ISPs: UK Police Need to “Up Their Game” on Following Cybercrime Leads

Law enforcement bodies in the UK "need to up their game" when taking leads on cybercrime from internet service providers (ISPs), according to the Internet Service Providers Association (ISPA), which published a report this week.

The report comes as the country's National Crime Agency (NCA) is trying to get more intelligence from ISPs, and as the controversial Investigatory Powers Bill, which will force ISPs to store all citizens' browsing data, heads toward becoming law.

The report surveyed ISPA members, including Aol, Gigaclear, and BSkyB. Out of the 83 percent of ISPA members who said they had reported a cyberattack to the authorities, 50 percent said the reports were occasionally followed up on, while 30 percent claimed that there was no interest or follow up. Twenty percent said that their complaints are "usually followed up and investigated."

James Blessing, chair of the ISPA, thinks there is one main reason why law enforcement aren't reliably following up on leads.

"Resources. Pure and simple," he told Motherboard in a phone call.

ISPs face all sorts of attacks, such as DDoS attacks or hacks of individual customers, Blessing explained. Some of these might be daily, others might occur even more frequently.

An ISP typically might not report every attack, and instead only complain about more serious things, such as a compromised server on its network. When that happens, it is the ISP that has the information that law enforcement needs.

"The next step in the investigation would be somebody in the [law enforcement] technical team turning up and saying, 'What log files have you got, what information have you got for me, what information do you have available that can help me investigate this crime?' And, silence," Blessing said.

According to its website, the ISPA includes over 130 members. The report neither names the ISPs that responded to its survey nor states how many replied in total. "Those that responded are more likely to have an active interest in cyber security and so there is likely to be a degree of self-selection," the report notes.

The ISPA report placed an emphasis on law enforcement training, with 83 percent of respondents asking for it to be prioritised.

A spokesperson for the NCA told Motherboard in an email that, "Our National Cyber Crime Unit works closely with ISPs in responding to cyber attacks and proactively targeting the most significant cyber crime threats to the UK. Our recent Cyber Crime Assessment stated that there is more that law enforcement, government and industry including ISPs need to do collectively to reduce vulnerabilities and prevent crime."

The City of London Police, which handles the Action Fraud anti-cybercrime project—and which the NCA referred Motherboard to—did not provide comment in time for publication.

In July, Motherboard reported that the NCA was seeking a wide range of additional intelligence from ISPs, such as IP addresses, subscriber information, and internet usage data, but ISPs complained that exactly what they wanted to collect had been left largely open-ended. As more crime is carried out online, ISPs and law enforcement may need to work together more closely.

Want more Motherboard in your life? Then sign up for our newsletter.