The National Crime Agency(NCA) has delivered its annual assessment of serious and organised (SOC) crime threats to the UK. This is the fifth time it has published this report and it shows the breadth of the problem the NCA faces. The data has come from a variety of law enforcement and other sources including the National Cyber Security Centre (NCSC).
At 58 pages, this is not a quick read. It contains 298 numbered paragraphs covering key judgements, the assessment of each threat, some successes that different agencies are having and a forward look about the scope of the threat to the UK.
The Director General of the NCA, Lynne Owens CBE QPM MA, admits that there has been a growth in the volume and complexity of the threats over the last year. Owens highlights six key areas from the report:
- the non-geographic locus of many threats;
- the emergence of the dark web as an enabler;
- a revised focus on illicit financial flows;
- the overlaps between the threat areas;
- the impact of technology; and
- a rapidly changing picture in some areas.
Owens goes on the say that: “This requires us to think differently about how we build capability in response and one of the purposes of this assessment is to inform that necessary strategic refocus. “
The solution is a multi-agency National Economic Crime Centre (NECC) hosted by the NCA. Interestingly, this includes bringing the private sector into the mix. The NCSC and those involved in cyber security have been doing this for years. Widening the role for those organisations may well challenge some of the traditionalists inside law enforcement. However, given the central role that technology plays across SOC, cooperation with private organisations is essential.
How many SOCs are there in the UK?
The number of Organised Crime Groups (OCGs) in the UK will shock many people. The report says there are 4,629 active groups that had been mapped by the end of 2017. One of the challenges of mapping OCGs is the way they recruit. The traditional socio-economic recruitment policy is still the major route along with family connections to a OCG. The changing fortunes of individuals is also leading to membership of OCGs as they take advantage of skills and financial needs. Individuals also tend to move between OCGs creating challenges in mapping the membership of groups.
Two professional groups in demand are accountants and solicitors. They are being drawn into OCGs due to the need to launder money and create legal entities to hide behind. This groups is also in demand from OCGs based overseas. The report calls out Nigeria, Russia and Pakistan for money laundering through the UK. They do much of this through illegal companies and the purchase of high value assets such property and art.
What are the key NCA groups for SOC and OSGs?
This report groups crime into three key pillars and a cross-cutting threat enablers group. Each one includes a number of SOC areas. These are:
- Vulnerabilities: Child Sexual Exploitation & Abuse (CSEA), Organised Immigration Crime (OIC) and Modern Slavery & Human Trafficking (MSHT)
- Prosperity: Money Laundering, Fraud & Other Economic Crime, Cyber Crime and Bribery, International Corruption & Sanctions Evasion.
- Commodities: Firearms and Drugs.
- Cross-Cutting Threat Enablers: Vulnerabilities at the UK Border, Use of technology in SOC, Prisons & Repeat Offenders, Corruption within the UK.
The threat from Cyber Crime
The threat afforded by cyber crime gets four pages. It covers many of the topics that the NCSC has written about in the last few months from Phishing to DDoS, Ransomware to other malware, botnets to social engineering. It also includes a brief paragraph on money services such as cryptomining malware.
The success of WannaCry is inevitably one of the key judgements. However, the reaction of the security industry and other groups to mitigate ransomware has had some impact. This is not, unfortunately, reflected in this report.
What is interesting is the statement: “Cyber crime groups, many of which operate internationally and are Russian-speaking, continue to pose a threat to UK interests.”
The evidence from independent cyber security organisations is that while there are a lot of Russian backed cyber groups, there are just as many, if not more, for whom Russian is not their language of choice. China, North Korea, Iran and Syria have a number of well established government backed cyber crime groups.
The use of intelligence sharing and marketplaces where data, malware and attacks techniques are traded is called out. At present, it is hard to see how the NCA even with the NCSC are having any significant impact on these groups.
One area of success for the NCA has been its prevent programme. This aims to identify teenagers at risk and get to them before they graduate to more complex crime. The NCA has been working with non-governmental agencies to get this group engaged in cyber security as a career. It is having some success but doesn’t talk much about it which seems strange.
Encryption and the Dark Web
No report into criminal use of technology would be complete without mention of encryption an the Dark Web. Both are seen as critical enabling technologies that are difficult to overcome. The report stops short of repeating previous calls from the Home Office for backdoors into encrypted systems. It does, however say: “While encrypted communications platforms are legitimate products welcomed by consumers and privacy advocates, they will increasingly erode law enforcement’s capability to detect and deter criminal activity.”
Popular myth has the Dark Web as this mystical nexus of hidden criminality. The report dispels this by pointing out that access to the Dark Web requires little knowledge. Its main use is as a criminal facilitator through online marketplaces. These are no different to other criminal marketplaces, just more secure and easier to operate in anonymously.
There has been a series of global operations that have shut Dark Web marketplaces. In addition the UK has earmarked money specifically to tackle its threat. Despite this, the NCA sees activity on the increase. This is a surprise. There has been a marked shift away from the Dark Web to other services such as heavily encrypted messaging systems. These are much harder to penetrate and industry experts report a significant growth in their use.
What does this mean
First of all what this doesn’t mean is that we are reaching the end of days as OCGs continue to grow. It also does not mean that all the technologies used by OCGs should be banned. As with weapon systems, many technologies can be classed as dual use. Encryption and anonymising services such as VPNs are examples. There are good reasons for people to use encryption for their communications and to protect their Internet access using VPNs.
However, the strength of the encryption is what worries the NCA. It is also concerned that there is no way to gain access to the encryption keys as vendors increasingly put that control in the hands of the users.
What is important is that this report is a frank view of where SOC and OCGs are impacting society. The formation of a new cross-agency group to counter this sounds good. However, the history of such groups in being successful is not good. Many start well enough but are soon outmanoeuvred as infighting between agencies occurs. If the NCA can prevent this then good for them. However, this is a wait and see moment.
Perhaps the most important piece of this report is the decision to engage with agencies outside of traditional law enforcement. The cyber security industry has proven how well this approach can work. It has provided global resources and skills that law enforcement does not have. It will be interesting to see how this model is extended by the NECC and who they work with.
SOC and OCGs are on the increase and the threats to everyone are up. However, this needs to be kept in perspective and when read in its entirety this report manages to do that.