Sunday, June 14, 2009

Money Laundering $1 at a time - a win for the UK's PCeU

In London a little-known police unit called the Police Central E-Crime Unit (PCeU) has scored another big win. For several years people have been seeing tracks they didn't remember purchasing showing up on their credit card statements. In England they referred to this as "51 pence fraud", and explained that buying a track was a way that the criminals were using to test stolen Credit Cards to see whether the card was valid. The theory was that if the card was valid, the criminals would then move on to bigger and better purchase, or they would sell it as a "proven" card.

The PCeU found that there was actually something else going on. Working with the FBI, they arrested three women and seven men between the ages of 19 and 46 for buying their own music on iTunes and Amazon.com. The group of DJ's recorded at least 19 tracks and sold them via distribution company Tunecore, who marketed the tracks through the two online giants. They then used more than 1500 stolen credit cards to buy their own music repeatedly. As the creators of the music, their $750,000 (£469,000) in purchases earned them $300,000 in profits!

The investigation, which was launched in February of this year, culminated in simultaneous arrests, conducted on June 10th by more than 60 officers in London, Birmingham, Wolverhampton, and Kent, were used to round up the first nine members, and a tenth member was arrested later, according to the Times Online.

The PCeU certainly has a great sounding set of goals:

# Analysis and development of intelligence on e-crime to produce actionable operational products, in collaboration with other agencies.

# Intelligence-led disruption of e-crime.

# Development and maintenance of a collaborative network of police, government and industry partners on e-crime.

# Exchange of information and intelligence concerning e-crime with principal stakeholders, including government departments, industry partners, academia, and the charitable sector.

# Provision of education and preventative advice about e-crime to industry and the public.

# Promotion of standards for training, procedure and response to e-crime.

# Co-ordination of research on emerging e-crime threats and vulnerabilities (in collaboration with industry partners, government agencies and academia) and provision of advice on this to all stakeholders.

Some will think that sounds like the old National Hi-Tech Crime Unit, which was moved back in April of 2006 to the Serious Organised Crime Agency (SOCA). A controversy began brewing in early 2008 as various parties began calling for the creation of a new cybercrime unit, claiming that SOCA was devoting less than 2% of its staff and less than 1% of its budget to fighting e-crime.". The Tories began a public shaming attack trying to raise the £1.3m that was needed to get the unit started up. Not all covert law enforcement activities end up as line items in government reports, and SOCA was forced to come to its own defense in the press, revealing some of its operations, including the fact that a 58 person staff was focused "almost exclusively on cybercrime", while 140 liaison officers work worldwide on international matters, including cybercrime coordination with five other major western countries.

The money was approved, and now, with the PCeU officially online, SOCA's 2009-2010 plan reveals that technology enabled crime and fiscal fraud will continue to be a small part of its overall operations -- about 5% according to p. 12 of their Annual Plan, but as with so many other parts of crime, more and more computerization is occurring. Can we really say that the "Criminal finances and profits" portion of SOCA's 12% dedicated to "Criminals and their businesses" is not going to include a great deal of cybercrime?

ZD Net.UK calls Detective Superintendent Charlie McMurdie "one of the architects of the Police Central e-Crime Unit". McMurdie envisioned a "National Fraud Reporting Centre", which sounds very similar to the US's Internet Crime and Complaint Center - a place where the public could report the frauds they have experienced to a central law enforcement body. Questions have been raised in the British press if their government is serious about fighting cybercrime in articles such as: Can £7m dent £105bn cyber crime menace?, which admits they will not have the budget to be able to do centralized reporting of e-crime as was originally intended, especially with that £7m being spread over 3 years. McMurdie replies that with a limited budget, her unit will only be successful with great cooperation from industry, especially of their expertise. In that way PCeU may be more similar to some of the successful FBI public-private partnerships, such as the National Cyber Forensics Training Alliance, recently praised by President Obama's Cybersecurity review, where industry experts gather to share their expertise with Federal law enforcement, or the InfraGard program, where more than 28,000 citizens who work in security and infrastructure companies share their knowledge with their peers in government. McMurdie's push was described back in October in the Silicon.com article "Do you have what it takes to be an e-caped crusader?"

If someone from the PCeU's Partnership Development Team wants to chat, feel free to reach out.

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.