4 December 2020

Cybercrime is turning our browsers into battlefields

By James Sweetland

Just a few weeks ago, Boris Johnson announced a brand new Cyber Force for the UK. Led jointly by GCHQ and the Ministry of Defence, this new body will help lead the national development of an offensive cyber capability, with a focus on disrupting hostile state activities, terrorists and criminals threatening the UK’s national security.

Whether it’s ISIS or the Internet Research Agency, over the past decade our smartphones have become just another front in geopolitical struggles for international power. And as individuals, we’re far more likely to face international threats through a browser than on a battlefield.

But what does cybercrime actually look like?

On those same battlefields, alongside groups like ISIS and Russia’s Internet Research Agency who see cyberspace as another means to target their enemies, we find a far more common threat. These are the opportunists and looters, the simple criminals for whom the web represents not a path to reshaping the world, but simply a chance to make a quick buck. 

Haveibeenpwned.com is a website which lets you check whether your email address and other personal details have been exposed. Try it now with your own details – you might be surprised. At the time of writing nearly 10.5 billion accounts have been hacked. For many Brits, this is the reality of cybercrime: everyday crime on a scale we have never seen before. Our recent research at Demos showed that more than one in every ten Britons has had their data accessed illegally in the past year alone. And yet, what happens when someone is victimised in this way – when someone loses their life savings, their identity, or their feeling of safety online? Far too often, the answer is nothing.

We found that when victims report their experiences of cybercrime to Action Fraud – the UK’s designated reporting body –  they rarely receive the response they deserve. In fact, cases shared with this body are rarely referred to police for any investigation at all. Even when they are passed on, they are handled by local police forces which struggle to investigate them properly.

And while financial institutions will refund victims in many cases, the process itself is often complicated and alienating. Many victims never learn how they have become a victim in the first place, and what they need to do to protect themselves next time. Their emotional needs are neither acknowledged nor supported throughout this process – not even by victim support services. Understandably, this has a major psychological impact; as one major study points out, it can cause anxiety, stress, anger and even worsening physical health. 

We also face a significant knowledge gap – our ineffectual response now means that underreporting of cybercrime is so common that we’re only seeing the tip of the iceberg when it comes to its actual impact. These are systemic failings, and victims are consistently losing out.

Cybercrime is a problem that occurs far more frequently than major acts of cyberwarfare ever do. And for most of us, the threats we face hit us when we click the wrong link, use the same password on more than one site or disable that annoying antivirus software that keeps popping up. It’s only when the cost of cybercrime becomes real, be it through your empty bank account or your name and details on a site you’ve never seen before, that you realise you’re not really secure after all.

So why, as the government commits to fighting for our national cybersecurity, is our approach to tackling cyber threats which affect ordinary citizens so lacking? Why do we seem so willing to surrender to cybercrime?

In a new Demos report, ‘The Great Cyber Surrender’, we provide a blueprint for a new system for preventing, investigating and eradicating cybercrime in the UK, with support for its victims at its heart.

A bold first step would be a new, simple three-digit National Reporting Hotline – think ‘119 for Cybercrime’ – and a new National Fraud Taskforce, which would be responsible for dealing with digital offences and staffed with specialist investigators. To support victims, the rollout of Victim Care Squads on a national scale is also vital.

But more generally, we need a commitment from the Government to fight for our individual safety online as doggedly as we fight for our collective security. This means ensuring that the technical expertise to tackle cybercrime is as available to local police as it is to the security services – something our research found was clearly not the case. We need to ensure that our international agreements reflect a shared ambition as liberal democracies to tackle cybercrime effectively together. We need to meet the challenge of the agile and dynamic cybercriminal threat, and show victims that the will and resources are there to keep them safer in future.

Because if we truly want people in the UK to be safe when they go online, this is a battle we can’t afford to lose.

Click here to subscribe to our daily briefing – the best pieces from CapX and across the web.

CapX depends on the generosity of its readers. If you value what we do, please consider making a donation.

James Sweetland is co-author of The Great Cyber Surrender and a research trainee at Demos

Columns are the author's own opinion and do not necessarily reflect the views of CapX.