Nearly every person in the country has been hacked and had their details sold on the dark web, Britain’s police lead on cyber crime revealed yesterday.
Chief Constable Peter Goodman issued the stark warning on rampant computer hacking as he urged firms to come clean to customers when their security has been compromised.
The Derbyshire chief revealed he has been personally targeted three times by thieves who stole his name, date of birth, address and email.
Mr Goodman, who leads the National Police Chiefs’ Council on cyber crime, said Russia is the worst culprit, bombarding the UK with ‘state-sponsored’ or ‘state-permitted’ criminal attacks on a daily basis.
Just days after the Prime Minister accused the Kremlin of cyber espionage and meddling in European election, the UK’s top policing experts on cyber crime said Russian groups were targeting not only our major infrastructure and financial institutions, but also small businesses like hairdressers and solicitors in its giant ‘fishing net’ for data.
Chief Constable Peter Goodman issued the stark warning on rampant computer hacking as he urged firms to come clean to customers when their security has been compromised
The daily attacks are costing Britain billions a year, but Mr Goodman admitted police have been slow to respond and victims face a ‘postcode lottery’ over whether crimes will be investigated.
Online fraud is now the most common crime in the country, with more than five and a half million cyber and fraud offences taking place each year, and nearly half of all UK businesses suffered a cyber breach or attack in the last year.
But there are only 100 police officers investigating across the UK and some forces will have to wait until 2019 for extra resources to tackle the problem.
Britain has been quite slow to pick up on this
Mr Goodman said police have previously only been able to go for ‘low-hanging fruit’, plumping for easy to solve crimes and not chasing the complex cases across borders.
‘Britain has been quite slow to pick up on this,’ he said.
‘It’s a patchwork quilt, it’s a postcode lottery for victims.’
The police chief told a media briefing: ‘I can almost guarantee that every single one of you around this table has had a data breach against you and that some of your personal data is held somewhere on the dark web and is being sold, traded – are you happy with that? And you probably don’t know about it.’
Asked if he believed that almost every person in Britain had been a victim of such a data breach, he said: ‘Yes.’
‘There are certain websites you can go to where you can do a search and find out if your data has been stolen,’ he added.
‘But unless you actively look for it, then you never get told.
‘Am I happy if, for example, my data was stolen in the TalkTalk breach and nobody ever told me? I have not had the chance to think if I’m happy with my security, do I need to change my password? Because I don’t know.’
The National Cyber Crime Unit and regional police units are working together to disrupt attacks and more than 200 people have been arrested in the last year including ‘medium to high ranking’ players in Russian and Eastern European networks.
Mr Goodman added: ‘We have Russians locked up but whether they are Russian state sponsored (attackers) is a moot point’.
Oliver Gower, head of the National Cyber Crime Unit, said Russian speaking nations were the biggest enemy and there were ‘increasingly blurred lines between state sponsored attacks and criminal activity.’
‘For several years we have reported that Russian speaking nations are the number one cyber-crime threat to the UK.
‘The available intelligence is there is a cross-over between state and criminal cyber actors,’ he said.
‘When we talk about Russian speaking countries and Eastern Europe we are seeing an overlap between state and criminal groups, there is clearly some sort of mutual beneficial arrangement.’
Mr Gower said Russia was looking to carry out surveillance, steal data and gain control of our major infrastructure for ‘leverage’ so they could turn off the lights and heating in our homes or tap into the financial sector.
In its massive ‘fishing net’ trawl for vulnerable networks, ordinary businesses and householders are being caught up and recently a UK radio station found that it couldn’t play any music after its network was compromised.
He said cyber attacks are no longer being perpetrated just by loners in their bedroom.
Computer hacking has now become a highly profitable big business with offices set up around the world for professional hackers who send out malicious software around the clock targeting vulnerable organisations, corporations and individuals with outdated software and poor security.
This year the ‘WannaCry’ cyber attack on the NHS led to thousands of operations and appointments being cancelled.
Mr Goodman said it shouldn’t be up to customers to pay extra for better security
Mr Gower also warned the scale of fraud from stolen bank details was now so vast that banks will soon have to stop refunding affected customers because they can no longer tolerate the losses.
Yesterday police called for mandatory security on internet-enabled consumer goods such as televisions, fridges and even kettles so it isn’t so easy for hackers to spy on us in our homes.
Mr Goodman said it shouldn’t be up to customers to pay extra for better security, anything internet-enabled should have proper safeguards to stop organised criminals stealing your data and demanding a hefty ransom for it.
The increasing threat comes as the range of internet connected products available has exploded in recent years, providing an opportunity for hackers as many items such as laptop cameras, kettles and fridges are sold with standard passwords set by the manufacturer.
The technology needed to hack a network can be found with a simple google search and bought for as little as £30.
But the scale of the problem is under reported, as some victims might not feel it significant or fear their business will suffer reputational damage.