Building networks for cyber justice

Sharon Lemon talks to Computer Weekly about the successes, strategy and challenges faced as leader of the Serious Organised Crime Agency's e-crime unit

The UK's law enforcement agencies are fighting back as organised crime makes heavy investments in technology and hacking skills.

The Serious Organised Crime Agency (Soca) is leading the fight against computer criminals, alongside specialist local police computer crime units. The organisation was created last year from the merger of the National Hi-Tech Crime Unit (NHTCU), the National Crime Squad, the National Criminal Intelligence Service, and parts of HM Revenue and Customs and the UK Immigration Service.

In an exclusive interview with Computer Weekly - her first since the creation of Soca - Sharon Lemon, former head of the NHTCU and leader of Soca's e-crime unit, said the organisation brought together a wider range of skills and powers to fight crime.

Its formation recognises that computers and networks add a new dimension to old crimes and create opportunities for new ones, with e-threats arising worldwide, she said.

Soca has 4,000 staff and a budget of £416m. It is responsible for investigating and preventing crimes such as organised drug smuggling, fraud, money laundering and financing terrorism, as well as e-crimes.

The idea that work on e-crime stopped when Soca took over the NHTCU is a misconception, Lemon said. She pointed to a high-profile success last year, when two identity fraudsters were convicted on evidence collected by Soca. They had nearly £200,000 confiscated under the Proceeds of Crime Act.

"We prepared a show-and-tell of how the gang operated, which was presented to the jury on a laptop," said Lemon. "The judge commented that this probably halved the time and cost of the trial."

Cross-border justice

In another case, Soca achieved a world first in cross-border justice when it worked with Russian police to persuade a Moscow court to use its evidence to convict three Russians for distributed denial of service attacks designed to extort money from UK online gambling firms Betfair and Blue Square.

Lemon has spent much of the past year building up relationships and networks with other e-crime units, particularly in the US, Canada, Australia and New Zealand, but also in the former Eastern Bloc. This work led to Moscow setting up its own high-tech crime unit.

"We can now call on a network of 140 Soca offices in 40 countries to help in an investigation," she said. "This gives us the largest reach of any law enforcement organisation in the world, except for the US Drug Enforcement Administration."

Lemon stressed that the e-crime unit has access to all Soca staff and their investigative and operational powers for any case. "We have more capability now than we had at the NHTCU," she said.

"My mission is to create a climate of fear for the online criminal. We want them to know that we can and will track them down wherever they are." Lemon's view is coloured by her experience as head of the National Crime Squad's paedophile online investigation team.

Early intervention

Lemon worries about the time it takes to bring criminals to justice. "Our mission is to prevent harm to UK citizens," she says. "But in­vestigations and trials can take three or four years. I think we need to intervene sooner to make things harder for e-criminals."

Soca's strategy is to gather intelligence about threats and the methods used, attack them, and so cut the room criminals have to operate.

Through Soca and other agencies, Lemon would like to see harmonisation of legislation that would make it easier to investigate and prosecute e-criminals in other jurisdictions. This would require action from the European Council and other international law-making bodies.

In the meantime, she is developing relations with G8 members, Interpol, Europol and others to get "push-button co-operation". This worked recently in tracking and arresting one of Norway's most wanted fugitives, an alleged murderer of police officers, she said.

Local e-crime challenge

Although Soca's work on the international front has shown results, the local e-crime-fighting scene is confused. For example, local police have been referring card fraud victims to their banks, rather than taking on investigations themselves.

Businesses and security professionals warned in April that the merger of the NHCTU into Soca could leave a gap in the policing of technology-related crime.

Their concerns, that victims of computer crimes that cross local police borders have nowhere to report them, have yet to be resolved.

Lemon pointed out that, although the NHTCU took reports of e-crimes, it was never a reporting body - and neither is Soca.

Plans to set up a centralised ­e-crime co-ordination unit under the Association of Chief Police Officers, could help. But this project is strapped for cash - something a House of Lords select committee has asked the government to supply "without delay".

The committee has also called for e-crime to be reported to a central point, and, separately, a Fraud Review has proposed a fraud reporting centre.

"These are all interesting developments that need to be considered as a whole," said Lemon. Soca's e-crime unit could benefit if information on computer crime is reported to a central point, she said.

The National Hi-Tech Crime Unit

The National Hi-Tech Crime Unit (NHTCU) was launched on 18 April 2001 as the lynchpin in the UK's response to cybercrime. It undertook national investigations of serious and organised crimes that used IT, and achieved a 94% conviction rate. It also consulted to local forces and other agencies, liaised with government on policy issues and provided a 24-hour point of contact for G8 countries.

The NHTCU contained elements from the National Crime Squad, the National Criminal Intelligence Service, HM Customs and Excise and police forces, and worked closely with the IT industry. It was absorbed by the Serious Organised Crime Agency on 1 April 2006.

Operation Tertiary: the Gelonkin case

The Serious Organised Crime Agency played a major role in Operation Tertiary, an international investigation into a crime gang that used the internet to obtain credit card and bank account numbers from unsuspecting Britons.

Gang members Anton Gelonkin and Aleksei Kostap used the accounts to steal at least £900,000 through online gambling sites and eBay, and police believe the real total could run into several million pounds.

The gang transferred funds from legitimate credit card accounts to credit accounts registered with online betting companies. They were able to set up the accounts under the names and addresses of the compromised account holders using forged identity documents.

When the gaming industry took countermeasures, Gelonkin and Kostap changed tack, using compromised credit cards to buy goods from internet retailers, which were delivered to PO box addresses opened using false identities.

The gang resold the merchandise on eBay, withdrawing profits in cash and transferring it overseas using Western Union, offshore banking services and unregulated online banking facilities.

National Crime Squad officers arrested Gelonkin and Kostap on 19 January 2005. Gelonkin pleaded guilty, and Kostap was found guilty at trial on 27 November 2006. Gelonkin and Kostap were subject to confiscation orders for £156,654 and £30,705 respectively in July 2007.

Read more on IT risk management