ITsecurity
twitter facebook rss

Of paedophiles, cybercriminals and surveillance

Posted by on July 18, 2014.

The European cops have been busy this week. First the UK’s NCA announced the arrest of 660 suspected paedophiles (Wednesday); and then (Thursday) Europol announced the dismantling of a Romanian cybercrime network. I don’t want to make too much of it being the same week in which the UK government bulldozes through a new cyber surveillance law because that would be just too plain cynical – but if anyone hears of a terrorist plot being thwarted and a fraud/moneylaundering scheme being exposed, then that would make a full house of the cyber Horsemen of the Apocalypse usually used to justify new surveillance laws. Then you can be as cynical as you like.

In the meantime, we should perhaps just welcome these two big wins by the long strong arm of the law.

Paedophiles
CEOP announces it very simply:

An unprecedented six-month operation coordinated by the NCA and involving 45 police forces across England, Wales, Scotland and Northern Ireland has led to the arrest of 660 suspected paedophiles.

More than 400 children across the UK have been safeguarded.

It points to the NCA for more details.

The details released by the NCA are indeed alarming, but sparse. Britain is already engulfed in a wave of paedophiliac hysteria kicked off by the accusations against celebrity Jimmy Saville, and now dragging in his friends, associates and anybody who ever met him. The danger with hysteria is that it involves emotions rather than logic; and that can cause horrible consequences. Don’t get me wrong – child abuse is a detestable crime and perpetrators need to be removed from the streets. But this needs to be done from genuine evidence and not just emotions.

At this point I would strongly recommend that you read the article: Rolf Harris – Beyond Reasonable Doubt?

So what do we make of the arrest of 600+ suspected paedophiles including ‘doctors, teachers, scout leaders, care workers and former police officers’; and 400 children safeguarded? Apart from adding that 39 of the suspects are registered sex offenders, and that few have actually yet been charged, the rest of the announcement tells us nothing much.

It says it was a six month operation involving cooperation from the private sector, and that methods would not be disclosed so that the police can carry on using them. We do get clues, however. Johnny Gwynne, director at CEOP Command, commented,

Our strategic partnership with BAE Systems Applied Intelligence made a fundamental difference to the timescale of this operation. The support they gave us significantly reduced the time it took officers to identify the offenders from raw intelligence. Critically, this enabled us to reach those 431 children at risk much faster than we could have done on our own.

And Martin Sutherland, managing director of BAE Systems Applied Intelligence, added,

We managed and exploited the vast amount of data associated with the operation so that officers could act faster on the information they had, increasing the speed in which they could identify and safeguard the victims and arrest the offenders and also demonstrating how data analytics can be used to identify and prevent criminal activity… [to date, and free of charge, we] saved the National Crime Agency the equivalent of over 10 man years of effort.

So we actually know half the story: the 660 paedophiles were found courtesy of big data analytics on ‘a vast amount of data’. What we are not being told is how or by whom that vast amount of data was acquired. My guess is that paedophile websites were located by GCHQ, and then the IP addresses of those people visiting the sites were gathered by the ISPs, and the communications data handed to BAE to analyse. I suspect it had to be done over a period of time to exclude one-time only accidental or curious visitors.

We still don’t know how many personal computers have been seized for analysis, but the monitored metadata will indicate which IP addresses downloaded files.

What we absolutely do know is that the timing of the announcement serves two political purposes – it adds urgency and support to Cameron’s emergency DRIP law; and it takes public attention away from parliament (which the Home Office enquiry will undoubtedly show to contain past and possibly present suspected paedophiles) and redirects it towards ‘doctors, teachers, scout leaders, care workers and former police officers’. The timing could not have been better for Cameron.

Cybercriminals
The day after the NCA made its announcement, Europol declared that “an international organized cybercrime network, composed mostly of Romanian citizens, was successfully taken down in Romania and France with the support of the European Cybercrime Centre (EC3) at Europol.” A total of 115 individuals were interrogated and 65 detained after a series of raids involving around 450 police officers.

Europol explains that

Members of this criminal network were using malware – RAT (Remote Access Tool) with key logger functionality – to take over and gain access to computers used by money transfer services all over Europe (Austria, Belgium, Germany, Norway, UK).

It doesn’t tell us what the malware was, nor how the perpetrators were traced – but again it lends weight to the argument that increased surveillance powers will lead to increased security.

The UK – a surveillance state
Cameron introduced the DRIP bill with two main claims: that it was needed as an emergency, and that it maintains rather than increases the powers provided by the now illegal Data Retention Directive. Both of these are simple lies. He has provided no evidence that these powers are required right now rather than in a few months after adequate parliamentary scrutiny.

The need for urgency is twofold: to avoid proper democratic process, and to smuggle in a dramatic increase in the powers it gives the state. On the former, Privacy International comments:

In both process and substance, the Data Retention and Investigatory Powers Bill has been a stitch up from the start. The rushed nature with which the legislation was rammed through Parliament shows an utter disregard for the democratic process and the rule of law. In an effort to circumvent any genuine scrutiny of what is a dramatic expansion in the British surveillance state, DRIP was dubbed an emergency and its passage deprived of any adequate debate or amendments.

On the latter, it says,

…it expands spying powers that not only affect British citizens but the entire world. Under the Act, common internet services such as Google and Facebook can now be compelled to assist the British security services in achieving their surveillance aims, including by building backdoors into their own systems to allow for interception of communications.

The price we will all pay for the Cameronian view of security is the loss of our liberty.


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News, News_malware, News_politics, News_privacy, News_surveillance | Tags: , , , , ,