December 2020 ~ ‘White-hats’ matter!
Covid-19 is not the only pandemic we are enduring. Cyberfraud is escalating at just as an alarming rate; not least because lockdowns have brought so many more people to rely on the web for their day-to-day shopping. But whereas a vaccination has been produced in record time, proving that where there’s a will . . . etc . . . . protection against online fraud remains stuck in the last century. When will our policymakers wake up to this stark fact?
Organised crime groups engage sophisticated operators who attack and defraud both major corporations and their customers. In addition to those fraud offences, the crooks are systematically breaching data protection and computer misuse legislation. Ironically, these are the very laws which provide the perfect shield for fraudsters who know too well that ‘hack-backs’ or ‘ethical hacking’ remain a ‘no-go’ area for the good guys.
In the UK, the Computer Misuse Act was rushed through some 30 years ago. It was a knee-jerk law. [Who remembers the dog’s dinner of the first Dangerous Dogs Act, which was passed during the same parliament?] The lawmakers were again focused on penalties for offenders whilst completely ignoring how it would be policed. The Act refers only to ‘unauthorised access’ to computers. There is no ‘lawful authority or reasonable excuse’ provision for individuals or institutions to protect themselves, as there is in so many of our other laws. In effect, they created a situation where fighting fire with fire was extinguished at source!
In those heady days of the nineties, we still naturally and reasonably expected law enforcement agencies to actually investigate crime, so we might be forgiven for imagining that the police, for example, might be considered ‘authorised’ under the Act. But that’s history and we are all too aware these days, that for the boys in blue to investigate fraud will be a very rare exception as opposed to the rule.
Here at IPFGB, we continue to use the more traditional methods to investigate these ‘bad actors,’ regularly employing imaginative tactics to trap them and put them out of business; albeit temporarily. Were we able to lawfully turn the tables on them by hacking into their systems, we would provide protection for our clients and the public at large and deliver evidence to the law enforcement agency in the relevant country upon which they could take punitive action.
It’s not just the UK which tends to breed impulsive legislators. The US, which is undoubtedly the most fraud-targeted country in the world, has ‘protective’ laws which similarly thwart the sentries and give succour to the criminals. The ‘liberalisation’ lobbies there have gained the upper hand; the public clearly not realising, or caring, that with every restriction which is placed on policing provides yet more protection for the offender; making each individual more susceptible to becoming the next victim.
A number of well-meaning groups have vociferously called for a change in the law to allow the ‘good actors’ to use methods to track down the ‘threat actors.’ Should we be surprised that there’s been zero progress on this front in the UK? A Bill on this issue was proposed in the US, but it is unlikely to be passed any time soon. So, with a similar head-in-the-sand attitude pertaining in the UK, I’m afraid my ‘white hat’ continues to gather dust on the hat-rack.
Dick Smith QPM
November 2020 ~ To pay or not to pay ~ that it the question!
Ransomware continues to be a growing problem and may potentially be one of the biggest threats to Western companies making a positive recovery from the effects of Covid19. With increasing success, cyber criminals are quietly extorting millions out of the commercial world and each triumph provides the impetus to move on to the next new victim. I say ‘quietly’, because companies will naturally shy away from admitting firstly, that they have been hacked and secondly, that vast amounts of shareholders’ money have been handed over to crooks; sometimes without even recovering the precious data.
Attacks on businesses in 2019 increased an estimated 500%. Bigger targets; bigger ransoms.
Against the advice of practically every law enforcement agency in the world, ransomware victims continue to pay up. This summer, it is reported that three American institutions, University of California, travel management company CWT, and Garmin Ltd, paid a total of nearly $16m for recovery of their files.
However, when all 22,000 computers at Norse Hydro, an aluminium producer with 170 global sites, were hit in an overnight attack, management bravely decided not to pay the demand. The company’s 35,000 employees were forced to resort to pen and paper to keep going. The financial cost of refusal was £45m in the first five weeks. A short BBC report explains how they coped. As the CEO of Norse says, “I think in general it’s a very bad idea to pay . . . it fuels an industry . . . it’s probably financing other sorts of crime.”
