Major international effort needed to fight criminal gangs using 'hackers for hire', says anti-cybercrime boss

Organised gangs worldwide turn to the same cyber criminals in their quest to steal identities, information and cash

Jamie Merrill
Sunday 07 June 2015 07:51 BST
The National Cyber Crime Unit (NCCU) has revealed that some hackers are offering “cybercrime as a service”, and have created a marketplace where gangs can bid for targets to be attacked
The National Cyber Crime Unit (NCCU) has revealed that some hackers are offering “cybercrime as a service”, and have created a marketplace where gangs can bid for targets to be attacked (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A major international effort is needed to defeat cybercrime and disrupt the criminal gangs who are using “hackers for hire” to hit sensitive financial and government targets, the UK’s anti-cybercrime boss has warned.

Andy Archibald, the head of the UK’s National Cyber Crime Unit (NCCU), said that a “small number” of hackers were offering “cybercrime as a service”, and had created a marketplace where gangs could bid for targets to be attacked.

His warning comes after it emerged last week that Chinese hackers are suspected of carrying out a “massive breach” of the personal data of nearly 4 million US government workers. On 5 June, US officials were scrambling to gauge the extent of the data breach at the Office of Personnel Management, amid suggestions it was one of the largest known thefts of US government records.

Mr Archibald called for the NCCU to work with more international police forces and the private sector to prevent cybercrime and to track down those responsible, adding it was impossible to “arrest your way out of cybercrime”.

Mr Archibald said that the majority of sophisticated cyber attacks were financially motivated and “principally against” the financial services sector. Last night security experts speculated that the US records had been targeted to allow suspected Chinese hackers to build a vast database of federal employees in what could be preparation for future attacks against the US. China has called the allegations “counter-productive” and irresponsible.

Last week, speaking at a conference called InfoSecurity Europe in London, alongside Mr Archibald, the information security expert Professor Alan Woodward suggested as few as 100 or 200 cyber criminals might be responsible for the majority of advanced cybercrime.

Criminal gangs use a relatively small number of hackers in their global attack on the financial sector
Criminal gangs use a relatively small number of hackers in their global attack on the financial sector (Reuters)

Mr Archibald said he could “not put a number on the size of the threat”, but agreed that a small number of hackers were writing damaging software for sale to gangs of criminals and said there was a “viable route” to “take them out”.

He said: “The point I’d make is that the approach for dealing with cybercrime has to be quite sophisticated. Traditional crime happens inside your state’s jurisdiction. That’s no longer the case, and we need to work collectively to meet this new threat, and that includes working closely with the private sector. We need an international response.”

The NCCU already has strong links with the FBI and Europol, and Mr Archibald is quick to point to the success of a co-ordinated day of action in March against cyber criminals, aided by forensic information provided by the FBI. On the day, 56 suspects UK-wide were arrested on suspicion of offences ranging from network intrusion and data theft to cyber-enabled fraud and denial of service attacks on multinational companies and government agency websites.

Elsewhere, though, the NCCU faced criticism for quietly forging relationships with its counterparts in China, despite private firms reporting high levels of state-sponsored cyber espionage originating from the country.

Last year Mr Archibald, who was previously head of operations at Special Branch, went to China as part of a “relationship building” exercise. Critics say that British cyber investigators, who maintain “24/7 contact points” with Beijing, are at odds with the US which takes a hard line with China over allegations of criminal hacking of US firms.

Mr Archibald, who was speaking to the IoS before the recent hack of US data became public, said: “We deal with a range of countries and we want to deal with like-minded countries … where we can have confidence that intelligence we share will be treated appropriately.”

Last night the NCCU refused to be drawn on its relationship with Chinese cyber security agencies.

The body is less tight-lipped, however, over suggestions that the police should be given broader powers for mass surveillance and to intercept encrypted messages.

“We do not want mass surveillance powers … we are not interested in those who are not involved in criminality. We want the surveillance to be as directed and as focused as it can,” said Mr Archibald. “We just want the ability to target those involved in serious criminality.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in