BEDFORDSHIRE POLICE CYBER HUB ABOUT THE CYBER HUB
BEDFORDSHIRE POLICE CYBER HUB
ABOUT THE CYBER HUB Set up in June 2015 to provide a dedicated response to the growing threat of Cyber Crime to individuals and businesses across Bedfordshire, and to support colleagues across the force area. Comprises of three teams: Bedfordshire Police Cyber Hub i. Cait CCIT DFIT (Internet Child Abuse Investigation Team) (Cyber Crime Investigation Team) (Digital Forensic Investigation Team)
WHAT DO WE DO? Investigation of Cyber Crime offences Typical investigations taken on by the Cyber Crime Investigation Team include: DDOS (Distributed Denial of service) attacks Ransomware Spearphishing Mandate Fraud Providing Strategy and support to colleagues Open Source research Obtaining Digital evidence during execution of warrants Scene visits Phone Forensics
TYPICAL SCENE VISIT Identification and prioritisation of devices Preservation and capture of volatile data and “live” machines Router examination to identify networked devices Forensic triage of devices Forensic examination of mobile devices Hard drive Imaging
CASE STUDY - OVERVIEW Attack on Corporate IT infrastructure of an SME in Bedfordshire Key company and customer data deleted from server Corporate intranet deleted External company websites taken offline by DDOS attacks Theft and Fraud offences uncovered as part of wider investigation Total financial losses in the region of £ 80 k
CASE STUDY – WHAT DID WE DO? Obtained relevant evidence and statements from company which had suffered the attack Obtained server event and Teamviewer logs which showed who had logged into the server upon which data had been deleted Obtaining third party data using relevant legislation to locate IP addresses Executed warrant at suspects address resulting the seizure of a number of digital exhibits Conducted examination of exhibits, leading to the identification of evidence which supported prosecution case
CASE STUDY – LEARNING POINTS Only one person in charge of IT systems, admin and Infrastructure No data backup of key corporate and client data No backup of Intranet meant this could never be restored, and a new one had to be created costing in excess of £ 10 k Delay in reporting via Action Fraud. If data loss could be time critical inform the Cyber Hub directly
CONTACT Danny Howett Bedfordshire Police Cyber Hub Office Phone: 01234 275019 email: danny. howett@bedfordshire. pnn. police. uk or find me online at www. twitter. com/dannyhowett www. dannyhowett. co. uk
THANK YOU
- Slides: 9