I am indebted to our friend, Ron Alvarez, from IP PI in New York, for flagging up that the US Treasury now intends to place sanctions on companies that pay hackers operating from countries like Iran, North Korea, and Syria. Certain ‘cyber investigation and security’ companies and insurance institutions, who have been making hay out of negotiating with hackers on behalf of multi-nationals, may soon find themselves suffering punitive reaction.
October 2020 ~ Reforms at CoHo on the way
Fraud is the most commonly experienced crime in the UK, admits the National Crime Agency, and costs the country many billions of pounds every year.
In response, HM Government has announced that Companies House will be reformed in an effort to clamp down on fraud and money laundering. In future, directors whose identity has not been verified may not be appointed. Powers will be introduced to give CoHo the opportunity to question and investigate applicants and remove false information.
“Investigating on behalf of fraud victims, we regularly discover blatantly obvious sham documents amongst CoHo records,” said Dick Smith. “Since directors have been permitted to record business addresses as opposed to home addresses, all in the interests of data protection, the opportunity for crooks to provide CoHo with unchecked spurious particulars has led to an invasion of companies, especially around Canary Wharf, set up for no other purpose than fraud. Did no one see that coming?
“Add to that the muddled inputting of records at CoHo over recent years and there is no longer such a thing, for example, as a simple director check. It is not unusual to find a dozen disparate records clearly relating to the same individual, undoubtedly thanks to some sloppy clerk failing to carry out the most basic checks. CoHo boasts that a company can be incorporated in 24 hours. No doubt it can, if staff are willing to take the word of every Tom, Dick and Igor whose only requirement is to pay the appropriate fee!”
Minister for Corporate Responsibility Lord Callanan said, “We are committed to making the UK the best place in the world to start and grow a business. The reforms we are making to the Companies House register will provide businesses with greater confidence in their transactions.” The changes are a result of the government’s 2019 consultation on Corporate Transparency and Register Reform and legislation will follow when Parliamentary time allows. Hmm!
September 2020 ~ Cost versus competence . . worth the risk?
Despite the decades-long efforts of the Association of British Investigators [the ABI] and others, the investigation industry continues to be unregulated. Whilst this pertains, even top law firms will gamble with their reputations by instructing legal service suppliers on the strength of cost as opposed to competence. Especially in the case of companies, the real risk of inept cowboys conducting illegal activities in their names seems to escape the consideration of the office trainee, fresh out of college, and tasked with farming out an instruction based on the all-important requisite of ‘cheapest fees gets the job’. As for checking the wild claims and suspect testimonials on the rogue traders’ flashy websites, we can all hear the response . . . “Well, you didn’t tell me to do that!”
Almost weekly, at the ABI, we get to hear of companies and individuals who have been plainly scammed by these fraudulent or hapless investigators; in every case there are clear indicators that those seeking assistance are not carrying out sheer basics in due diligence. Scallywag’s websites may boast that their established companies have nationwide coverage with wide-ranging skills and services. But five minutes of fundamental research will establish there is no registered company, and invariably the name, mobile number and address are virtually untraceable. Yet, particularly with the private client, they are oh-so-willing to part with their money in advance, then look for someone else to blame when they get fobbed off with a shoddy and potentially illegal product, or often nothing at all!
The ABI continues to assist victims in reporting these incidents to the authorities and cooperates with law enforcement in an effort to bring rogue traders to book. Sadly, we and these victims experience a distinct lack of appetite in progressing prosecutions, even when we produce solid evidence of identity.
