UK unveils £9m fund for dark web crack down

UK Home Secretary Amber Rudd has announced a multi-million pound budget to help police crack down on criminals who hide on the dark web. 

The country will spend £9m (AUD$16m) to boost the capabilities of dark web investigators at the National Crime Agency (NCAs) and regional organised crime units to ferret out criminals who use encrypted websites to conceal trade in drugs, firearms, malware and other contraband. 

Rudd announced a further £5m for local and regional police as part of plan to establish “dedicated cybercrime units” in every police force in England and Wales. Currently only a third of local police forces had a baseline cyber capabilities, according to Rudd.   

The funds are part of a £50m budget over the next year to boost law enforcement cyber capabilities at a national, regional and local level.

Rudd also unveiled plans for the UK’s first live national cybercrime exercise to test the nation’s police, security and intelligence agencies’ response and resilience to a large scale cyber attack. 

A further £3m will be allocated to the UK’s public awareness campaign, CyberAware, with additional funds promised for supporting victims of cybercrime. 

Rudd unveiled the new funding on Wednesday at the National Cyber Security Centre’s (NCSC) CYBERUK 2018 summit in Manchester.   

The NCSC revealed in a report released today that it had recorded 34 "significant” cyber attacks between October 2016 and December 2017. These attacks typically demanded a cross-government response. 

Rudd said that in the past six months, the NCSC had responded to 49 incidents linked to Russian cyber attacks.

The most disruptive incident was last May’s WannaCry ransomware attack that affected a third of NHS trusts and caused nearly 7,000 appointments to be cancelled. The UK joined the US and Australia in December in publicly blaming the attack on North Korean hackers.       

NCSC recorded 762 other “less serious” incidents that mostly impacted a single organisation. 

Another major threat was compromised legitimate software, such as the poisoned MeDoc Ukraine accounting software update that launched the NotPetya attack, which the UK, Australia, and US in February blamed on the Russian military.

"Hostile states, groups and individuals are using cyber tools to commit crimes, to project power, to intimidate their adversaries, and to influence and manipulate societies in a manner which makes definitive attribution difficult," said Rudd. 

Other threats NCSC is concerned about include ransomware, cryptojacking, mass data breaches, distributed denial of service (DDoS) attacks, attacks on outsourced IT and HR providers, attacks on financial institutions and attacks on parliament.   

Intricately planned phishing attacks or business email fraud is another soft spot for UK businesses. Around 1,500 businesses lost £32.2m between 2016 and 2017 to “mandate fraud”, which involves a fraudster posing as a regular supplier and convincing a target organisation to change a direct debit, stating order or bank transfer mandate to the attacker’s account.