Browse

Agenda item

Cyber Crime

To receive a presentation from the Digital lnvestigations and Intelligence Unit, Wiltshire Police on Cybercrime.

 

Minutes:

At the Chairman’s invitation Lee Stipe and Kieran Hall of the Digital lnvestigations and Intelligence Unit, Wiltshire Police introduced themselves to the meeting. It was explained that the unit was fairly new, being established in 2018. They were part of a national network, dealing with cybercrime.

 

Cybercrime was an umbrella term for any crime involving computers. This was usually split into two categories:

·       Cyber Dependant Crime was ‘where a digital system was the target as well as the means of attack’. For example, malware, Distributed Denial of Service (DDOS) attacks and hacking.

·       Cyber Enabled Crime was defined as ‘existing crime transformed in scale or form by use of the internet’. For example, fraud or drug dealing. 

 

Both these types of crime cost the UK £1.8 billion last year and in Wiltshire alone the cost was £40 million. Cybercrime was the fastest growing type of criminal activity affecting businesses. This was why the unit took part in awareness events. Examples of crime the unit had encountered included passwords being compromised and phishing.

 

It was thought that cybercrime was increasing as it was attractive to criminals. For example, if a criminal was to rob a bank there would be planning and logistics involved and they had to physically be there to carry out the crime. They would be able to see the impact on their victims and it was high risk. To carry out cybercrime criminals did not even have to leave the house, it was far less risky and they would not see the impact on the victims.

 

The population of the UK was approximately 7.7 billion people in 2019. The number of connected devices was approximately 23 billion, equating to 3 per person. Any device connected to the internet could be hacked and people were reminded of the importance to keep software on devices up to date.   

 

People were urged to think about their digital footprint. A person’s digital footprint could be created passively, for example by buying items online and actively, for example by using social media. Friends and family could also contribute to a person’s digital footprint. Criminals could use this digital footprint to gather information about someone and use it to try to access their accounts. People should consider what information about themselves they share and should use privacy settings to protect their information.

 

It was explained that emails were used in over 80% of cybercrime. Often phishing was used as the initial vector. An example of a phishing email was an email that looked like it was from your bank, asking you to authenticate your account. These emails often look identical to an email from your bank and would use the banks logo. Signs to look out for to see if the email was a phishing email include the domain name. Check to see the email address the email was sent from. A phishing email will originate from a different domain to actual bank emails. Check the greeting to see if it is generic. Usually authentic bank emails would be personalised whereas a phishing email would not be. Check the spelling and grammar used in the email. Does the email try to create a sense of urgency or panic? For example, “We will suspend your account if you do not follow these instructions”. All these things can point to an email not being genuine. Do not click on links or open attachments in unsolicited emails. 

 

Passwords were one of the simplest ways to secure a device. Although many people used passwords that could be easily cracked. Criminals used software to run algorithms to work out what a person’s password was. The most commonly stolen passwords in 2018 were ‘123456’ and ‘password’. Never tell anyone your password and try not to use words that can be attributed to you. For example, your pets name, child’s name, first school et cetera. A strong password could be made up of three random words, where some of the letters were changed to numbers or symbols. Biometrics and two factor authentication were another method that could be used to make devices more secure. Password managers could also be used and were recommended. These generate a different, unique password for each account. Although the password used for the password manager should be very strong.  

 

There was a free website where you could check to see if your personal data had been compromised by data breeches. This could be found at https://haveibeenpwned.com/. The site owners trawl the dark web to see what personal information was available there and could advise whether your data has been breached. 

 

Always update your devices. Software updates usually fixed vulnerabilities that had been found. Anti-Virus software should also be kept up to date. One should also be wary when using removable media and only use trusted devices. When using websites people should be aware of the web address, sites that start with ‘https://’ are secure (as opposed to ‘http://’). These websites will run end to end encryption which means hackers cannot read it. People should also be careful when using public Wi-Fi as it is less secure. Either use a Virtual Private Network (VPN) when on public Wi-Fi or do not use your device for anything private. It was also a good idea to forget the network when you leave.

 

Backing up data was good practise. You can either back up to an external drive or to the cloud.

 

To report or get advice about fraud and cybercrime go to: https://www.actionfraud.police.uk/ or call 0300 123 2040.