Original URL: http://www.theregister.co.uk/2013/07/30/ecrime_report_home_affairs_cmte/

UK the 'number 1 target' of online gangsters in 25 countries - e-crime report

Cyber crime: It's like 'NUCLEAR WAR'...

By John Leyden

Posted in Security, 30th July 2013 16:19 GMT

+Comment The UK is failing to win the war on "e-crime", according to MPs on the Home Affairs committee in its first ever report on online crime.

The committee published its "Report on e-crime" on Tuesday following hearings over 10 months, where the MPs heard from senior police officers as well as experts from academia, banks and the IT security business.

The committee appeared keen for banks, ISPs, search engines, social media sites and many other web-based businesses to start taking action against criminals operating online. The committee has advised that these companies apply filters, sort through content and report online crime to the police, among other things.

The comittee has also revived calls for a dedicated child exploitation prevention unit, an ISP code of conduct and an "IWF for terrorism".

In the report, the MPs criticised banks for "simply reimbursing the victims with no pursuit of the perpetrators" for cases involving low-level credit card or electronic banking fraud. "Banks must be required to report all e-crime fraud to law enforcement," it said.

Treat e-criminals like, er, criminals

The Committee called for the establishments of a "dedicated state of the art espionage response team" (the Mission Impossible squad, perhaps) to handle reports of suspected cyber-espionage from British companies, media, and institutions.

The Director of Public Prosecutions should review sentencing guidance to "ensure e-criminals receive the same sentences as if they had stolen the same amount of money or data offline."

The elected representatives on the committee also want to see a much tighter internet filtering regime. "It is still too easy for people to access inappropriate online content, particularly indecent images of children, terrorism incitement and sites informing people how to commit online crime," a statement by the Home Affairs Committee explains.

"There is no excuse for complacency. The Committee urges those responsible to take stronger action to remove such content. The Government should draw up a mandatory code of conduct with them to remove material which breaches acceptable standards."

The government should look at setting up a similar organisation to the Internet Watch Foundation focused on reporting and removing online terrorist content, according to the 11 MPs who make up the committee.

The MPs also criticised a reduction in funding to the ‪Child Exploitation and Online Protection Centre‬ (CEOP) of 10 per cent over four years, as well as plans to merge the operation with the ‪National Crime Agency‬ (NCA), which is due to begin work in October. Plans to establish the NCA were first announced three years ago and cleared after the passage of the Crime and Courts Act earlier this year.

The 'victims are hidden in cyberspace'

Committee Chair, Keith Vaz MP said: “We are not winning the war on online criminal activity. We are being too complacent about these e-wars because the victims are hidden in cyberspace."

He went on to say: "The threat of a cyber attack to the UK is so serious it is marked as a higher threat than a nuclear attack."

He added: "You can steal more on the internet than you can by robbing a bank and online criminals in 25 countries have chosen the UK as their number one target. Astonishingly, some are operating from EU countries.

"If we don’t have a 21st century response to this 21st century crime, we will be letting those involved in these gangs off the hook. We need to establish a state of the art espionage response centre. At the moment the law enforcement response to e-criminals is fractured and half of it is not even being put into the new National Crime Agency," he continued.

Vaz, a supporter of homeopathy who previously ran a campaign against video game violence, wants to see tighter takedown laws in the hopes this will remove what he views as objectionable content from the web.

The tragic murders of April Jones and Tia Sharp have shown the terrible consequences of access to indecent images on the web. Young people are increasingly radicalised online by the words of radical clerics such as Anwar al-Awlaki on YouTube or internet magazine Inspire. What starts on the web, ends up on the streets of Woolwich. The Prime Minister was right this week to highlight the responsibility of the Internet Service Providers, search engines and social media sites. They are far too laid back about what takes place on their watch and they need to do more to take inappropriate content down. If they do not act, the Government should legislate.

Filters? No, it's education that's needed

Adrian Culley, global technical consultant at Damballa, who previously served with the Computer Crime Unit at Scotland Yard, said the report highlights the need for greater awareness of online threats. "Today's report suggests we need a new approach to tackling the threats of e-crime. I'd argue that this means re-examining how we educate citizens to function safely, and with vigilance, in the digital society," Culley explained.

"The fact is that our society - and a large part of the economy - is now digital." Echoing the frustration of security consultants everywhere, he added: "Ultimately, there is no e-crime, there is just crime. There is no cyber Terrorism, there is just terrorism. There is no Cyber Warfare, there is just warfare.

"We all need to know how to be safe in our digital lives and a 'cyber proficiency' programme is now required to help empower people of all ages. The skill level must be raised across society, including for those officials tasked with responsibilities in these areas," he added.

Comment

Arguing that the UK should roll back the clock and separate CEOP from the National Crime Agency is unlikely to go anywhere. Other recommendations such as mandating banks to report cybercrime are unlikely to be effective either, unless police are given the resources and training to investigate online crime.

Perhaps banks could do more to collate reports of small-scale fraud to help police gain a broader picture of trends and larger fraudulent campaigns that might otherwise go unnoticed.

The report also lacks a detailed critique of Action Fraud, the UK Computer emergency Response Team, GCHQ's CESG or other relevant bodies in the fight against cybercrime and cyber-espionage.

Parliament's Intelligence and Security Committee, by contrast, came up with a far more sophisticated review of the security threat landscape earlier this month.

In El Reg security desk's opinion, statements by the Home Affairs Committee chairman fail to convince that the MPs have a clear take on what institutions are already in place and what the priorities ought to be in fighting cybercrime. ®