‘They should have planned it on Google Earth’ – UK cybercrime chief on the Hatton Garden heist’s folly and why WannaCry is a watershed moment

Written by Sam Trendall on 5 July 2017 in News

Cybercrime lead at National Crime Agency lays out his three objectives

"One of the reasons they got caught is that they were very old school," cybercrime chief Mike Hulett said  Credit: PA

“Those guys did a fantastic job – right up until the time they got caught,” Mike Hulett, head of operations at the National Cyber Crime Unit (NCCU), said of the perpetrators of the multimillion-pound Hatton Garden safety deposit box burglary in 2015.

“And one of the reasons they got caught is that they were very old school; when they were in their planning phase, they actually sat outside the premises,” Hulett said. “I don’t know if you’ve been to Hatton Garden, but there’s a lot of security cameras around. They could have done most of that sat at home on Google Earth – if they had had the wherewithal to do it.”

He added: “You can make far more money sat at home with a keyboard and a mouse than going out with a balaclava and a shotgun.”

Related content

Local councils ‘should be at the forefront’ of national cyber security

West Yorkshire Police looks to Leeds Beckett University to tackle online crime

Rising to the challenge of cyber security

The chief of the NCCU, which forms part of the National Crime Agency, said that he himself has a touch of the old school, having come from a “guns and drugs background” – in investigative terms. But the playing field has shifted to the extent that, according to figures published last year by the Office for National Statistics, some 47.5% of all crime in the UK is now either enabled by or wholly perpetrated on the internet.

“If you factor in under-reporting, well over half of crime is cyber,” Hulett said.

He added that “previously law enforcement were perceived – if I’m honest, quite fairly so – as not caring” about cybercrime. But now that investigators did treat online crime with the solemnity and rigour it deserved, it was, perhaps, the public that needed to take it more seriously.

Ensuring that victims of cybercrime report offences as a matter of course – as they likely would with a physical burglary – was of crucial importance, Hulett said.  

He added: “The reason why I would encourage people to report things when they happen is… We know burglars rarely get caught because of evidence from one particular crime scene. There might be a bit of evidence left at one scene, and another bit at another. It is the same with cybercrime – people have signatures, and they leave clues.”

No longer 'a victimless crime'
Encouragingly, the recent WannaCry ransomware attack, which caused major disruption to the NHS, seems to have provoked a sea change in attitudes towards cybercrime, the NCCU leader said.

“WannaCry is a [watershed] moment – it has brought cybercrime into the public consciousness; it has made people realise that there can be that kinetic effect coming from cybercrime,” he said. 

“Previously it has been seen as something of a victimless crime; for businesses it is [seen as] a cost of doing business, and, if it is a bank, [people think] ‘they can afford it’.”

Hulett broke the cybercrime landscape into a three-layered pyramid, with an annual total of 2.5 million low-level "volume" crimes at the bottom. Above that are relatively common ‘high-profile’ attacks, such as the 2016 breaches affecting Tesco Bank and The National Lottery. At the very top are a cabal of about 150-20 "elite" cybercriminals perpetrating the biggest and most sophisticated attacks.

To combat all forms of cybercrime, the NCCU has “three key objectives”, Hulett said. 

“First of all we will try and reduce gains – we will try and limit the opportunities for domestic and international cybercriminals to exploit UK companies,” he said. 

“[Second], we want to raise the risk; cyber is seen as a low-risk activity. There needs to be some consequences related to law enforcement being involved. [Third] is raising the cost – we cannot sustain this situation where someone can buy a £10 tool and cause havoc.”

Hulett was speaking at the Cyber Security Summit, held in London this week by PublicTechnology's parent company Dods.

About the author

Sam Trendall is editor of ​PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

Government urged to update product safety standards for internet age
15 May 2023

Parliamentary committee laments pace of progress so far in changing rules

UK has potential to be cyber ‘world leader’, report finds
3 May 2023

Think tank study praise ‘whole-of-society approach’ to policy but encourages development of specialist workforce

WhatsApp and private email banned for government use at higher security tiers
13 April 2023

Officials are warned that, if they choose to use non-corporate channels, they must 'be prepared to defend your choices'

MoJ reprimanded by ICO after ‘bags of confidential documents’ exposed for over two weeks
25 May 2023

Sensitive data was left unsecured in prison holding area, according to data watchdog

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...