So, what’s the remedy? The ABI is the only association of its type to be recognised by The Law Society of England and Wales. It is also on the approved supplier scheme for The Law Society Scotland. And why is this? The ABI has a thorough application and discipline process ensuring only those who meet and maintain the stringent criteria of investigation competence and training, business acumen, criminal conviction check and insurance cover are found amongst its ranks. So, by instructing an ABI member, that company, law-firm or private individual can be sure that their reputations will not be at risk.
Dick Smith QPM is the Law Enforcement Liaison Officer, ABI Governing Council
August 2020 ~ ABI / GDPR Code of Conduct . . . a step nearer
Stakeholders’ responses to the consultation document circulated in respect of the Association of British Investigators’ GDPR Code of Conduct certification application have now been received, producing overwhelming support within the industry. Dick Smith is due to meet up with the Information Commissioner’s Office to further discuss this potentially ground-breaking plan which, if implemented, would see the ABI the first in Europe to achieve such an accolade.
The news has even been picked up ‘across the pond’. New York-based Ron Alvarez, the internationally respected IP investigator, interviewed Dick in his globally acclaimed weekly blog. Commenting on the Code, he said, “Genuinely terrific and comprehensive work. Just to have the government’s attention at all is a huge accomplishment. Important work. Well done!” Read the full article here: IP-PI-Blog
July 2020 ~ Investigators put legal profession on notice with ground-breaking incentive
“Were the Association of British Investigators’ Code of Conduct to succeed in its application to the Information Commissioner’s Office for certification, it is likely to be the first from any sector in the UK, possibly even the EU,” said ABI Immediate Past President, Dick Smith, in a press release. Anticipating interest from the media, he added, “Who, after all, would have guessed it would be the investigative sector that leads in protecting peoples’ privacy?”
The proposed Code is now circulated for consultation to ABI members and relevant stakeholders, who have until the end of July to provide feedback. For the Code of Conduct to work in practical terms, it will require the full support of those who engage investigative and litigation support services. That is, first and foremost, the legal profession.
Tony Imossi, who heads up the ABI Secretariat, is the main architect behind the Code. “If accepted, lawyers will be wise to ensure their chosen service providers are verified Code Members,” he said. “Why would they not? Failing to engage with certificated investigators would be an unnecessary reputational risk. It could even be perceived as a negligent disregard of the Code’s safety measures, which are in place for the protection of personal data. Moreover, it safeguards the public’s right to privacy, which is at the very core of the Code.”
Code Member status is easily within the reach of every law-abiding, honest, and compliant practitioner. “So it is down to the legal profession to lead by example!” concluded Dick.
June 2020 ~ Anonymity online . . . a proposed solution?
“The banal decision to deny the public access to website registrant details on Whois, a predicted consequence of GDPR, continues to give criminals the upper hand,” writes Dick Smith.
In a move to counter the problem of online anonymity, the UK’s security intelligence agency, GCHQ, is exploring a solution. A UK think-tank has proposed introducing a British Identity Corporation [BIDC] as a body to verify identities for tackling serious online abuse, allowing people more control, opening up to public scrutiny. [Source ‘Professional Security’.]
May 2020 ~ “Rob, Replicate and Replace” . . . China’s unchanged strategy
Chinese state-sponsored theft of IP remains unaffected by the global pandemic, for which all but the Chinese admit they were responsible; and as the rest of the world attempts to recover, those Mandarins will be in the wings, ready to buy up struggling western companies.
In a webinar address to a law enforcement and private sector audience, John Huber referred to testimony given by Assistant Attorney General Demers in 2018, quoting: “In many of the cases we see, China’s strategy is the same: Rob, Replicate, and Replace. Rob the American company of its intellectual property, Replicate the technology, and Replace the American company in the Chinese market and, one day, in the global market.”
Huber added, “About 80 percent of all federal economic espionage prosecutions have conduct that would benefit China and around 60 percent of federal trade secret theft cases have some nexus to China.”
A Forbes article published in April warns of China’s intentions and actions during this global crisis. “The pandemic has top officials on the security side of government warning that China might use this time to buy greater influence.”
