You’re more likely to be a victim of cybercrime than any other criminal offence in the UK. But, unlike conventional offences, cybercrime can be near impossible for conventional law enforcement to tackle.
We run down the worst security breaches of 2016 and reveal how to stay safe in 2017
That’s why thousands of police officers are receiving specialist cybersecurity training. In response to the unprecedented rise in cybercrime, 80 per cent of police forces across the UK are training their officers to become specialist cyber security investigators. This is the future of policing.
Virtual bloodstains and binary fingerprints
A cybercrime scene cannot be approached in the same way as a traditional forensics operation – in which investigators are looking for fingerprints, blood spatters or DNA. The conventional approach has the potential to destroy evidence.
“Back in the day the officers would just turn up, pull the electric supply out of the computer, bag it, tag it and wait for forensic investigation. This could take months before they retrieved meaningful information from the system,” says Phil Chapman, lead cybersecurity instructor at Firebrand Training.
For the frontline police investigating cybercrime, specialist knowledge is key to gathering digital evidence. When arriving at a crime scene, speed is essential and every second a computer is left unattended it loses data stored in its memory cache. The memory cache, which contains information including activity logs and internet history, details the activities of a potential cybercriminal in the minutes before the investigators arrived. If a computer powers down or locks, this crucial evidence will be permanently lost.
The cache, which could hold the data needed to convict a cybercriminal, is also lost after only two to five minutes of inactivity. However, if an officer gets onto the machine, it can be kept alive while the volatile data is retrieved.
The process – which takes between two and 30 minutes – doesn’t require special tools, but the specialists on the scene must have the expertise and training to access the data quickly. Once the volatile cache of these devices is secured, police use their specialist knowledge to image the devices, creating identical bit-by-bit copies. Creating these images – which can take upwards of five hours – produces a replica of the machines which can then be used to preserve evidence.
Interviewed on the BBC, DC Steve Mersh said: “It’s a case of learning the practical skills that we can utilise – no different to a finding a gun at a crime scene that we can make safe from the public and attribute to the criminal”.
Teaching the police how to hack
Every week, police officers arrive at centres across the UK to receive cutting-edge cyber security training from veterans typically responsible for training “ethical hackers” and “penetration testers”.
Police follow a unique cybersecurity curriculum, built to align with the unique demands of law enforcement – be it on the front lines or as a digital researcher. Over several weeks, officers are transformed from cyber security beginners to highly skilled cyber investigators capable of capturing volatile cache data and imaging computers.
Their training covers every aspect of information security, from politically-motivated hacking (known as hacktivism) to encryption and cryptography. To better understand and respond to the threat of cybercrime, officers are also learning how to hack. Police get to grips with the entire process of hacking – starting from information-gathering reconnaissance to track-covering by restoring the computer to its pre-attack state. The curriculum even culminates in industry-recognised cyber security qualifications, like EC-Council’s Certified Ethical Hacker.
To test the newly learnt skills of these specialists, police are also trained through time-sensitive simulated cybercrime scene investigations.
Fighting cybercrime on the frontline: is it enough?
“It’s what I see as the future of policing and although people don’t see it as the norm now, I think that it most certainly will be,” says DC Charlie Hare.
Already there are “certified ethical hackers” within our police forces, but is this enough to halt the rise of cybercrime? With more advanced cyber threats on the horizon, every sector must be educated in cybersecurity.
The damage caused by poor cybersecurity investment (and awareness) is clear, as demonstrated by the recent NHS hack. We’ve seen what damage cybercrime can do to the healthcare sector, how long will we have to wait for a worldwide financial cyber attack on the scale of WannaCry?
It’s worth noting that the training received by UK law enforcement is based on commercially available cybersecurity courses. This training could be adapted to any industry, sector or vertical – and it must be. As we’ve seen, it’s not just law enforcement in urgent need of cybersecurity skills.