UK National Cyber Crime Unit open to business

The UK's National Cyber Crime Unit is open to working with the private sector, says deputy director Andy Archibald

The UK's National Cyber Crime Unit is open to working with business and other organisations in the private sector, says deputy director Andy Archibald.

“Business is welcome to contact us directly about dynamic, fast-moving cyber crime in action, and we will work with them to ensure they get the most appropriate response,” he told Computer Weekly.

The National Cyber Crime Unit (NCCU) sees a deeper, more defined and developed relationship with private sector businesses as crucial, not only to identify crimes and patterns of criminal activity, but also to tap into specialist skills.

“We need to be able to go to organisations in the private sector and ask to work with people with the skills we need in some of our investigations,” said Archibald (pictured).

“Industry can bring things to the table that we may not be aware of, and we will work with the private sector within the law if the solution to an operation is something the private sector can take the lead on.”

When it comes to sharing intelligence about cyber attacks, Archibald said the best point of contact for business would be the government‘s Cyber Security Information Sharing Partnership (CISP), now under the auspices of the recently launched national computer emergency response team, CERT-UK.

The NCCU recently conducted its first UK-wide operation as part of a co-ordinated international operation, just eight months since it was formed as part of the UK’s new National Crime Agency.

The NCCU has brought together specialists from the Police Central e-Crime Unit (PCeU) in the Metropolitan Police Service and the cyber division of the Serious Organised Crime Agency (Soca).

In mid-May, the NCCU co-ordinated the arrest of 17 suspected users of Blackshades malware, which is designed to take over control of computers and steal information.

“This operation has tested some of the principles that we have been working hard on around international co-ordination and collaboration to all pull together in the same direction,” said Archibald.

The operation also demonstrated that despite the well-known challenges to working in multiple jurisdictions, it is possible to share information and co-ordinate action around a common goal, he said.

Archibald believes that by working together, the various agencies will be able to identify what they need policymakers to do to remove or reduce the obstacles that remain.

“We have learned from this operation, which sends out a message that this is a global problem and that the solution is international, and I believe this kind of operation is the way forward.

“It is about how we work closer together to cause real damage to the infrastructure of organised crime, because pursuing those involved is only one aspect of the fight against cyber crime.” 

The NCCU regards malware development and deployment as one of the greatest threats and has made it one of its top priorities.

Co-ordinated in Europe through Eurojust and the European Cybercrime Centre (EC3) at Europol, police forces apprehended dozens of suspected users of Blackshades in 11 countries, including the UK.

Having a single lead agency for cyber crime investigation in the UK to describe, prioritise and counter the threat has made a “massive difference”, said Archibald.

“There are two types of activity we need to engage in: proactive, high-end investigative strategy against those developing and deploying malware and exploit kits, and the reactive aspect.

“But now in one agency we have the responsibility to balance the national response in terms of proactive activity with the reactive bit.”

One of the challenges of the past was that while the PCeU followed the traditional policing model of report and investigation, SOCA was focused on the high-end of those involved in developing malware.

“Now these activities have been brought together and the prioritisation focused, allowing us to flex the resources in the most appropriate way to ensure the collective UK assets are allocated at the right level,” said Archibald.

Other key benefits, he said, include the ability to co-ordinate training and capacity building in the UK and bringing international co-operation to a new level to help multiple jurisdictions deal with “de-confliction” and global investigation in a proactive way.

Archibald ascribed this success not only to the new structure, but also to “new thinking” that favours investment in new technologies, capabilities and skills, and not just in people.

Recruitment has also changed to focus on new skills and capabilities in technical engineering, coding, international relations and industry engagement.

While Archibald admitted competing with the private sector to attract and retain high-level skills was challenging, he was unwilling to criticise government over the funding issues that plagued the PCeU.

“My sense is that government has invested pretty well in cyber in the past five years,” he said, highlighting the total investment of around £840m under the national cyber security strategy.

“The investment may not have come directly to law enforcement, but where investments have been made, we have benefited from it, and we are using current funding well to develop the NCCU,” he said.

We are much better now at investigating cyber crime than we were before

Andy Archibald

According to Archibald, the new way of doing things is paying dividends. “We are much better now at investigating cyber crime than we were before,” he said.

Although he recognises there are skills that need to improve and that there is still a long way to go, he said the UK is now in a far better position to tackle cyber crime.

“Everything we are doing is different, which means we are better at the pro-active, high-end investigations, and we are doing it in an intelligence-led, threat-based, internationally coordinated way, and not just pursuing targets of opportunity,” said Archibald.

He was positive on the outlook for international collaboration: “We are quite fortunate to have people in key positions at the moment who share a vision of what can be done and who recognise the need to do things differently.” 

Based on the success of the Blackshades operation, Archibald said he expects to see more operations of this kind that will have a global impact.

Read more on Hackers and cybercrime prevention