Thousands of cyber crime reports ‘stuck in computer backlog over security risks'
Thousands of reports of cyber crime were quarantined on a police database instead of being investigated because software designed to protect the computer system branded them a “security risk”.
The backlog at one point stretched to around 9,000 reports of cyber crime and fraud, with some of the cases dating back to October last year.
The reports had been made to Action Fraud and handed to the National Fraud Intelligence Bureau (NFIB), run by the City of London Police.
They were added to a database called Know Fraud where they are processed, assessed and distributed among investigators.
The problem was revealed on Thursday in the findings of an inspection by police watchdog Her Majesty’s Inspectorate of Constabulary and Fire and Rescue Services (HMICFRS) on how forces were responding to cyber-dependent crime.
Inspector of constabulary Matt Parr said: “They have a problem in that they have got a backlog of crimes that they have been unable to pass out due to software problems.”
He said there had been a problem in the “processing and distribution” of the crimes to forces and the computer systems were “not talking to each other”.
The crime reports had “gone to a central hub for processing and gone no further”, he added.
In April around 9,000 reports were affected but this had reduced to about 6,500 by July, HMICFRS was told.
The problem occurred as part of a system update which resulted in the “removal or disabling of some rules causing a high number of reports to be rejected”, the force said.
A small number of “lower priority cases”, such as those with incorrect or missing details, caught in the backlog may date back to October 2018.
Now 500 cases are waiting to be released from quarantine, a force spokeswoman added.
The software used screen reports to identify security risks and places any in quarantine which could have a “potentially significant threat to the security of the database” in order for them to be manually checked before being released.
The types of risks it searches for are those used by hackers to bypass security measures and attack databases, systems and websites like viruses and other malware.
This is to protect against reports submitted by members of the public which have been sent from unknowingly infected computers, as well as to root out malicious attempts to infiltrate the database.
But the very nature of the crime reports could have caused them to be quarantined because they may have unintentionally contained sequences of words and symbols which act as markers for the software to warn of a possible security risk, the force added.
It was told it must “with immediate effect” explain to the Home Office how it proposed to tackle the problem and stop it from happening again.
A City of London Police spokeswoman said it was working with its supplier IBM to “review the security protocols” which caused the problem, adding: “Reports which are a security risk will continue to be quarantined, but are actively monitored, for example to ensure that reports from vulnerable victims are prioritised and acted on.”
A Government spokesman said Home Office officials would work with the force “to ensure the recommendations are carefully considered.”
HMICFRS looked at how all police forces as well as some national bodies dealt with cyber-dependent crimes.
These are offences that can only be carried out with the use of a computer or similar devices – like sending out viruses, infecting systems with spyware, targeting social media and emails or compromising companies with ransomware, such as the cyber attack on the UK’s biggest providers of forensic services Eurofins earlier this year.
Overall, inspectors found the police approach to such crimes to be generally good but “inconsistent”, raising concerns about the number of cases which were closed with no action taken and no suspect identified.
The current police structure used to decide which teams investigated the crimes needed to change, the body said.