West Midlands Police
response to
Cybercrime:
Local, Regional and
National capabilities
DCI Iain Donnelly
Cybercrime?
What do we mean by Cybercrime??
West Midlands Police must support victims
impacted by a very wide range of criminal
activities
Different crime-types require different
responses!
What do we mean by Cybercrime?
Cyber dependent: Crimes against computers
E.g Remotely accessing or taking control of one or more
computers to carry out a range of illegal activities
Cyber enabled: Crimes which have been made
possible because of computers
E.g Online fraud, data theft, extortion/sextortion, online
child abuse/grooming
What do we mean by Cybercrime?
Cyber attack: a collection of activities undertaken
via computers and computer networks in order to steal
money, information or damage property.
This may also include “social engineering” activities to
deceive or trick someone into disclosing useful
information which then facilitates a technical attack on
systems.
West Midlands Police: The local response
Force CID Investigation teams
• Economic Crime Unit - responsible for financial investigation
across the force, including packages received from Action Fraud in London.
These will be assessed against Home Office guidelines for severity and victim
impact and further investigated.
• Serious and Organised Crime Unit (SOCU) – responsible for conducting covert
investigations into the most serious crime, including demand led kidnap, extortion,
product contamination.
• FCID Priorities Team – responsible for conducting dynamic investigations into
complex crime series that are likely to have a cross-border impact.
• Local Investigation teams – Criminal investigation teams across each of the 10
Local Policing Units (LPUs) to investigate volume offences.
West Midlands Police: The local response
Public Protection Unit Investigation teams
Child Abuse Investigation Teams
Investigate allegations of child abuse, including online
offences conducted via the internet
On-line Child Sexual Exploitation Team (OCSET)
Specialist investigators identifying and prosecuting sexual
predators and those who make or distribute child abuse
imagery. (Working in partnership with NCA/CEOP)
West Midlands Police: The local response
Digital media investigators – 59 detectives trained and equipped to
examine most forms of electronic devices to quickly extract evidence and
intelligence
Digital forensics – Technical forensic specialists who will extract evidence
from every type of electronic/SMART device
Technical Intelligence Development Unit (TIDU) – Specialist technical
investigators conducting covert online investigations
Communications Data Intelligence Unit – trained and accredited to
facilitate lawful acquisition of communications data and effective co-operation
between West Midlands Police and communication service providers
Open source investigations – 400 staff trained to obtain
Intelligence and evidence from the publicly available information on the Internet
The West Midlands Regional response
Regional Organised Crime Unit (ROCU)
• Each region has a ROCU with various capabilities
• In support of the NCA and local forces each ROCU
has a Cyber Crime Unit
• West Midlands = 1 x DI, 2 x DS (Operational), DS
(Protect) 8 x DC’s
• 4 parts – Investigation/Enforcement, Intelligence,
Technical, Protect & Prevent
The National Cybercrime response
National (NCA) Cybercrime Unit
• Spread over hubs covering the UK
• Support through Region to Local
forces
• International investigations &
liaison
• Close industry and academia links
National 4P’s approach
 Pursue offenders who target the region / wider UK
and its interests
 Prevent people becoming involved in, or remaining in,
cyber crime
 Protect the public / organisations from becoming
victims of cyber crime
 Prepare for the consequences when cyber
incidents occur
West Midlands Police advice to business
1.Prevention is always better than cure – see next section
2.Business Continuity Planning - What are your ‘crown jewels’ that need
most protection. Have a plan for the most critical parts of the business that need
to be protected/restored first. What does ‘recovery’ look like and how you they
achieve it. Who will you turn to for assistance?
3. A live attack- In general terms it will not be the police’s responsibility to stop or
mitigate most live attacks. Address this with their BC plans through IT support
and service providers, however if it is something like an extortion demand then
the police should be included as early as possible to maximise the opportunity to
identify a suspect.
4. DDOS/Malware/Crypto locker attacks– work with your IT department to
mitigate the immediate threat and refer to Action Fraud immediately. They will
assess the most appropriate police response.
Prevention: What can you do to protect yourself?
}
Excellent HM Govt resources for everyone
NCA/CEOP advice to young people, parents,
carers and teachers
Prevention: What can you do to protect yourself?
GCHQ/CESG advice to business
HM Govt approved certification
(From £300 to £2000)
HM Govt Computer
Emergency Response Team
HM Govt Cyber-security Information
Sharing Partnership
(West Midlands launch on 11th
February at JLR)
Non-emergencies: 101
Emergency: 999
Website: http://www.west-midlands.police.uk/
Twitter: www.twitter.com/wmpolice
Facebook: www.facebook.com/westmidlandspolice
YouTube: www.youtube.com/westmidlandspolice
Flickr: www.flickr.com/westmidlandspolice
Action Fraud 0300 123 2040
www.actionfraud.police.uk