Are there missing links in policing when investigating cybercrime?
Daniel Cuthbert, Chief Operating Officer of Sensepost, a Cyber security consultancy, seems to think so.
I met with Daniel this week after I disappointingly missed a presentation he gave at the Home Office a few weeks ago, however this presented me a great opportunity to catch up with him on a one to one level to discuss the ever evolving world of cybercrime.
Daniel sports an impressive list of world law enforcement agencies he has worked with in tackle cybercrime, and is no doubt an expert in his field, seemingly only being one step short of the main role in a Hollywood blockbuster.
However, UK policing seems to have a long, long way to go to even reach the horizon of his personal accolade.
So why is policing so far behind?
There appears to be several reasons, with the most significant appearing to be a failure to leave the starting blocks.
Daniel tells of a life time of hacking, from the dawn of the internet, but it is only now in 2016 that ‘Cybercrime’ appears to have become a buzz word in policing.
Secondly, but not by far, the next biggest issue appears to be that policing is ill equipped to handle the challenges of what is even regarded as ‘low level’ cybercrime.
Daniel relayed a story about a start up company who were recently victims of a £50,000 cyber theft – a value too low for the radar of the NCA, but too great for frontline officers to know how to effectively investigate it. After failing on several attempts to provide the ‘digital’ evidence to the police (as police systems were not sufficiently equipped to receive the files) the evidence was eventually printed and handed over…….in paper copy!
I was also told about the police officer who, when investigating a cyber theft Daniel had brought to the attention of the police, had first attempted to seize CCTV evidence of the crime – despite it being reported as a ‘Cybercrime’ (an offence which occurred on-line).
So other than unpreparedness, where else are the missing links?
It would appear to me from Daniel’s description, that in very simple terms, there are 3 key links in the chain to investigating and detecting cybercrime:
1. Reporting – policing needs to be better equipped to receive reports of cybercrime and understand that the report is indeed an offence of cybercrime and should be investigated as such.
2. ‘Hacking’ (building a way to do something) skills. To catch a criminal, you have to think (or ‘hack’) like one.
3. Old fashioned police work (locate, arrest, interview, further investigate and prosecute offender)
We already know from the beginning of this article that we are missing large parts of link number 1.
However, we are and always will be good at the ‘old fashioned’ police work – the ‘bread and butter’ stuff if you like, so we have the final link covered.
What is desperately missing though, is link number 2 – the ability to ‘hack’. The ability to see through the eyes of the offender to work out how they ‘hacked’ their way to a £50k payout.
But, this is something that can be learned says Daniel. If you have an interest in the field, Daniel truly believes he can teach you to hack and therefore better investigate and most importantly understand what it is you are investigating.
So how does this all relate to disability?
Well, I believe that disabled and neuro-diverse officers and police staff are one of the key components of these links. The malleable substance needed to mould and hold the links together. This is why:
- Daniel states that anyone willing, with a genuine interest can be taught to ‘hack’.
- Policing is in desperate need of frontline officers.
- Policing is also in desperate need of officers and staff to investigate cybercrime, the largest growing crime trend of modern time.
- Disabled officers (due to Limited Duties Regulations and the need to increase force resilience) are desperate for meaningful policing roles, where their skills are put to best use, they can develop new skills, they are valued and they aren’t required to walk around the High Street on a Friday night.
Now, connect the dots using the sentences above. Surely the answer is obvious?
This is a simplistic answer I know, but a perfectly feasible one. Hacking can be taught and so to can investigation skills. After all, all officers have a basic level of investigative skills anyway.
So why don’t we start putting round pegs in round holes?
I also wanted to ask Daniel about his experience working with people with conditions such as Autism and Aspergers and the benefits they can potentially bring to this field. (I distinctly remembered seeing news reports about people with Aspergers hacking the US Government and desperately trying to avoid extradition).
He told me that he had met and worked with many talented people with varying degrees of both conditions over the years and distinctly recalls them being good at data linking, finding patterns in a wealth of data.
Daniel also said that being ‘task focussed’, often a trait of neuro-diverse thinkers, is another distinct benefit that can be brought to a team when chasing cyber criminals.
During our conversation about Autism and Aspergers, he also highlighted further benefits of diverse thinkers, the mindset of ‘not giving up’ until the task is complete. This struck me as a key strength not only of neuro-diverse thinkers, but of disabled people in policing, a subject I have blogged about previously.
It is clear to me that, although the components of the chain aren’t all linked in together yet, we do know what those links should be.
However, my question for policing is: “who will connect the dots?”
DPA General Secretary
All content within this article is the personal opinion of the author and is not necessarily representative of the views of the Disabled Police Association or a statement of policy intent. This article may be freely redistributed but must not be changed in any way.
The content of this article remains the intellectual property of the Disabled Police Association.