Arrests and searches have taken place across the UK in a coordinated international law enforcement operation targeting people suspected of using cyber tools to get around anti-virus computer protection.
At the heart of the investigation is a platform used by malware developers before they launch cyber attacks to test samples for their ability to evade popular off the shelf anti-virus software.
Data shared with international partners by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) triggered investigations across Europe.
In the UK, the NCA used the data to identify individuals who had uploaded and tested malware, and passed their details to cyber crime specialists in the Regional Organised Crime Units ROCUs)for action.
Four arrests were carried out between 5 and 9 June 2017 at addresses in Wales, Yorkshire and Humber, South Eastern and Eastern Regions.
Alongside the arrests, officers conducted 31 ‘cease and desist’ visits to young people who are first time offenders, or on the fringes of offending, and may not realise the damage malware can cause.
Senior investigating officer David Cox, from the NCA’s National Cyber Crime Unit, said: “Regional Organised Crime Units across the UK have taken swift effective action against those who attempt to use malicious software, and have also played a vital part in deterring young offenders from committing cyber crimes in the future.
“I think a lot of people who put anti-virus protection on their computers would be astonished that there is a whole industry dedicated to trying to get around that protection. It’s why keeping antivirus software up to date is so important.
“Malware that has been tested through Counter Anti-Virus platforms poses a significant criminal threat to the UK, as demonstrated by the recent WannaCry attack. Law enforcement is working collaboratively and proactively to prevent and mitigate further attacks. Denying criminals the ability to test their malware before deploying it can severely disrupt their success and their profit margins.
“The response to this kind of threat is a global one, and the NCA is part of an international network which attacks not only the cyber criminals themselves but the services they provide for each other.”
All ROCUs took part in this activity – Tarian (South Wales), NERSOU (North East), Titan (North West), MPCCU (London), ERSOU (Eastern), SEROCU (South East), West Midlands, (EMSOU) East Midlands, Zephyr (South West) and ODYSSEY (Yorkshire & Humber), plus PSNI and Police Scotland.
Four people have been released under investigation in order for further enquiries to be undertaken.
The South West Regional Cyber Crime Unit - including local assistance from Avon and Somerset, Dorset, Devon and Cornwall, Gloucestershire and Wiltshire police forces - conducted executive action through formal visits and intelligence interviews with seven subjects in the following locations: Avon and Somerset (one); Gloucestershire (two); Dorset (two); Devon and Cornwall (two).
DI Ed Heath of the SWRCCU said: “The partnership and action demonstrated between the regional and force units in the South West, has led to the identification and formal warning of seven individuals who had purchased a tool to counter anti-virus products. The intelligence obtained from these visits will strengthen and develop opportunities for ongoing engagement with these individuals with regard to prevent and protect developments in the future."