Hopefully, governments and multi-national companies will keep their eye on the ball. Politico is reporting: “Federal prosecutors say the pandemic hasn’t hindered their efforts to crack down on Chinese espionage.”
April 2020 ~ Counterfeiting rises as Indian PIs locked down!
In India, private detective agencies are not allowed to work under lockdown rules, having been deemed ‘non-essential services’. The same restriction is clearly not applying to counterfeiters and other fraudsters, so the Indian press is pointing out.
“Whether it’s insurance claims or corporate mergers, everything is being halted due to the non-functioning of the agencies,” reports the Indo-Asian News Service. New Delhi-based Kunwar Vikram Singh, chief of the Association of Private Detectives in India [APDI], said, “Closing down of our profession is causing delays in the awarding of insurance claims as checks are not being carried out.” He was suggesting that private detectives should be included under essential services as they are not only necessary, but would also act as an aid to law enforcement agencies busy imposing the lockdown in the wake of the coronavirus outbreak in the country.
Ajit Singh, also based in New Delhi and a member of the Association of British Investigators [ABI], added, “With agencies unable to carry out investigations, there is a lack of information for the corporates. Decisions such as mergers are getting delayed. Counterfeiting and sale of spurious products have increased since the lockdown was imposed because raids are not possible. Since private investigators aren’t being allowed to operate, they cannot expose these activities,” he said.
“We know both Kunwar and Ajit well,” said IPFGB’s Dick Smith. “They are widely respected in the investigation industry. As highly responsible individuals, their views should be considered closely by the Indian authorities. We have no doubt that when the lockdown is eventually lifted, there will be a flood of counterfeit products hitting Western markets where an eager population will be clambering for new products. Now is the time when intellectual property rights holders should be instructing more not less; gathering vital intelligence on the manufacturers and distributors of counterfeit goods.”
April 2020 ~ ‘World Trademark Review’ report on Lockdown enforcement
IPFGB’s Dick Smith is called on for comment on how the Covid-19 lockdown is affecting investigation into IP infringement. The global magazine, ‘World Trademark Review’, approached the Association for British Investigators to enquire what can and cannot be done under the current restrictions.
Encouraging rights holders to continue instructing, Dick says, “Now is the time to gather intelligence, because it will be mayhem when the restrictions are lifted . . . especially when it comes to fake goods. The counterfeit situation will definitely get worse. Factories may be closed now, but I have no doubt that the sweatshops are still operating [and we all know where they are] and once the lockdown is lifted, there will be a sudden demand for consumer goods. And that will benefit the counterfeiter.”
See full article here: Click Here
April 2020 ~ Working with The Law Society
At IPFGB, both Dick and Greg Smith are long-term members of the Association of British Investigators [ABI]. In fact, Dick has been on the Association’s Governing Council for some years and currently holds the position of Law Enforcement Liaison Officer.
The ABI works in partnership with The Law Society. This arrangement enables the Association to support TLS and its 160,000 members, providing immediate access to the services of ABI members.
“As the leading professional body for private investigators working in the UK and beyond,” says TLS Marketing Manager, Clive Russell, “The Law Society recommends the ABI to their members to both provide a first-class service and protect against reputational damage. This arrangement helps the ABI to increase its brand awareness, get our messages across, and promotes ABI members as the go-to experts in the field. The ABI is the only association in this industry to be recognised by The Law Society of England and Wales, and included in the Law Society of Scotland’s approved Supplier Scheme.”
March 2020 ~ “A complete lack of ethical responsibility”
As the Covid-19 pandemic continues to spread around the globe, bringing much of it to a halt and causing thousands of deaths, cybercriminals are exploiting the chaos. Malevolent hackers, demonstrating a complete lack of ethical responsibility, are targeting individuals, preying on their fears. At the same time, health agencies have been bombarded with traffic to slow systems and even the World Health Organization, the centre of the response to the virus, has been attacked by a hacker gang known as DarkHotel.
