Our war on the cyber menace
Russia attack echoes storyline
A TV thriller has shone a light on the unsung heroes of the war on cyber-crime.
Channel 4 hit The Undeclared War is about a team of analysts fighting a Russian cyber-attack on the UK.
And today, two of our real-life cyber-warriors reveal just how close to reality the gripping drama is.
Tim Court and Anna Smith say online crimes are getting more and more sophisticated – with hostile governments the biggest threat.
Election
And while the crooks cost UK businesses and taxpayers billions every year, lives are also at stake.
Tim and Anna both work on the front line at the 300-strong National Cyber Crime Unit, which is part of the National Crime Agency and often works closely with the National Cyber Security Centre.
In the year to August 2021 the NCSC tackled 777 incidents – up from 723 in the year before and 590 in 2017. Tim, who is head of operations at the NCCU, said: “The types of cyber-attack are getting more sophisticated now, more prolific and more complicated.
“Many come from Russianspeaking cyber-groups and while we may have intelligence that tells us who they are, they are protected by where they live. The big challenge for us is where does serious organised crime blend into proxies for hostile governments?”
In 2020, Tim’s team helped other agencies fight one of the biggest attacks so far – hitting US tech firm Solarwinds, the US government and 20,000 other global organisations. It was blamed on the Russian Foreign Intelligence Service, which has also tried to hack NATO members. Tim said: “It was the most sophisticated cyber-attack I’ve seen and one we supported other agencies with.”
The hack has echoes in The Undeclared War, a six-part drama about a Russian attack on the UK in the run-up to a general election. It stars Adrian Lester, Mark Rylance and Simon Pegg – plus Hannah Khalique-brown as a student intern who spots something in the hackers’ coding that can be used against them.
And that is not a far-fetched scenario, because Tim explains anyone in his team could do the same. “In those high-pressure environments anyone could be the one, not just to break the code but to find another way of fixing an incident to resolve the threat,” he said.
The most significant threat today is from ransomware – used by blackmailers to freeze a computer system until the victim pays up.
Tim, 42, said: “Using ransomware to undermine the UK and other economies for extortion is huge.
“These attacks are going on in the UK every day.
“It’s the cyber equivalent of a kidnap, but instead of a body being taken it’s a company’s most important data. At the same time, the criminals are encrypting all of a company’s networks. Once that
company is in a bit of a state, there is a demand for money. That is the most common threat now.”
The biggest strike so far was the Wannacry incident, which caused billions of pounds of damage in 150 nations in 2017.
Chaos
In the UK, the NHS was brought to a standstill for several days as thousands of appointments and operations were cancelled.
The chaos is believed to have cost the NHS £92million and it was blamed on North
Korea, with the FBI claiming statesponsored hackers were out to raise billions to bankroll despot Kim
Jong-un’s missile plans.
But as well as costing an estimated
£27billion annually in the UK alone, such attacks can kill. Tim said: “Gone are the days when we can just think about cybercrimes just having an impact on a computer.
“In one instance, a hospital was targeted in Dusseldorf in Germany. A malware brought down the hospital’s systems and a patient who needed emergency treatment had to be diverted to another hospital – then died.”
In 2020, his team worked to trace a Germany-based hacker who threatened to bomb hospitals, Black Lives Matters rallies and MPS. The criminal demanded to be paid £10million in Bitcoin to call off planned attacks. “There was a deadline where we thought an explosion may occur in a hospital,” said Tim. “You can glean from that the real-world impact.”
The hacker used encryption techniques to hide his identity but members of the NCCU were able to speak with him directly and traced him to Berlin.
In February last year the culprit – Italian Emil Apreda, 33 – was jailed for three years. The National Crime Agency also investigated what was then the biggest cyber-attack to date when a network of hackers slowed the internet. One member, south London teenager Seth Nolan-mcdonagh, got community service after allegedly netting £70,000 in the scam.
Another way of bringing down hackers is to hit their money launderers.
Senior NCCU manager Anna did this to dismantle a group targeting banks and other big businesses.
The operation lasted nearly three years and led to six arrests.
Targets
Anna, 41, said: “Because a lot of the individuals we are targeting come from Russia, there isn’t always a judicial outcome where an arrest can be made, so we looked at the money laundering network they needed to operate.
“This group had hacked into the accounts of thousands of organisations globally using malware to take millions of pounds from those companies, which was then channelled into criminal accounts. Big British businesses were among the targets.
“We worked with the FBI and Europol. Through intelligence, we identified a money laundering group they were using. Individuals were flying into the country and opening bank accounts that the criminal funds would be transferred to, so we used financial investigators to track them.
“What followed was a manhunt for seven members of the money laundering group. They were foreign nationals in the UK.
“No one in NCCU slept much that week. It was definitely the highlight of my career as well as being the most stressful week of my career, because of the highly charged nature of a manhunt where you’re trying to find individuals before they flee the country.
“No day is the same and that’s what I love about this job.”
Tim added: “It’s a high-pressure environment but we have, without a doubt, the top people in the country working to protect Britain, as do the National Cyber Security Centre.
“We are taking the fight to the criminals and keeping them on the back foot – and we’ll continue working internationally with other agencies to destroy their morale and capabilities.”
The Undeclared War is available to watch at channel4.com