WMP Cyber Crime presentation
Transcript of WMP Cyber Crime presentation
West Midlands Police response to Cybercrime:
Local, Regional and National capabilities
DCI Iain Donnelly
Cybercrime?
What do we mean by Cybercrime??
West Midlands Police must support victims impacted by a very wide range of criminal
activities
Different crime-types require different responses!
What do we mean by Cybercrime?
Cyber dependent: Crimes against computers
E.g Remotely accessing or taking control of one or more computers to carry out a range of illegal activities
Cyber enabled: Crimes which have been made possible because of computers
E.g Online fraud, data theft, extortion/sextortion, online child abuse/grooming
Cyber attack: a collection of activities undertaken via computers and computer networks in order to steal money, information or damage property.
This may also include “social engineering” activities to deceive or trick someone into disclosing useful information which then facilitates a technical attack on systems.
What do we mean by Cybercrime?
West Midlands Police: The local response Force CID Investigation teams
• Economic Crime Unit - responsible for financial investigation across the force, including packages received from Action Fraud in London. These will be assessed against Home Office guidelines for severity and victim impact and further investigated.
• Serious and Organised Crime Unit (SOCU) – responsible for conducting covertinvestigations into the most serious crime, including demand led kidnap, extortion, product contamination.
• FCID Priorities Team – responsible for conducting dynamic investigations into complex crime series that are likely to have a cross-border impact.
• Local Investigation teams – Criminal investigation teams across each of the 10Local Policing Units (LPUs) to investigate volume offences.
Public Protection Unit Investigation teams
Child Abuse Investigation TeamsInvestigate allegations of child abuse, including online offences conducted via the internet
On-line Child Sexual Exploitation Team (OCSET)Specialist investigators identifying and prosecuting sexual predators and those who make or distribute child abuse imagery. (Working in partnership with NCA/CEOP)
West Midlands Police: The local response
Digital media investigators – 59 detectives trained and equipped toexamine most forms of electronic devices to quickly extract evidence and intelligence
Digital forensics – Technical forensic specialists who will extract evidence from every type of electronic/SMART device
Technical Intelligence Development Unit (TIDU) – Specialist technical investigators conducting covert online investigations
Communications Data Intelligence Unit – trained and accredited to facilitate lawful acquisition of communications data and effective co-operation between West Midlands Police and communication service providers
Open source investigations – 400 staff trained to obtain Intelligence and evidence from the publicly available information on the Internet
West Midlands Police: The local response
The West Midlands Regional response
Regional Organised Crime Unit (ROCU)
• Each region has a ROCU with various capabilities• In support of the NCA and local forces each ROCU
has a Cyber Crime Unit• West Midlands = 1 x DI, 2 x DS (Operational), DS
(Protect) 8 x DC’s• 4 parts – Investigation/Enforcement, Intelligence,
Technical, Protect & Prevent
National (NCA) Cybercrime Unit
• Spread over hubs covering the UK• Support through Region to Local
forces• International investigations &
liaison• Close industry and academia links
The National Cybercrime response
Pursue offenders who target the region / wider UK and its interests
Prevent people becoming involved in, or remaining in, cyber crime
Protect the public / organisations from becoming victims of cyber crime Prepare for the consequences when cyber
incidents occur
National 4P’s approach
West Midlands Police advice to business1.Prevention is always better than cure – see next section
2.Business Continuity Planning - What are your ‘crown jewels’ that need most protection. Have a plan for the most critical parts of the business that need to be protected/restored first. What does ‘recovery’ look like and how you they achieve it. Who will you turn to for assistance?
3. A live attack- In general terms it will not be the police’s responsibility to stop or mitigate most live attacks. Address this with their BC plans through IT support and service providers, however if it is something like an extortion demand then the police should be included as early as possible to maximise the opportunity to identify a suspect.
4. DDOS/Malware/Crypto locker attacks– work with your IT department to mitigate the immediate threat and refer to Action Fraud immediately. They will assess the most appropriate police response.
Prevention: What can you do to protect yourself?
Excellent HM Govt resources for everyone}NCA/CEOP advice to young people, parents,carers and teachers
HM Govt Cyber-security Information Sharing Partnership
(West Midlands launch on 11th February at JLR)
HM Govt Computer Emergency Response Team
GCHQ/CESG advice to business
HM Govt approved certification (From £300 to £2000)
Prevention: What can you do to protect yourself?
Website: http://www.west-midlands.police.uk/Twitter: www.twitter.com/wmpoliceFacebook: www.facebook.com/westmidlandspoliceYouTube: www.youtube.com/westmidlandspoliceFlickr: www.flickr.com/westmidlandspolice
Non-emergencies: 101Emergency: 999
Action Fraud 0300 123 2040
www.actionfraud.police.uk