Antivirus hid more than 9,000 'cybercrime' reports from UK cops, says watchdog
Detailed info wound up in quarantine
Just one of Britain's 43 police forces treats online crime as a priority – while the Action Fraud organisation managed to withhold 9,000 so-called cyber-crime reports from cops thanks to badly configured antivirus on its reporting portal, according to a government watchdog.
Software intended to screen reports about online threats sent to Action Fraud by members of the public was incorrectly triggered when members of the public, er, tried to report cyber threats against them.
A police database called Know Fraud, operated by the National Fraud Intelligence Bureau (NFIB), was incorrectly holding some detailed reports in quarantine after an "updating" of the system in October 2018.
"In some cases the automated system mistakenly identified reports as containing malicious coding," said the poker-faced watchdog, Her Majesty's Inspectorate of Constabularies and Fire and Rescue Services (HMICFRS). (This used to be called plain old HMIC until someone tacked on the fire brigade part.)
Around 9,000 reports were languishing in quarantine in April though as soon as HMICFRS began sniffing around, City of London Police – owners and operators of the NFIB – began work on the backlog, which they'd whittled down to 6,500 by July. The Press Association reported (via The Guardian newspaper) that supplier IBM would be carrying out a "review" of "security protocols".
Meanwhile, though the report's authors tried to strike a positive note in their summary and foreword, the detail gave the game away. More than a quarter of police forces "told us that cyber-dependent crime, and cybercrime more generally, were not a specific strategic priority," said HMICFRS.
Businesses reporting cybercrimes against them "were less likely to be considered vulnerable" by police workers, even though the NFIB stated a few months ago that businesses were at a "high risk of becoming victims" of cybercrime – prompting police to treat them "differently from other victims" and even delaying their response, particularly for SMEs.
Although all UK police forces now have cybercrime units, it appears from the HMICFRS report that there is something of an internal police power struggle over which police units should receive, classify and allocate online crime reports for investigation – as well as deciding who gets to investigate, potentially landing the lucky cops with a lucrative outcome and positive PR. While Action Fraud (the preferred initial point of contact) is increasingly seen by the general public as an ineffectual front that does little to tackle crime, HMICFRS said it had "found several examples of forces not committing to the regionally managed, locally delivered model agreed by chief constables".
Further, said HMICFRS, "the level of influence of the regional co-ordinator varied across the regions", also noting that the quality of investigations varied across the country – and endorsing the idea that "investigations by the regional and national teams were, in our view, of considerably better quality overall than those done by local forces".
The report can be read in full on the HMICFRS website. ®