Technology accelerating crime, boosts case for national police service, says NCA chief

Teenagers are radicalising

He said the boundaries between different types of crime were blurring. Teenagers were being radicalised on the same online spaces to become cyber criminals, sex offenders or terrorists by the same algorithms.

Biggar said that the pace of change was “most acute” in cyber crime, with the past 18 months seeing high-profile cyber attacks on Transport for London, the Legal Aid Agency, Marks & Spencer, the Co-op, Kido nurseries and Jaguar Land Rover.

“The majority still originate overseas, but we have seen the emergence of UK-based attackers, combining sophisticated malware with social engineering – exploiting not just technical vulnerabilities, but human ones, too,” he added.

Foreign states were in contact with criminals to conduct hostile acts on UK soil, and cyber attacks were coming from both state actors and criminal ransomware groups, or a combination of the two.

Biggar said the message for organisations was clear: securing systems is not enough – they also need to address how people, processes and supply chains can be manipulated.

Scam centres commit fraud on industrial scale

According to the National Strategic Assessment, online fraud continues to grow. Card-not-present fraud and investment fraud are enabled by criminals using the same social engineering techniques, manipulating people into handing over their savings or one-time passwords.

Scam centres have opened up in South East Asia and West Africa, and are conducting online frauds on an industrial scale.

The NCA said the number of referrals from technology companies reporting child sexual abuse had risen by a third in two years.

“Tech companies need to face up to their responsibilities in a way they have simply not done yet,” said Biggar.

Encrypted communications

Biggar told Computer Weekly that organised crime groups had largely moved away from communicating using dedicated encrypted phone networks, and had moved onto commercially available encrypted phone apps.

He said there was a shift after police operations against EncroChat, Sky ECC and Anom. “At the same time, commercially available apps that many of us are using all the time also became pretty safe, and so we’ve seen criminals moving much more onto just normal consumer apps that everyone uses,” said Biggar.

“There are still some hardened dedicated secure comms around, but not to the scale of Sky ECC and EncroChat,” he said. “We have also seen criminals have more face-to-face meetings, but not at scale.”

In Operation Venetic, following the takedown of EncroChat encrypted phones in 2020, the NCA and police forces have secured 2,437 convictions, mostly of serious drug criminals.

“Six years on, the number of convictions is increasing,” said Biggar. “There was so much data, and we have delays in court. Next year, that figure will be higher. We are still taking people to court on the basis of that data.”

He said that tech companies had a responsibility to design algorithms and encrypted applications that upheld public safety.

“We are not against end-to-end encryption, just end-to-end encryption that is not designed with public safety in mind,” said Biggar. “That means that when a law enforcement body has a warrant authorised by a judge, that can be actioned by the company.”

He said in his speech that technology has seen crime shift from being local to global, and from real-world to online.

New threats were emerging in the space between the NCA, counter terrorism policing, Regional Organised Crime Units and police forces.

“New threats would be easier to spot and respond to from a single law enforcement body responsible for crime best dealt with nationally,” said Biggar.