In a rare glimpse into the scope of its active surveillance operations, the UK's National Crime Agency (NCA), also dubbed the 'British FBI', has outlined some examples of the computer hacking and snooping techniques it uses to help catch crooks involved in everything from financial cybercrime to sextortion schemes.
The hacking – or 'equipment interference' as it's called by UK intelligence – disclosures were published this month in a joint submission to the UK Parliament by the NCA, HM Revenue & Customs and the National Police Chiefs Council as part of the ongoing scrutiny of the Investigatory Powers Bill. The controversial law, branded a Snoopers' Charter by critics, includes proposals that seek to enhance the surveillance powers open to the UK government, police and intelligence agencies while legitimising some of the tactics exposed by Edward Snowden in 2013.
Targeted hacking ops
The evidence lists two examples of hacking operations orchestrated by the NCA, alongside joint statements on everything from 'lawful communications interception' to the collection of internet records. One example explains how the crime agency used 'targeted' hacking to help dismantle an advanced cybercrime organisation that was involved in infecting computers with financial Trojans to steal money from victim's accounts.
"The criminal network [was] sophisticated in its operations, including using encrypted means of communication to avoid detection," the NCA wrote.
"An equipment interference technique was deployed to capture the keystrokes of members of the criminal network. This provided information that would not have been obtained through any other conventional means. The deployment of this equipment interference technique provided insights into the activities of the individuals, thereby informing the investigative strategy."
In another example, the NCA explained how it used hacking to bring down an organised cyber-gang that installed persistent malware onto devices with the aim of harvesting banking details. "By way of advanced equipment interference techniques, the NCA was able to infiltrate the organised crime group," it revealed. "This provided the NCA with vital information as to how the criminal network operated and also enabled the NCA to view/identify stolen data. By sharing this information with partners and engaging with relevant third party organisations, the NCA was able to mitigate the threat and protect potential victims."
As reported by Motherboard, while the agency did not disclose any information that directly named the gangs or cybercriminals apprehended as part of these operations, it is highly likely one is referencing the takedown of the Dridex campaign which was undertaken alongside security firm Trend Micro in October last year.
Enhanced internet snooping
One of the new powers the Investigatory Powers Bill seeks to bring into UK law is the retention of so-called 'internet connection records' (ICRs). In its latest submission, the joint collective echoes the sentiment of FBI director James Comey – who has long complained that technology is increasingly hampering his agency's ability to catch criminals.
"Without access to ICRs the intelligence that can be gathered from CD [communications data] will continue to decline and law enforcement will be unable to keep pace with criminal use of communications," states the written evidence. "The use of CD and therefore ICRs for lower levels of crime or volume crime is key to investigating cases of harassment, grooming, sextortion, anti-social behaviour, theft, domestic abuse and stalking. These crimes are often precursors to serious crimes but do not, themselves, meet the serious crime definition in the Bill." It added: "In such cases, and others, ICRs may often be the only investigative lead."
The assertion that the government needs enhanced surveillance powers has been disputed by many privacy advocacy groups, academics and even some politicians. Paul Bernal, a lecturer specialising in IT and media law at the University of East Anglia Law School, was one person called before the UK Parliament to give evidence in the scrutiny sessions. In an analysis of ICRs published on his website, Bernal wrote: "We should not underplay the importance of internet connection records. They matter a great deal – and gathering them is a major step in surveillance."