Police call in security experts to boost “patchy” knowledge
Police e-crime officers have been sent on a McAfee crash course in cyber security threats aimed at bringing them up to speed on a range of tools needed to fight crime.
Officers from the Police Central eCrime Unit (PCeU) and the Serious Organised Crime Agency (SOCA) are being put through their paces in a series of courses designed to improve “patchy” skills in malware investigation and computer forensics.
I think there were a lot of eureka moments
According to McAfee, the courses were designed to help the technically “new to the scene” as well as more computer literate officers and in both cases were much needed.
“I think there were a lot of eureka moments, with the officers realising ‘Hey this is relevant to something I’m working on’,” said Greg Day, director of security strategy for McAfee.
“The problem is that many police experts in this field haven’t come to it from being an IT security expert,” he said. “They have been involved in cases involving cybercrime and have had to learn on the job, so really they have quite good knowledge in areas, but it is patchy. They might be strong in one area, but these courses aim to give them a broader understanding.”
The courses concentrate on two main areas – malware and forensics – with officers given instruction and hands-on time with a variety of tools aimed at spotting and identifying when a crime was taking place.
The courses are designed to help officers get the heads around the basic structures behind some of the main malware attacks, Day said, “because if you get the ideas through then most new attacks are just reconceptualisations of the same themes”.
The officers are also being shown how to use a range of software packages – apparently not all from McAfee – that should enable them to recognise what is happening during an attack.
“Most attacks at the moment involve compromising a machine and then communicating information back to a host,” said Day. “So officers need to be able to do network capture and understand what’s going on between the two computers.
“But it’s like looking for a needle in a haystack to be able to see the relevant traffic going backwards and forwards among all the other information going in and out.”
Gray also said he had sympathy with the officers, whose “remit is very broad, while areas like malware is very specialist”.