Governance & Risk Management

Spies Join UK Online Crime Fight

Britain Launches Joint Law Enforcement, Intelligence Operations
Spies Join UK Online Crime Fight

Although the new U.K. Joint Operations Cell, which debuted Nov. 6, will initially focus on combating online child sexual exploitation, some security experts say the program might later expand to combat all forms of cybercrime.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

But some privacy experts have questioned the wisdom of combining law enforcement and intelligence agency operations, and they've called on the government to explain how related evidence will be used in court.

Government officials say the initiative will bring together officers from the National Crime Agency - the country's national law enforcement agency - and the U.K. intelligence agency known as GCHQ, for Government Communications Headquarters.

The initiative is designed, in part, to combat the growing use of counter-surveillance technology, such as the anonymizing Tor browser, as well as public-facing servers and websites that are designed to obscure their IP addresses, in what's often referred to as the "Deep Web" or "Dark Web."

"The Joint Operations Cell will increase our ability to identify and stop serious criminals, as well as those involved in child sexual exploitation and abuse online," says GCHQ Director Robert Hannigan. "This is a challenging task as we must detect them while they attempt to hide in the mass of data. We are committed to ensuring no part of the Internet, including the Dark Web, can be used with impunity by criminals to conduct their illegal acts."

The planned launch of the Joint Operations Cell was first announced in December 2014 by British Prime Minister David Cameron. It also follows multiple NCA operations that have drawn on GCHQ assistance, such as the October disruption of the Dridex banking malware, which has been tied to $40 million in losses worldwide (see Dridex Malware Campaign Disrupted).

"The explosion in online communication channels has brought huge benefits for society. It has also significantly expanded the means by which criminals can share information, plan crimes including the sexual exploitation of children, and target victims," says NCA Director General Keith Bristow.

The recently released draft Investigatory Powers Bill highlighted GCHQ's ability to track criminal networks, says University of Surrey computer science professor Alan Woodward, who says he welcomes the move to have the two agencies work more closely together.

"Despite the headlines to the contrary, GCHQ has a remit which includes tackling serious crime, so this is a natural step," he says of the Joint Operations Cell. "GCHQ has been a center of excellence in the skills needed to tackle the cyber aspects of crime for a long time, and so it makes sense for them to team more closely with the 'national' crime agency."

Big Brother Questions

But the move has prompted some privacy and civil liberties experts to question the impact of a crime-fighting agency joining forces with an intelligence agency that has been authorized to eavesdrop on telephone calls and email messages. British privacy rights campaigner Eric King has called on the government to explain how the agencies will share information and what privacy protections and oversight mechanisms it will have in place.

Indeed, any information sharing might not be limited to just British agencies. Already, GCHQ shares some intelligence with its U.S. equivalent, the National Security Agency (see Ruling: GCHQ-NSA Data Sharing Illegal). The NCA, meanwhile, also collaborates with its U.S. equivalent, which is the FBI (see How Do We Catch Cybercrime Kingpins?).

The operational security expert who goes by the name The Grugq has questioned how evidence supplied by GCHQ might be used in court cases and expressed concern about what related protection defendants will be given. "Will accused criminals be able to challenge evidence gathered by GCHQ? Will they even know about it?" he says via Twitter.

Cooperation Lauded

But the NCA is also already subject to legal oversights - some of which are now up for debate, via the draft Investigatory Powers Bill - and "there are very few countries where such technical capabilities are subject to quite so many different people and groups overseeing those operations," says Woodward, who's also a cybersecurity adviser to the association of European police agencies known as Europol. He adds that the NCA "will only be able to operate with GCHQ with those legal constraints."

GCHQ's Hannigan also argues that to combat the increasing sophistication, impact and diversity of online attacks, the country's law enforcement and intelligence agencies must work more closely together. In a Nov. 10 speech in London, he also pointed to multiple operational success stories involving GCHQ working with both the NCA and the FBI. "Together we have disrupted the operations of some of the most dangerous global cybercriminal networks operating today," he said.

What's Next?

Woodward says that combating online child exploitation is an increasing challenge for police. "The perpetrators have proven themselves to be very adept at working in sophisticated networks and exploiting the latest technology to maintain anonymity," he says. "It is not surprising that the NCA want to apply any extra capability that GCHQ have to catching these criminals. However, I suspect this may be a proving exercise, and if the model proves successful we'll see it extended to focus on other types of serious, organized crime where cyber is a significant element."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.