Thirty years ago, Clifford Stoll thwarted a major cyber attack against Lawrence Berkeley National Laboratory in California and the US military, successfully tracking hacker Markus Hess who had been extracting data and selling it on to the Soviet KGB. When he had evidence to hand and had verified his suspicions, he tried to alert the FBI. They asked him if he had lost more than half a million dollars or any classified information. He replied that he hadn’t and was met with the response:“Then go away kid.” Luckily Stoll’s persistence paid off and these days we would like to think that our tech-savvy culture would take this kind of attack seriously. But have attitudes really changed that much?
Recent studies have seen a reduction in physical crime, with Jonathan Shepherd’s team at Cardiff University reporting a 12 per cent fall in injuries due to violent incidents in 2013 and the Crime Survey of England and Wales (CSEW) corroborating the trend. But reports on crime levels have failed to address the alarming increase in cybercrime. Last year was dubbed the ‘Year of the Mega Data Breach’ with Symantec reporting a 62 percent increase in the number of breaches and a 91 percent increase in attacks on businesses of all sizes.
Cybercrime is not measured by the CSEW but estimates suggest cybercrime could be costing up to £27bn per year according to the Cabinet Office. Yet even more alarming is our inability to deal with this crime. Cybercrime is a low priority in policing and features in only 25 out of 41 police and crime commissioners policing plans according to a report by Her Majesty’s chief inspector of constabulary Tom Winsor. Begging the question, have we really come much further since Stoll first sprung Hess as a hacker?
Perhaps cybercrime is too prescriptive or niche? It may be tempting to put down the omission by the CSEW to an oversight… until one considers that the survey also fails to include fraud. In October 2013, the Telegraph reported that fraud cases had risen by nearly 60% in five years. According to figures released in March 2014 by Financial Fraud Action UK, fraud losses on UK cards totalled £450.4 million in 2013.As the UK is still in a recession, shouldn’t the act of committing fraud be a serious offence as fraud prevents the preservation of our nation’s wealth?
Yet change is afoot. In order to unmask the cyber criminal, the National Cyber Crime Unit (NCCU) has brought together specialists from the Police Central e-Crime Unit in the Metropolitan Police Service and SOCA Cyber to create expert technical, tactical intelligence and investigation teams.
Considering the advancing sophistication of cyber threats, an increased UK budget should be allocated towards the NCCU and other public intelligence services, to tackle the increasing number of cyber-crime cases. Spending should also be allocated towards educating the public of the nature of cyber-crime. Thousands of new UK laws have come into effect over the past few years, but how many of these are cyber-related? And is adequate support being provided to those such as the NCCU, who we expect to help us?
Perhaps we as a sector are guilty of being too insular and need to better communicate the importance of these concepts to the public and our protectors. The terms “cyber crime” and “cyber security” or “information security” should at the very least be household terms. We all now live in a technological mobile world and as cyber citizens need to help police the cyber world. And for that we have Stoll to thank.
By Rajinder Tumber, Security Assurance Officer, Auriga
Auriga is an expert consultancy specialising in Data Analytics, ICT and Security. We combine superior security and assurance knowledge with business management and process consultancy to analyse and secure valuable data. Our innovative business-centric approach has seen us challenge traditional accepted methods and the status quo within industry and we have worked on some of the most demanding projects in the UK, delivering measurable return on investment from business issues.
Rajinder Tumber can be contacted at email@example.com