Security threats Toolkit

Police will not pursue ransom hackers

Tags:
Ransom

Tom Espiner ZDNet.co.uk

Published: 02 Jun 2006 12:50 BST

Greater Manchester Police (GMP) will not be pursuing the criminals who used a Trojan horse program to lock a Manchester woman's files and demanded a ransom to release them.

The malicious Archiveus program was unintentionally downloaded by Helen Barrow of Rochdale, who found it locked her files into a 30-character password-protected folder. A ransom note instructed her to avoid going to the police, and buy pharmaceutical products online to gain the password to release her files.

Barrow did not pay, and managed to recover some data. The police, however, will not be investigating the crime.

"We aren't investigating the incident as it's an Internet crime, and not within the GMP area — technically it's international," a spokeswoman for GMP told ZDNet UK.

"Trying to find who did this it would be a monumental task," a spokeswoman for GMP told Out-Law.com.

No other police force appears to be investigating the incident either. "We are not aware of any ongoing investigations," the GMP spokeswoman said.

Legal experts questioned the wisdom of sending a message to hackers that they would not be chased for commmitting Internet crime.

"To say it's difficult to trace a hacker is a dangerous message for the GMP to send," said Struan Robertson, senior associate at solicitors Pinsent Masons. "It's unrealistic for police to investigate every single incidence of hacking, but their response in this case is disappointing," Robertson said.

Senior ex-police officers and security experts are understood to be concerned that cases of this kind will not be investigated as they fall outside the remit of both local police forces and international crime agencies.

Cases such as the Archiveus incident would previously have been dealt with by the National High Tech Crime Unit (NHTCU), which was amalgamated into the Serious and Organised Crime Agency (SOCA) in April.

"This is the kind of attack that presumably would have been within the NHTCU's remit," said Robertson. "There is a risk that people will perceive crimes of this kind as falling outside the remit of SOCA, because they do not appear to be the work of organised criminals."

SOCA refused to comment on whether this case falls within its remit, and could give no suggestion as to whether this incident is actually being investigated by any police unit at all.

"If it falls within our remit, we will investigate. E-crime is a concern of SOCA, but we can't comment on individual cases. SOCA doesn't comment on ongoing or possible investigations at all," a SOCA spokesman told ZDNet UK.

Cambridge University security expert Richard Clayton pointed out that the police simply aren't in a position to handle every reported crime, but also warned that some cybercrime offences — including international cybercrime committed by individuals — may be a priority for neither local officers nor SOCA.

"Firstly, it is not realistic to expect the police to investigate every crime — we all know that from personal experience, if our house has been burgled or our car broken into," said Clayton.

"The second issue is the demarcation issue that is occurring, hopefully temporarily, in the UK whereby local police with local targets to achieve do not have any resources or incentive to investigate out-of-area criminality. However, the national force is concentrating on 'organised' crime, and so if the crime looks like a one-off, committed by an individual, then even if they might be able to track them down, they may not be interested either," Clayton said.

Antivirus companies have now cracked the Archiveus Trojan, and determined that the password used to unlock data is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw".