CSI - Investigations

Crime. Hard crime, soft crime, eCrime or any crime. Are we too busy, too fearful or too apathetic to help the police tackle a growing threat to our lives?

I’ll give you an example. Last week, I visited the Hi-tech Crime Unit for a ‘Latte’ at their secret docklands headquarters overlooking the fading remains of the Millennium tent. During the meeting, I mentioned that very close to where I live, there’s a run-down house which always has its curtains closed. As a neighbour, I can’t help but watch the day and night comings and goings of Arabic-speaking North African men

What should I do I asked? This closed-curtain activity in a pleasant Wimbledon suburb could be entirely innocent and perhaps there’s good reason to have the curtains permanently closed but then again, who could I tell, other than the Police officers I was with, without feeling paranoid? What would you do?

This question of what one should and shouldn’t do in an increasingly worried society, leads me on to the question of high-tech crime, eCrime if you like. You may have read in CW360 that the Police are finding very little support in their prosecution of Simon Vallor, the Web designer who pleaded guilty to spreading the very unpleasant Gokar virus, which wreaked expensive havoc last year.

The problem of course, is that business in general, doesn’t yet consider eCrime as an experience which demands Police involvement or investigation. The last thing that most companies want is a blue and white Police cordon ‘sanitaire’ around the perimeter of their office building and the time consumed in collecting evidence and making statements to detectives.

And that’s where business is mistaken.

Several years ago, I had reason to call-in the Police when one of the User Groups I was moderating on a private Server, attracted an unpleasant visitor, who insisted in posting sexually offensive comment in the chat sessions. In a sympathetic and highly professional operation, which also involved BT, the source was tracked-back to one of the systems at Kensington Town Hall and while the person was actually on-line one-day, a Police car sped to the building. Sadly, the line dropped minutes after they arrived and the technology available at the time made it impossible to clearly identify the PC involved, even though we could link a user name to a department in the same building. However, the problem ceased from that day.

What I’m suggesting, is that one should notify the NHTCU if an e-incident causes significant business interruption or loss. There are two good reasons for this. The first is that statistically, it gives everyone a better idea of the size of the problem and secondly, because a handful of successful prosecutions may act as a deterrent. From my own experience, you shouldn’t expect a visit from uniformed officers wearing heavy boots and you should expect confidentiality and professionalism in line with the Police’s operational charter.

The Police aren’t able to defeat eCrime on their own. Like blackmail or extortion, eCrime of any kind, demands the cooperation of the victim. The alternative is a bleak future of constant patching and recovery and more and more of the IT budget being consumed in an endless attempt to protect the organization from nuisances who might, in different circumstance be vacationing on Her Majesty’s Pleasure.


Popular posts from this blog

The Nature of Nurture?

Civilisational Data Mining