this figure was).

The spokesman said these officers were able to draw on a larger base of support personnel, such as 140 liaison officers in 40 countries across the globe, than was the case with the NHTCU. Furthermore these officers have been freed of the burden of covering child abuse investigations, a task that's been passed onto the Child Exploitation and Online Protection (CEOP) Centre.

"The NHTCU had a smaller headcount and included people dealing with child abuse," SOCA's spokesman told El Reg. He wasn't able to say what NHTCU's lower headcount was but maintained that the number of staff aware of e-crime risks was higher in SOCA than at the NHTCU.

"Some of the staff we inherited who specialised in e-crime have transfered to other departments while we've maintained the headcount in the specialist department at the same level," he said.

Nostalgia ain't what it used to be

SOCA is focused on high-level trans-national crime and only takes reports of cybercrime indirectly. Commercial victims of cybercrime have been obliged to report problems to their local police forces, a situation that often proves unworkable. Meanwhile consumers are obliged to report problems to banks or auction house.

Gripes about reporting and lower-lever e-crime came to a head this week, when parliamentary under-secretary of state Vernon Coaker told the House of Lords science and technology committee on Tuesday that the Home Office acknowledged there was a gap in e-crime reporting and cybercrime investigation that needs to be bridged.

The Home Office wants to make the National Fraud Reporting Centre (NFRC) a one-stop shop for the reporting of fraud. The agency would have a law enforcement arm.

Coaker plans to meet representatives from the relevant policing agencies - the City of London Police, SOCA's e-crime unit, the Met's Hi-tech Crime Unit, and the Child Exploitation and Online Protection Centre - on 4 June for talks about how the proposed unit would sit alongside their respective responsibilities.

During the committee hearing a number of peers echoed long-standing industry criticism of SOCA. "We used to have huge expertise in IT within the NHTCU. This expertise got very efficiently removed into SOCA, which killed it," said the Earl of Erroll, a cross bench peer who's rare in parliament for having a background in computer security and IT development.

Lord Broers was even more scathing: "SOCA has destroyed IT focus in terms of investigations."

SOCA rejects criticism that e-crime appears to be a low priority as "unfair". SOCA's functions don't include taking reports of e-crime directly but then again neither did the NHTCU's. "There's quite a lot of nostalgia for the NHTCU but it's not quite accurate. The NHTCU is not a reporting centre and neither is SOCA," the spokesman explained.

The agency indicated it would welcome the establishment of an e-crime reporting centre, downplaying concerns about possible overlaps. "We would work with the reporting centre, which would handle e-crime reporting and analysis," the SOCA spokesman explained.

Fighting the good fight

NHTCU officers were a regular fixture at security conferences and maintained close relationships with security vendors and security specialists within banks and other financial institutions. SOCA representatives argue that the perception links between police and the IT industry in UK have deteriorated since it took over are mistaken. "We have a good relationships with the IT industry which we intend to further improve," the spokesman said.

The agency announced some successes in combating cybercrime when it published its annual report last week - even though the report as a whole concentrated on the fight against drugs, people trafficking and organisational issues. During the year up to April 2008, SOCA said it issued 46 warnings of criminal threats to 2,500 private sector organisations. One alert alone saved an unnamed bank £500,000, it said.

Another cybercrime case, Operation Ajowan, involved the trade in stolen credit card and identity details on the web. One of the convicted conspirators was responsible for potential losses of more than £6m, according to SOCA. The agency was also involved in seizing thousands of "fake financial instruments" valued at around £8m and bound for the UK as part of an international initiative against mass marketing fraud.

Project ELEGIA, aimed at identifying compromised financial and identity data being traded by online criminals, including those from associated with Rockphish phishing fraud attacks targeting UK banks.

SOCA's objectives in the cybercrime arena include "countering the exploitation of technology by serious organised crime" and reducing identity fraud and counterfeiting, it said in its annual report.

While denial of service attacks, international credit card rackets and organised phishing frauds fall within SOCA's remit, more mundane hacking attacks and auction frauds do not but these are probably the source of huge but undefined losses.

A survey of 1,000 companies, commissioned by PriceWaterhouseCoopers and the Department for Business Enterprise and Regulatory Reform (BERR), found that 13 per cent of the UK’s large businesses have had their network penetrated by hackers. A seperate survey of IT directors, also out this month, revealed that a third of businesses do not report their information security crimes and breaches.

Whatever the shape of the UK's anti-cybercrime effort after next month, SOCA will continue to have its hands full, while The National Fraud Reporting Centre will start its life with a bulging in-tray. ®