Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell...

27
Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west - midlands.pnn.police.uk Twitter: - @ROCUWM

Transcript of Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell...

Page 1: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Detective Sergeant Gary Sirrell

Detective Sergeant

Martin Taylor

[email protected]

Twitter:- @ROCUWM

Page 2: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Why are we here ?

• Police cannot tackle this alone

• Develop working partnerships and collaborations

• The BCS and others outside of law enforcement have a key role to play

• Difficult Landscape

• Under Reporting

Page 3: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Following review, it’s now 1.9 billion!

Page 4: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Local Policing Structures

• 43 Separate Forces

• Mainly Operating Independently

• Range from 973 in Warwickshire up to 33,367 in London (Met Police)

Page 5: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Regional & NationalPolicing Structures

10 Regional Organised Crime Units (ROCU's)

Page 6: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Hacking Motivations

Who is doing this computer hacking and why?

Page 7: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Threats / Motivation• Hacktivism

• Fame / Kudos (Experimenters and Gamers• Financial (Theft, Fraud, Blackmail – DDOS )• Insider• Business - IP & Competitive Advantage• State

Page 8: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Common Reports

• RANSOMWARE Malicious emailsRDP Vulnerabilities

• INSIDER THREAT Account privilegesSuspension/Termination

• DDoS Motive?• BANKING MALWARE Malicious Emails

Often a combination of attacks and data sources

Human vulnerability is often the biggest threat

Page 9: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

The video used is

https://www.youtube.com/watch?v=lc7scxvKQOo

‘This is how hackers hack you using simple social engineering’

Hackers don’t just hack computers. This video shows hacking a Human through ‘Vishing’. There’s also Phishing & Smishing!

Page 10: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Cyber Crime Strategy… The four P’s

PROTECT – Ensure adequate protection against the threat. (Think of this as traditional Crime Prevention)

PREPARE – Reduce the impact where it does take place (Encryption, Backups, Exercising, Plans etc)

PREVENT – Stop people from engaging in criminal activity. (Diversion from Crime, offer alternatives)

PURSUE – Identify, disrupt, and take action against those engaged in criminal activity. (You know this one)

Page 11: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

RCCU Structure

Page 12: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

The ‘Protect’ Role

• My role is predicated on the premise that 80% of all Cyber Crime in relation to the public and small businesses is preventable by the implementation of basic advice and controls.

• In the physical world we are pretty good at security. This is reflected in the fact that traditional crime is falling. Yet Cyber Crime is a massive problem, is under reported, and is growing.

Page 13: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Passwords really are the keys to the Kingdom..

• Video Used is

• https://www.youtube.com/watch?v=opRMrEfAIiI

• Search Youtube on ‘What is your Password.. Jimmy Kimmel Live

Page 14: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Some examplesof the basic advice I give…

• Password Hygiene• Anti Malware / Internet Security Software• Firewall• Update and Migrate• Data Recovery (Backups)• Staff Awareness• Secure your website• Data Encryption• Managing User Accounts and Privileges• Cyber Liability Insurance

Page 15: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Did I mention privacy settings?

• Video Used is • https://www.youtube.com/watch?v=yrjT8m0hcKU

• Search Youtube on ‘How private is your personal information? Action Fraud’.

Page 16: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

What support is out there for the public and for business?

Page 17: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

ResourcesGet Safe Online (www.getsafeonline.org)

Page 18: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

ResourcesCyber Aware (www.cyberaware.gov.uk)

Page 19: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Resources

Cyber Essentials(www.cyberaware.gov.uk/cyberessentials)

Page 20: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Resources

WWW.NCSC.GOV.UK/CISP

CiSP is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.

Page 21: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Reporting…Cyber Crime is under reported…We encourage the reporting of Cyber Crime through the National Reporting mechanism….Online:- www.actionfraud.police.uk (24 hours)Telephone:- 0300 123 2040

Page 22: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Current Challenges

• Digital Crime Scene• New sources of evidence - OS, Servers, DBs• Digital threat and risk - encryption• Limited Capabilities in Digital Forensics - Cost & Scale• ACPO Guidelines & ISO standards• Challenge of outdated laws and rules - grey areas• Internet of Things – explosion of devices• International co-operation• Bulletproof Hosting/Regulation• Remote & Hidden Storage• Cryptocurrencies and confiscation• Attribution• Dark Web

Page 23: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Digital Crime Scene

Page 24: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Digital Currencies andthe challenge to Policing…

• 1BTC = £1335.00 (01/05/17) - was £465.05 in Aug 2016

Page 25: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Case Studies

Page 26: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Detective Sergeant Gary Sirrell

DS Martin Taylor

[email protected]

Twitter:- @ROCUWM

Page 27: Detective Sergeant Gary Sirrell Detective Sergeant Martin ... · Detective Sergeant Gary Sirrell Detective Sergeant Martin Taylor Rccu@west-midlands.pnn.police.uk Twitter:- @ROCUWM

Questions?