Last year, the UK dissolved the National High-Tech Crime Unit (NHTCU), the agency responsible for investigating computer crime. The unit was folded into the Serious Organised Crime Agency (SOCA), a new organisation that investigates fraud, drug trafficking and immigration-related crime. Critics charged that online crime would become a lower priority.
Law enforcement agencies prior to the formation of SOCA were "not achieving the kind of long-term impact on serious and organised crime... that's needed", said William Hughes, SOCA's director general, at the International e-Crime Congress in London on Tuesday.
The agency has a 94% conviction rate and made 684 arrests from April 2006 through February, mostly for drug trafficking but also including some e-crime, Hughes said. However, online banking fraud in the UK continues unabated. Online banking fraud losses in the UK rose to £33.5m in 2006, up from £23.2 million in 2005 and £12.2 million in 2004, according to the Association for Payment Clearing Services.
Sharon Lemon, a 30-year police veteran who headed the NHTCU, is now in charge of the e-crime unit within SOCA. She spoke on the sidelines of the e-crime conference on how the new unit has been running since becoming part of SOCA last year. What follows is an edited transcript of the interview:
IDG News Service: Given the growth in online crime, how do you prioritise cases?
Sharon Lemon: It's such a big area that we've had to really regroup and consider what our priorities are. To enable that, we need to be informed, so we've got a comprehensive knowledge base. We're not just randomly chasing people who happen to attract our attention. We've got a quite significant assessments team who assess the crime on the internet and assess the threat, look at the new approaches. As a result, we'll consider the best operation. So it's much more focused and thought through.
IDGNS: How significant is the amount of money lost as part of an incident?
Lemon: If you have a look at the combined effect of many, many low-level amount frauds, that's organised crime. By attacking some 300,000 people for a small amount, it's the same as one person losing £300,000. We look at emerging trends, what's happening on the criminal forums and then decide what's the best approach. It's not always traditional prosecution. We've got to look at different approaches. Traditional prosecutions always have a place, but they are very long and complex, and by the time we get to court, the cyber criminals have come up with something new. So we need to be as flexible and responsive as they are.
IDGNS: What types of online crimes has the unit focused its energy on?
Lemon: Most of our investigations have been around fraud, which I summarise as lying to get your money. A lot of traditional investigation techniques apply but just online. I think we get a bit intoxicated by the IT element of it. It's just normal crime. That's why we need our international partners, because with this type of crime it's not the person next door, it could be the person on the other end of the world.
IDGNS: Can you describe the backgrounds of investigators in the unit?
Lemon: We've got a really good mix. We've got traditional law enforcement and we have experienced technical people. We have people interested in the subject matter, a really diverse group. That's changed. Previously in the NHTCU, it was mostly law enforcement. We found that having people from different sectors has proved really effective, and we're hoping perhaps to do some industry exchanges and perhaps get some people from academia. That's our approach.
IDGNS: The UK recently amended its computer crime law and increased the penalties for some offences. Do you think that will have some deterrent effect?
Lemon: No, I don't think that really at the moment cyber criminals have got any real threat from law enforcement. I'm not proud to say that, but that's the way I feel.