The 2017 ransomware attacks on Windows XP users succeeded in shutting down hospitals. An attack against Brno University Hospital in the Czech Republic two weeks ago similarly disabled the IT systems. That was followed by a cyberattack against the US Health and Human Services Department. Damage was limited but represented another disturbing trend of coronavirus-related attacks.
Millions of workers are switching to remote working to slow the spread of the virus, but this has only created fresh opportunities for criminals to attack systems that may not be as well protected outside of an office environment.
The advice from IPFGB: use common sense before you click on that unknown link and don’t skimp on your security. Pay for the best available protection. No sailor when falling from a boat into the grimy sea ever says to himself “I am so glad I bought the cheapest life jacket.”
February 2020 ~ Fraud investigation ~ “Police not fit for purpose”
This was the phrase used this week by West Midlands Police and Crime Commissioner David Jamieson in describing the national policing response to investigating fraud. “Victims are being let down under the current system, which is slow, unresponsive and in need of an overhaul.” he admitted.
Experian has estimated the total cost to the UK economy close to £190 billion; dwarfing the figure reported to the police.
“Once more,” says Dick Smith, “it’s a tale of law enforcement failure! Just this month an individual has reported to us he was scammed out of an inheritance of more than £160,000 and the Police have simply broken the mechanism for dealing with it.”
Mr A, resident in rural southeast England, has been a hard worker throughout his life. He was keen that an inheritance he had received was wisely invested; a nest-egg for him and his family’s future. Last October, he accessed a reputable investment website and followed various links; sadly straying off-piste and finding himself dealing with a UK based brokerage ‘company’ offering ‘UK High Street Supermarket Best Interest Bonds’. He received an email from a representative. Everything about the company looked genuine; including a landline number and address in central Edinburgh. Of course, Mr A was communicating with a clone of an authentic brokerage, whose real address was just around the corner. A modicum of due diligence, including a ‘Whois’ check, might have alerted him to what he was falling for. Not once, but twice, he sent off vast sums, receiving in return worthless bonds.
“I was suffering from an illness at the time and, in retrospect, would probably not have fallen for this had I been up to par,” said Mr A. “But what really disappoints me is that, once I suspected there was a problem, the official barriers I came up against in trying to report the crime were unreal. My money had been transferred to a national bank; one branch in the Midlands and another in Yorkshire. I went firstly to a local branch of that bank. They refused to speak to me, other than saying I should contact the police. I went to my local police station and was told they were not allowed to deal with it. I had to contact the police in Scotland. I phoned Edinburgh Police who took my details. I then went to Action Fraud and completed the online forms. I heard nothing. Many weeks later, I tried them again. I was told that my first report had apparently failed, but a subsequent one resulted in a crime number. That is all I have ever heard from Action Fraud. It is as though the issuing of a crime number ticks the box. Finito! Two months after I had spoken to Edinburgh Police, they called me to say that the address I had been given was false.” That was it . . . the sum total of police action.
“I contacted IPFGB which specialises in fraud investigation,” continued Mr A. “Dick Smith told me he was already aware of this particular scam. The fake website had closed down and the likelihood of recovery two months after the event was highly unlikely. Furthermore, if the Police had acted promptly whilst the fraud was still operating and used their powers to lawfully obtain data in relation to the use of phones, emails and the physical address, then there might have been a chance.”
“Nevertheless, Dick immediately conducted enquiries and spoke to a fraud manager with the genuine insurance company with which the cloned brokerage was associated. “He confirmed this was a sophisticated fraud involving many victims and a huge amount of money,” added Dick. “It had naturally had a damaging effect on their company reputation, and they had been forced to redirect legitimate business via another location. Yet the only contact he had received from the police was from the local Edinburgh foot-patrol who had been tasked to visit the false address and who couldn’t quite comprehend that the fraudster was certainly using a false name and did not actually work for the genuine company!
