John Bensalhia interviews Ben Russell, Head of Threat Response of the National Crime Agency’s National Cyber Crime Unit, and finds out the work carried out at the NCA and why cyber crimes should be instantly reported

Here’s a question: if your house was burgled, what’s the first thing that you would do?

The likely answer is to phone the police to report the burglary. The sooner the call is made, the greater the chance of those stolen goodies being returned and the criminal brought to justice.

It’s the same sort of response that should kick in when a cybercrime has been committed. And that’s what Ben Russell, Head of Threat Response of the National Crime Agency’s National Cyber Crime Unit will be talking about at Cloud Security Expo London this March.

“What I will be speaking about is why people who have suffered cyber attacks should work with law enforcement,” says Ben.

“It’s up to you to report a crime. For example, if your house has been burgled, you would instantly report this to the police. With cyber crimes, however, while some do report these, others don’t.”

Changes and advances in technology are now at the forefront of crimes committed today

Ben will be looking at the sort of questions that victims of cyber crimes should be asking themselves. “What are the benefits of reporting a cybercrimee for me? How should I go about reporting the cybercrime? What can I expect from the police and the law enforcement agency?”

“We feel that the victim can benefit greatly from reporting a cybercrime, so the key is to explain to people and make sure that they fully understand what they can expect. If your house was burgled, then you would have a good idea of what to expect when you report the crime to the police.”

CSEL-Speaker-Interview-2018-700x90_Ben-Russell

A proactive approach

Having been in his current role for six years, Ben is the head of cyber intelligence at the NCA. “What I do in my job is to make a difference by helping my team to find the criminals, identify the biggest threats online, respond to cyber incidents and support our criminal investigations.”

“As a very proactive agency, what we do is to plan strategies and to look at where best to focus efforts that will have the most impact in catching cyber criminals. We also look at how to use the resources that we have and to use them the best that we can.”

“I find that the work I do to be a very interesting area: partly because of the generational aspects of today’s crimes, and how changes and advances in technology are now at the forefront of crimes committed today. These are changing so many aspects of our lives – almost all crime is now enabled by cyber technology.”

Ben says that one of the main security issues is for people and businesses to know what they need to protect the most. “Often, people read in the media and on websites, about the many cybercrimes committed, but the key issue is to see through all that noise and to ask themselves what is the biggest risk to their business.”

While there are new technological innovations to manage and prevent cybercrimes from taking place, what also matters is people power

“Although no one can make everything secure, the most effective method of ensuring secure technology is to work out what matters the most, and to take the relevant steps to ensure protection of what’s the most important element.”

As new methods of cybercrime have been introduced in the last few years (such as ransomware attacks), there have also been plenty of new innovations and gadgets to combat the security.

Identifying offenders

But while there are new technological innovations to manage and prevent cybercrimes from taking place, what also matters is people power. A good example of this is the discontinuation of a cyber-hacking tool that enabled criminals to take complete control of their victims’ machines.

The National Crime Agency co-ordinated the investigation last year into the Luminosity Link RAT (Remote Access Trojan). Costing as little as £30 and with little technical knowledge required by users, the RAT enabled hackers to connect to victims’ machines without detection. As a result, hackers now had the ability to disable anti-virus and anti-malware software, carry out commands such as monitoring and recording keystrokes, steal data and passwords, and monitor victims via their webcams. Having been sold online to in excess of 8,600 buyers around the world, the investigators estimated that thousands of people worldwide were victims of the Luminosity Link RAT.

But as a result of UK and European police and law enforcement agencies working together to target those who had bought the RAT, the crime was foiled. Instigated and helmed by the UK’s South West Regional Cyber Crime Unit, the crime was initially traced to a Bristol-based suspect’s computer (the individual had been previously arrested the year before on suspicion of Computer Misuse Act offences).

Over 490 intelligence packages were subsequently developed by investigators and disseminated to law enforcement agencies across 13 countries in Europe, the U.S. and Australia, and since September 2017, search warrants, arrests, and cease and desist notifications have been conducted across these regions. As confiscated devices were taken away for examination, the National Crime Agency identified suspects and passed their details to cybercrime specialists in the Regional Organised Crime Units. As a result of more than a year’s work on this crime, a sizeable number of offenders were identified.

“A big benefit of combating the cyber attacks today is the way in which the law enforcers work and come together,” concludes Ben. “The police, the Met, the NCA… these are all taking proactive approaches to prevent crimes from taking place, and will continue to do so in the future.”


01-SECURITYbBen Russell will be speaking at the forthcoming Cloud Security Expo, which takes place on 21st and 22nd March 2018 at London’s ExCeL Centre. To hear from Ben and other security experts from around the world, register today for your FREE ticket.