Cybercriminals will almost never be caught
New figures reveal woeful clear-up rate for cybercrimes, despite huge investment
New figures reveal a woeful clear-up rate for cybercrimes, despite huge investment.
THE UK POLICE almost never pursue a prosecution for cybercrime, according to figures that show a decline in the number of people prosecuted under the Computer Misuse Act.
According to official figures from 2017, the latest available, only 47 people were prosecuted for computer misuse crimes, down 18% on 2016’s 57 prosecutions and 61 in 2015.
Despite increased funding as part of a £1.9 billion plan to improve cybercrime policing, companies working with victims say they rarely see any action from investigations – even if the police think their cases are worth the effort.
“Prosecutions do seem to be going down, albeit from a proportionate point of view of not very many to less than not very many,” said Richard Breavington of law firm RPC legal, which advises businesses that have suffered online attacks.
“It’s a mismatch because the vast, vast bulk of cyber incidents that we come across never lead to a prosecution and there’s no real likelihood that they ever will.”
Murky statistics
The imbalance between the level of computer crime and the number of cases resolved has been a problem for several years, with the National Audit Office last year calling for greater attention to cybercrime attacks such as online fraud.
Official figures have been hard to pin down because not all incidents are recorded and many offences would not be prosecuted under the Computer Misuse Act – for example, traffic interception falls under the Regulation of Investigatory Powers Act 2000.
Nevertheless, the Computer Misuse Act is used for prosecutions relating to distributed denial-ofservice (DDoS) attacks, malware and hacks, which are the starting point for many online frauds.
According to the Office of National Statistics, there were 1.2 million incidents of computer misuse in the UK in the year to March 2018, on top of online fraud cases numbering up to 3.2 million. However, few of those see much more than a cursory investigation, as noted by watchdogs from the National Audit Office (NAO).
“For too long, as a low-value but high-volume crime, online fraud has been overlooked by government, law enforcement and industry,” the NAO said last summer in a stinging report on tackling cybercrime.
“The true cost of online fraud is unknown, but is likely to be billions of pounds,” the NAO lamented. “The estimate was that individuals lost around £10 billion and the private sector around £144 billion to fraud in 2016.”
The situation means that companies can no longer really rely on the police to control cybercrime and must increasingly look to in-house
teams for protection and the growing cyber insurance industry for recompense when things go wrong.
“Police forces are doing their best with the resources they have but the scale of the problem means businesses cannot necessarily rely on the police to really help them when there is a cybercrime,” said Breavington.
Jurisdiction jeopardy
What is increasingly apparent is how many cases are simply not followed up because they’re too difficult or have no prospect of leading to conviction – particularly if the criminals are based overseas.
“When either the victims or perpetrators or evidence (especially if it’s a platform) was outside of the UK, one of two things happened,” explained Carl Miller, who recently published a book looking at the social disruption in the digital age called The Death of the Gods: The New Global Power Grab, which includes multiple interviews with frontline cybercrime officers.
“Either it was traced to a cooperative jurisdiction where we might have something called a ‘mutual legal assistance treaty’ and then it just slowed the investigation down and made it more expensive,” he said. “Or, if it went to a noncooperative jurisdiction [and] it just killed the investigation.”
Miller said the impression he got from officers was that they were fighting a losing battle on many fronts and that it was simply impossible to make an arrest if the crime was perpetrated from Russia, for example. “My impression from many interviews and on-the-ground experience is that we’re living through the worst crisis of law enforcement in the history of modern policing,” he said.
Police chiefs, meanwhile, have called on other areas of government, as well as web giants such as Facebook, to work more closely together or risk losing the battle.
“I can’t be optimistic until I see us working across government departments – from the Ministry of Justice to the Department for Communities and the Home Office,” the UK’s leading cyber officer Stephen Kavanagh told Miller.
“This is not just a law enforcement problem, this is a social problem.”
We’re living through the worst crisis in law enforcement in the history of modern policing