Dick takes up the story . . . “Through a third party, Mr D was still in email contact with the fraudster and ostensibly set up a meeting with him in central Edinburgh the following day on the strength of introducing a new ‘investor’. Under the auspices of data protection, the police would only accept contact from the victim, not from a professional and experienced investigator engaged by him . . . how ridiculous is that? . . . thus, it was Mr A who notified them of the proposed meeting and the urgency required. Their response? He is still waiting, now some four weeks later! As was feared, Mr A has lost his inheritance.
“What’s more, last August the Scottish Police pulled out of the highly criticised Action Fraud system of reporting,” says Dick Smith. “So, on the strength of what happened to Mr A, there now appears to be no correlation between crimes in England and Wales committed by those purporting to be in Scotland or vice versa. Is that not taking devolution too far?
“There are tools available to law enforcement which would equip them to rapidly investigate these crimes, [were they to possess the skill and the will]. Unfortunately, data protection legislation protects the criminal and obstructs victims, together with those professionals to which the public is forced to turn for expertise.”
All this comes at a period when the media is regularly reporting on police failings. “Fraudsters in Britain operate with impunity because the police are not adequately equipped to investigate them,” The Times comments. “No force can cope with the rapidly increasing number of cases and they are regularly handed to ‘unskilled investigators.’ Millions of victims are being failed and police staff say they can no longer work effectively to identify criminals and help bring them to justice.”
“This [fraud] is an area of crime that has grown hugely in recent years. It is clear that policing needs to catch up with the criminals,” concluded the West Midlands PCC.
January 2020 ~ ‘Britain’s Most Wanted Fraudster’ given a free run by the Police
In 2010, Theresa May became Home Secretary and immediately set about ‘reforming’ the Police; a euphemism for the rapid reduction in front-line numbers. It had an instant and dramatic effect on how the Police in England & Wales responded to reports of crime. Officers at ground level began to believe the politically motivated media reports that they were over-stretched and unable to cope, so found they could simply refuse to accept and/or investigate a crime. Moreover, almost to prove a point, their senior officers gave them every backing.
So, it was no surprise that in 2012, when we delivered on a plate to two Police Forces and the National Crime Agency the man who was making a name for himself as ‘Britain’s Most Wanted Fraudster’, nothing was done!
A one-man crime-wave, Mark Acklom would continue to defraud individuals and companies around Europe of millions. When the British Police eventually got around to doing something, the seven-year investigation and subsequent extradition undoubtedly cost the British taxpayer more than a million.
Early in 2012, Dick Smith was called in by an architect to discreetly check out Acklom’s credentials. It took Dick just 36 hours to prove that Acklom was an international conman engaged in a series of frauds around the West Country and the architect was clearly the potential target of a scam. He was able to back off, thus saving his money. He agreed to the Police being warned. Deplorably as far as the other victims were concerned, however, the Police made the conscious decision to ignore the information; turning down the opportunity to capture Acklom who was then living locally . . . in luxury. As one senior officer said at the time, “As there is no reported crime to investigate, we are not permitted to proceed with it ~ so it may be he is wanted elsewhere but there’s not the resources to even establish that!”
Martin Brunt, Crime Correspondent at Sky News, has produced a documentary about Acklom, who is now serving five years 8 months imprisonment following his “deal” with the Crown Prosecution Service, which dropped 15 of the 20 charges against him in return for a guilty plea. Brunt quotes from Dick’s 31-page report [at 26 mins 30 secs]; the same report which was delivered to the Police at the very time Acklom was committing many of these offences.
The Sky News documentary may be seen here . . . Link
“The sad thing is,” laments Dick, “were these circumstances to occur again tomorrow, I’ll guarantee the Police would take the same action . . . that is, no action. There is no longer any mechanism for the public to report their suspicions concerning fraud. Only a victim may report an offence to Action Fraud.”