‘They should have planned it on Google Earth’ – UK cybercrime chief on the Hatton Garden heist’s folly and why WannaCry is a watershed moment

Written by Sam Trendall on 5 July 2017 in News

Cybercrime lead at National Crime Agency lays out his three objectives

"One of the reasons they got caught is that they were very old school," cybercrime chief Mike Hulett said  Credit: PA

“Those guys did a fantastic job – right up until the time they got caught,” Mike Hulett, head of operations at the National Cyber Crime Unit (NCCU), said of the perpetrators of the multimillion-pound Hatton Garden safety deposit box burglary in 2015.

“And one of the reasons they got caught is that they were very old school; when they were in their planning phase, they actually sat outside the premises,” Hulett said. “I don’t know if you’ve been to Hatton Garden, but there’s a lot of security cameras around. They could have done most of that sat at home on Google Earth – if they had had the wherewithal to do it.”

He added: “You can make far more money sat at home with a keyboard and a mouse than going out with a balaclava and a shotgun.”

Related content

Local councils ‘should be at the forefront’ of national cyber security

West Yorkshire Police looks to Leeds Beckett University to tackle online crime

Rising to the challenge of cyber security

The chief of the NCCU, which forms part of the National Crime Agency, said that he himself has a touch of the old school, having come from a “guns and drugs background” – in investigative terms. But the playing field has shifted to the extent that, according to figures published last year by the Office for National Statistics, some 47.5% of all crime in the UK is now either enabled by or wholly perpetrated on the internet.

“If you factor in under-reporting, well over half of crime is cyber,” Hulett said.

He added that “previously law enforcement were perceived – if I’m honest, quite fairly so – as not caring” about cybercrime. But now that investigators did treat online crime with the solemnity and rigour it deserved, it was, perhaps, the public that needed to take it more seriously.

Ensuring that victims of cybercrime report offences as a matter of course – as they likely would with a physical burglary – was of crucial importance, Hulett said.  

He added: “The reason why I would encourage people to report things when they happen is… We know burglars rarely get caught because of evidence from one particular crime scene. There might be a bit of evidence left at one scene, and another bit at another. It is the same with cybercrime – people have signatures, and they leave clues.”

No longer 'a victimless crime'
Encouragingly, the recent WannaCry ransomware attack, which caused major disruption to the NHS, seems to have provoked a sea change in attitudes towards cybercrime, the NCCU leader said.

“WannaCry is a [watershed] moment – it has brought cybercrime into the public consciousness; it has made people realise that there can be that kinetic effect coming from cybercrime,” he said. 

“Previously it has been seen as something of a victimless crime; for businesses it is [seen as] a cost of doing business, and, if it is a bank, [people think] ‘they can afford it’.”

Hulett broke the cybercrime landscape into a three-layered pyramid, with an annual total of 2.5 million low-level "volume" crimes at the bottom. Above that are relatively common ‘high-profile’ attacks, such as the 2016 breaches affecting Tesco Bank and The National Lottery. At the very top are a cabal of about 150-20 "elite" cybercriminals perpetrating the biggest and most sophisticated attacks.

To combat all forms of cybercrime, the NCCU has “three key objectives”, Hulett said. 

“First of all we will try and reduce gains – we will try and limit the opportunities for domestic and international cybercriminals to exploit UK companies,” he said. 

“[Second], we want to raise the risk; cyber is seen as a low-risk activity. There needs to be some consequences related to law enforcement being involved. [Third] is raising the cost – we cannot sustain this situation where someone can buy a £10 tool and cause havoc.”

Hulett was speaking at the Cyber Security Summit, held in London this week by PublicTechnology's parent company Dods.

About the author

Sam Trendall is editor of ​PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

Watchdogs seek greater oversight of use of facial recognition in prisons
6 July 2022

Scottish bodies flag up uses of facial recognition and in English and Welsh institutions

‘Nasty and sophisticated cybercriminals’ stole £1.1m destined for Bedford school
16 August 2022

Luton Borough Council and regional local enterprise partnership were victims of fraudsters

Police investigated 4,300 cyber offences last year – but charged fewer than 100 criminals
12 August 2022

The proportion of offences resulting in a formal charge increased slightly, but remains at barely more than one in every 50

Ministers slammed over failures to respond to consultations
10 August 2022

Labour claims Conservatives are operating as a ‘zombie government’ as 15 online feedback-gathering exercises have been left dormant since 2019 election