Online Crime is Real Crime – Part 1

@rfdevere Blog

When we look at online crime, we think of it as a problem that is impossible to solve. We’ve mostly just accepted the defeat. If only we could do something we cry, “if only the challenge wasn’t so big and we so small”. It’s pathetic really. We’ve become a nation of people accepting of drug dealers, cyber-criminals, fraudsters and paedophiles.

It wasn’t always like this. Slowly but consistently the online crimes were added to the pile like some backwards Sorities paradox. That little link back there explains how the gradual addition/subtraction of something can escape attention. When exactly did this pile turn into the global dumpster fire it is today?! When did we stop seeing online crime as real crime and start chucking it on the ever-growing heap?

The sorites paradox: If a heap is reduced by a single grain at a time, at what exact point does it cease to be considered a heap?

 

Online Crime Changes Real People

Sooner enough, like most of societies issues, they are pushed to the feet of the Police. The frontline adjudicators of what is worthy of Police attention and what isn’t. We (the majority of UK taxpayers) want them (the Police) to do something about crime. Quickly you can fall into the gammon mindset that repeating this phrase will enact meaningful change. It won’t.

I used to be one of those people. Growing up where I did gave me an inherent distrust of them. Police would come on a Friday night and stop us having ‘fun’ in our little Shameless style gatherings, they even arrested me when I was 13 for messing about on a building site with a mate… and cautioned me later on in my adolescent years for growing a plant. The Police were seen as the enemy and bothering with us seemed like a great injustice.

As you grow older, you realise life is all about perspective and the lens you choose to look at life through can change dramatically and quickly.

Ten years ago, almost to the month, my own perspective of policing and the world changed when an ex-family member was outed as a paedophile.

I remember the surreal moment a Police family liaison officer was stood in our family home helping us understand, explaining about IP addresses and logs and digital forensics. With their support, we rebuilt our family from the damage that was caused by this online crime and we did what we could to help secure a prosecution with the CPS. They say you know your calling in life when you see it and in the empty days following I couldn’t stop admiring how they were able to detect, stop and uncover this man who was living a secret life invisible to us all. Not to be a bootlicker but they became my heroes.

 

What would you do?

From that week forward I vowed to myself, I would stop chasing money as a plumbing mechanical engineer and help them by taking my existing IT knowledge to the next level. I obsessively self-studied computing into the night, working backwards through Professor Messer and Security Tube to my goal of being an officer for the NCA or helping forensics teams. This wasn’t a fluffy Open University course, it was a 3-year mental breakdown where the only thing that made me happy and let me sleep was learning about information security, the internet and tech.

I started an online computer repair shop to build experience and fund the days spent learning on the internet like a crazy person. Laptop repairs, broken screens, hard drive backup/replacement, fixing viruses gave me hands-on experience. Learning became harder as I forked into niche areas of interest, F.R.O.S.T, TOR, amnesic Linux distributions, Mobile filesystems, Networking etc

To take learning to the next level, I knew I needed to work for a company and learn from clever people already embedded in the industry. After some searching, I rocked up at an interview with a reputable company. No certificates but aptitude and a ton of disjointed knowledge. After some debate with the boss, I got the job. Over the following years I continued with on the job training, the depth and scale of the global issue with cyber crime was made clearer the more I learnt. It wasn’t just my personal issue that needed fixing, it was every demographic of web user out there. The online crime was affecting us all in so many different ways.

After a company acquisition, I chose to resign because I needed to have more impact, to make changes which I couldn’t as an employee.

 

So, online crimes

When you look at the majority of online crimes, or cyber dependant crimes reported to the Police, you can quickly see that financially motivated crimes are in the lead. It made sense to me to focus on Social Engineering, the bulk of these low-level crimes that burden the Police. If we could start a business to scale up our impact, we could help them reduce these figures and free up resources for Police to go and get the real criminals. So that’s what we did and on December 24th 2014, The AntiSocial Engineer Limited was founded.

I’ve thought about this blog for ages and just not felt I could write it until I got to the point where I had something to be proud about. Every win along the way you feel it isn’t quite time yet. You become aware that ego is the enemy and talking about why you do what you do isn’t as important as talking about password security.

When you get an award from the MET Police you still think you have more to do. When you report 100 issues to different organisations you tell yourself you can do more. The same for writing 100 blogs or advising on key issues that can affect the country. Nothing feels enough until the day Police have the resources and skills needed to shine a light on these people in our society. The whole journey has driven me to madness and back.

It’s not healthy, so you have to look at some of the positives too.

The online training we now provide shares the security topics I have learnt along the way with masses of people, the classroom-based training we provide is on the NPCC curriculum, we now train Police officers on Social Engineering techniques and defences via our partnership with QA. Household names meet with us to discuss pen tests and simulations of physical access to their data centres. We’ve done something.

It may be modest in comparison to the NCC Group and the giants, but I have done my bit and I can sleep better now.

Cyber:Recoded, a 2018 event aimed at encouraging young people into the security industry.

 

Solved Online Crime?

It would be great to end it on a positive and pat ourselves on the back. The perfect ending for the story about one small northern security company that made its mark on online crime and saved us all from the tragedy of going through the ordeal. But that isn’t the case, is it?!

There is a darker issue with online crime, we haven’t solved anything. I want to go back to the very same feeling that has fuelled me for ten years. I want to help the Police tackle these issues so they can do more and it may be rather critical of the current system.

Now we have devoted so much time to help the Police, are they helping themselves? Part 2 of this blog will look at the ways Policing needs to improve in order to get a grip on the growing issue of online crime. Don’t worry, it will be a lighter read than this!