Cyber criminals ‘should get tough sentences’ say UK police

Article posted in the BBC (www.bbc.co.uk) on 10th November 2011.

The head of Scotland Yard’s e-crime unit has made a veiled attack on judges over the sentencing of cyber criminals. Dept Supt Charlie McMurdie said e-crime cost the UK economy an estimated £2bn a year and was not “victimless”.

She said fraudsters and robbers get longer sentences than cyber criminals. Her comments come after the FBI busted an Estonian gang who infected four million computers in 100 countries with code redirecting users to online ads, allegedly making them $14m (£9m).

Secuirty firms hailed Operatio Ghost Click as the “biggest cyber criminal takedown in history.”

Dept Supt McMurdie said: “Sentencing is still an issue. Some of these people have made millions and if it was fraud or robbery they would get eight or 10 years but they get less because it’s cybercrime.”

She pointed to a number of successes in recent year, including Operation Lath and Operation Pagode, which had resulted in several people being convicted in British courts.

Compromised bankcards

Dept Supt McMurdie said Operation Pagode centred around a crimal “cyber supermarket” website where up to 8,000 people exchanged information about stolen credit cards, and bomb-making and drug-making kits.

She said it was “the largest English-speaking forum of its kind” and contained details of 130,000 compromised credit cards.

Operation Lath saw Ukrainian nationals Pavel Klikov, 29, and Yevhen Kulibaba 33, from Chingford, Essex, jailed for withdrawing an estimated £3m from victims’ bank accounts, having used Trojans to infect them.

But Det Supt McMurdie believes their sentences of four years and eight months did not reflect the severity of the crime.

“Sentencing powers are sufficient but it’s the appreciation of the harm these individuals are causing that is lacking,” she said.

“In total some of these cases involve £5m or £6m. People think there are no victims, no-one loses out because individuals get their money back from the banks. But it’s a loss to the UK economy and a gain for that criminal organisation.”

She said there was a “significant cyber threat around the Olympics” and said there was already a lot of fraud involving online ticketing but the picture was “constantly evolving”.

Det Supt McMurdie said the police nationally had been given an extra £650m from the government to fight cybercrime and her own team had grown from 20 officers to 104.

In January, three new regional e-crime units will be launched in north-west England, the East Midlands and Yorkshire/Humberside.

The Met’s e-crime unit is also involved in the ongoing investigation of internet activist groups like Anonymous and Lulzsec.

“Most of our activities have internation aspects,” she said.

‘Penetration testing’

Dept Supt McMurdie said she was aware of Operation Ghost Click and said her unit liaised with the FBI on an almost hourly basis.

“When the Americans get hit, it is inevitable that we will be hit too,” she said.

Det Supt McMurdie denied the police had employed ex-hackers to do “penetraion testing” on their own and other websites but added: “The people who test our infrastructure have the same skillset as hackers. You could call them hackers but they’re not.”

Asked if there was evidence “traditional criminals” were switching to cybercrime, she quipped: “There is no significant intelligence that old-fashioned ‘blaggers’ have become cyber hackers. They wouldn’t understand it. Nor have I evidence of old-fashioned gangsters commissioning cyber criminals.”

The Commissioner of the Metropolitan Police, Sir Bernard Hogan-Howe said many companies were spending millions of puonds protecting themselves from cybercrime and he encouraged them to share good practice.