Ten British MPS are calling on the UK.gov to make it easier for companies to report cybercrime to the relevant authorities. Members from a whole bunch of parties – two MPs from the Labour, Conservative and Lib Dem parties and one each from the DUP, SDLP, Plaid Cymru and one Independent – are backing the early day motion that …
"standard methods of reporting are proving ineffective"
<<<<<<< they certainly are.
Believe me, I've tried it too, and been treated with contempt by idiot officers from Avon and Somerset.
Yeah build an API
So that scripts can post a complaint everytime someone trys a port scan on. That'll learn them MPs for trying to talk the talk.
When I worked at NHTCU
They had direct web contact and phone lines, sadly SOCA killed it off and cut the workforce by 70% who were immediately snapped up by the banks and financial institutions to investigate in-house,. They called the remainder SOCA ecrime unit then withdrew the ability to contact them directly. Sad day for all apart from scammers, spammers, 419ers and ponzi schemers
annon due to the past
There, fixed it for you...
"...immediately snapped up by the banks and financial institutions to [share knowledge of how investigations are conducted, in order to find future work-arounds and loopholes]."
Simple reason - the Police don't understand computer crime
It's hard enough to get the plod to turn up to a burglary or assault.
Imagine their response to 'I think my computer has Stuxnet'!
It's not a failure of reporting mechanism (any idiot can dial 999) - it's a failure of the police to be able to record, prioritise and direct the crime solving to anyone in the Police who could help.
Couple that with the fact their Size11 boots poking around is likely to generate bad press, which is going to cost more in reputational loss than the original hack did, you can see why few people talk to the cops when they get hacked.
Something like this does need to be implemented.
I had dealings with one of those skiddy Anonymous types recently who decided to DDoS one of my sites. He didn't use any kind of anonymising techniques and bragged about it on his Twitter along with other sites he had taken down, even posting videos of him doing it. He even made videos of running SQL vulns and stealing data which was later verified by its rightful owner.
Loads of victims, identifiable pattern of behaviour. He even confessed as I said. I had all the evidence I needed to nail him for what happened to me, which was passed it over to the police for a big fat... nothing. Police didn't care, didn't want to know and did nothing about it. They still haven't and the guilty party still continues to do what he does, updating his Twitter with more skiddy nonsense. He had breached the best part of the old Computer Misuse Act and a fair chunk of the Police and Justice Act which I pointed out to the police, but nothing.
It seems that the Met e-crime unit don't answer to the public and rely on other UK forces referring cases to them, so it's not like Average Joe in Cardiff can go straight to Scotland Yard with this if his local force ignores him.
This sort of thing is becoming ever more common and there urgently needs to be a dedicated means of reporting it and a dedicated team dealing with it alongside the e-crime people in London. At least the basics, like investigating people who actually *confess* to these things, would be good.