Tech by VICE

UK Crime Agency Seeks Whatever Intel It Can Get From Internet Service Providers

“They don't know what they want, but they want more data."

by Joseph Cox
Jul 8 2016, 5:50pm

Image: Shutterstock

The UK's National Crime Agency (NCA) is seeking a wide range of intelligence from internet service providers to combat cybercrime, but exactly what they want to collect has been left largely open-ended.

"They don't know what they want, but they want more data," James Blessing, chair of the UK Internet Service Providers Association (ISPA), told Motherboard in a phone call. "At the minute, they want more data, and they're asking nicely."

On Thursday at the ISPA Cyber Security Summit, Ben Russell, strategy manager at the NCA's National Cyber Crime Unit, laid out different ways internet service providers could help the agency. These included sharing information on vulnerabilities and so-called "upstream intelligence." A spokesperson from the NCA told Motherboard this could include subscriber information, IP addresses, and internet usage data, and could also encompass any other information "that would help law enforcement identify and disrupt the criminals responsible."

Russell said in an email that, "The NCA seeks to partner with businesses, many of whom may have information that could help to catch these criminals and stop crime. This may include indicators of compromise when there has been an attack, or threat information which may be collected in the course of business."

Blessing from the ISPA said, "The idea is to get to the point where they can tell who the bad actor is, and then go get warrants."

The calls for greater collaboration between law enforcement and ISPs follow the publication of the NCA's Cyber Crime Assessment earlier this week. That report said that, "Cyber criminals targeting the UK include international serious organised crime groups as well as smaller-scale, mostly domestic, criminals and hacktivists."

Last year, the NCA was part of a group of law enforcement bodies and private industry companies that disrupted the Dridex banking trojan, which according to its estimates stole £20 million pounds from victims.

But Blessing said the NCA hadn't actually made it clear what it was after now. He explained that the NCA already receives intelligence from ISPs, and that it was not always apparent to ISPs if the information they provided was useful, due to a lack of feedback.

According to Blessing, the NCA's new call for intelligence is voluntary but lacks specific details. "There's no plan," he said.

"When people actually come to us with a good, well-thought-out plan that's not going to give away everybody's privacy at the same time, there's much more we can do," he added.