Cyber criminals 'should get tough sentences' say police

  • Published
Yevhen Kulibaba
Image caption,

Last week Yevhen Kulibaba was jailed for his part in a £3m cyber fraud

The head of Scotland Yard's e-crime unit has made a veiled attack on judges over the sentencing of cyber criminals.

Det Supt Charlie McMurdie said e-crime cost the UK economy an estimated £27bn a year and was not "victimless".

She said fraudsters and robbers get longer sentences than cyber criminals.

Her comments come after the FBI busted an Estonian gang who infected four million computers in 100 countries with code redirecting users to online ads, allegedly making them $14m (£9m).

Security firms hailed Operation Ghost Click as the "biggest cyber criminal takedown in history".

Det Supt McMurdie said: "Sentencing is still an issue. Some of these people have made millions and if it was fraud or robbery they would get eight or 10 years but they get less because it's cyber crime."

She pointed to a number of successes in recent years, including Operation Lath and Operation Pagode, which had resulted in several people being convicted in British courts.

Compromised bankcards

Det Supt McMurdie said Operation Pagode centred around a criminal "cyber supermarket" website where up to 8,000 people exchanged information about stolen credit cards, and bomb-making and drug-making kits.

She said it was "the largest English-speaking forum of its kind" and contained details of 130,000 compromised credit cards.

Operation Lath saw Ukrainian nationals Pavel Klikov, 29, and Yevhen Kulibaba, 33, from Chingford, Essex, jailed for withdrawing an estimated £3m from victims' bank accounts, having used Trojans to infect them.

But Det Supt McMurdie believes their sentences of four years and eight months did not reflect the severity of the crime.

"Sentencing powers are sufficient but it's the appreciation of the harm these individuals are causing that is lacking," she said.

"In total some of these cases involve £5m or £6m. People think there are no victims, no-one loses out because individuals get their money back from the banks. But it's a loss to the UK economy and a gain for that criminal organisation."

She said there was a "significant cyber threat around the Olympics" and said there was already a lot of fraud involving online ticketing but the picture was "constantly evolving".

Det Supt McMurdie said the police nationally had been given an extra £650m from the government to fight cyber crime and her own team had grown from 20 officers to 104.

In January, three new regional e-crime units will be launched in north-west England, the East Midlands and Yorkshire/Humberside.

The Met's e-crime unit is also involved in the ongoing investigation of internet activist groups like Anonymous and LulzSec.

"Most of our activities have international aspects," she said.

'Penetration testing'

Det Supt McMurdie said she was aware of Operation Ghost Click and said her unit liaised with the FBI on an almost hourly basis.

"When the Americans get hit, it is inevitable that we will be hit too," she said.

Det Supt McMurdie denied the police had employed ex-hackers to do "penetration testing" on their own and other websites but added: "The people who test our infrastructure have the same skillset as hackers. You could call them hackers but they're not."

Asked if there was evidence "traditional criminals" were switching to cyber crime, she quipped: "There is no significant intelligence that old-fashioned 'blaggers' have become cyber hackers. They wouldn't understand it. Nor have I evidence of old-fashioned gangsters commissioning cyber criminals."

The Commissioner of the Metropolitan Police, Sir Bernard Hogan-Howe said many companies were spending millions of pounds protecting themselves from cyber crime and he encouraged them to share good practice.

Related internet links

The BBC is not responsible for the content of external sites.