NSW Police Force’s top cyber cop says internet-enabled crime “poses the greatest challenge to law-enforcement in the 21st century – both in terms of the risk to our national security, our border protection and the impact it has on the economy overall”.
So when you consider there are 95 out of 20,329 NSW Police Force employees working in the cyber and fraud division, one wonders if Detective Superintendent Arthur Katsogiannis, Commander of the NSW Fraud and Cyber Crime Squad, is well prepared.
“Is it enough? Well we could always do with more resources,” he tells me during a recent lunch interview at Criniti’s in Sydney’s Woolloomooloo. “There’s no commander that would say that they’ve got enough resources but that’s something we’re working towards. And yes, I would like more resources, but at the moment I think we’re doing a reasonable job with the resources we’ve got.”
“I don’t think you can ever be prepared,” he says. “Yes we’ve got some good systems in place but we’re a long way from having the capabilities to do what we want to do in terms of identifying and preventing a lot of the cyber crime.”
Until recently, Detective Katsogiannis – who is celebrating 35 years as a member of the NSW Police Force – worked as Commander of the Firearms and Organised Crime Squad, and then the Gangs Squad.
In those roles he locked up bikies (he recently confessed to riding a bike himself) and often dealt with 2am calls. These days he’s getting a lot more sleep.
“That’s one good thing that I’ve got to say I don’t miss,” he says of the early-morning calls.
“[Those calls were] a regular event in the gang squad and also the firearm squad and you get used to that,” he says. “Even my wife was starting to get used to it, although she didn’t like it. But that goes part of the territory.”
One issue recently in the news that I probe Detective Katsogiannis on is uncrackable phones hindering investigations. The NSW Crime Commission’s latest annual report states that uncrackable phones have hindered at least two murder investigations in Sydney.
The commission reported a “steady increase in the use of encrypted communication methods, such as Phantom Secure BlackBerry devices and free downloadable applications for smartphones, over the last two years”.
The problem has become such an issue NSW Police recently travelled to BlackBerry’s headquarters in Canada in a bid to get advice on how to retrieve information from the encrypted devices, Fairfax Media reported in May.
Detective Katsogiannis said he would like to see more collaboration from private companies, such as Apple and Google, when it comes to assisting law-enforcement agencies in decrypting phones to uncover critical evidence.
“I don’t think we can compel them to [help us], but I’d certainly like to see more consultation and liaising between the private sector and law enforcement, in particular when they’re building products, because [at present] we don’t get any input into it and once a product is built, created and put out onto the open market we play catch up …” he says.
If better collaboration doesn’t eventuate, he says NSW Police may have to go down the path of asking the NSW government to change the laws to compel suspected criminals to reveal passwords by making it an offence not to do so.
“We don’t [currently do this],” Detective Katsogiannis says.” [But] it’s something we can look at.
“I’d like to see something similar like the UK where you’ve got an office that includes investigators, lawyers, forensic accountants and analysts, and coercive powers where we can bring individuals in and if they’re not going to talk to us it’s an offence.”
Another issue on Detective Katsogiannis’ mind is the punishment cyber criminals get compared with armed robbers, and which he believes to be disproportionate. As an example, he uses the analogy of an armed robber threatening a convenience store owner with a knife and stealing $1000 compared with someone stealing $100,000 via an online romance scam.
“If you are caught [with that] armed robbery you can be liable for 15 years’ imprisonment,” he says. “[Meanwhile] you get some kind of custodial sentence where you’re an individual who rips off someone through a fraud scam, whether it be via a romance scam or something like that, if it’s $100,000 [the criminal will] probably get something like a 12-month good behaviour bond.
“And yet you’re doing more damage to the person by taking all that money [through the scam]; It’s usually their life savings..”
Given the internet is borderless, transnational crimes are also something Detective Katsogiannis has to deal with. While NSW Police has a good rapport with the United States’ FBI and the Secret Service, and Britain’s Scotland Yard, some others can be hard to work with, he says, making his job difficult.
“Some of the other countries like Nigeria, we do have some success and we do have liaison officers through the AFP and Interpol that we deal with, but we can’t tell them who they can and can’t arrest and who they can and can’t investigate,” he says. “So that can be frustrating at times.”
While he says overseas relationships, such as the one with Nigeria, have improved to some extent, he believes they’re going to have to improve even more because of the way crime is now able to be committed across borders via the internet.
Back on home turf, Detective Katsogiannis is hoping the imminent trial of a new computerised information retrieval (IR) system will help automate some of the NSW Police Force’s manual processes when it comes to collecting intelligence from banks, such as bank statements when investigating fraud.
The system would enable officers to “go online and request banking documentation, statements, affidavits and the like” and get it “a lot quicker and more efficiently”. The next step he’s hoping the NSW government will support through legislative amendments – allowing a senior officer to sign off on access to banking information rather than a magistrate – would make the process even faster.
“If we want documentation from the banks … we still need to go to a court and see a chamber magistrate to be able to get a notice to produce to get that documentation so it can be admissible as evidence in a court,” he says. “We’ve recently put a submission up to government seeking an amendment to that [so] that a commissioned officer would be able to authorise notices to produce.”
Not everyone’s happy about these proposed changes, though. David Shoebridge, a Greens MP in the NSW Legislative Council, said he had concerns.
“Bank records contain a cornucopia of personal information that should be protected from casual access by the NSW Police,” he says. “If police have a reasonable basis to believe that access to someone’s bank account details can help them solve a crime then they can already get the information by a warrant.”
But Detective Katsogiannis’ job isn’t all about investigating crime. It’s also about educating the community on how to avoid cyber crime and fraud in the first place.
His one key piece of advice? Never reveal your precise age to anyone you can’t trust, or publish it online.
Why? Because it can be one of the most useful pieces of information used to assist criminals in taking over your identity.
“When we do investigations … dates of births we find are one of the greatest sought-after pieces of personal information that ID criminals are looking for,” Detective Katsogiannis says. “If criminals can get some credit card details and your date of birth it’s quite easy for them to then take over your identity.”
Filling in surveys at the check-out should also be avoided, he says, as this can lead to your personal data being sold to criminals.
“[Often] that will be sent overseas and a lot of that information is sold off and criminal syndicates that have been set up and are willing to pay big money to get your … data and use it to obviously either take over your identity or get access to your funds,” he says.
Because of this, he hopes that companies will soon be required by law to divulge publicly if they have had a data breach, and he believes this will help notify people whether they have been compromised and need to change things like passwords.
“I feel that there is a need and there should be some type of legislation to compel the companies to at least report it because it’s part of educating the community and the community knowing what’s going on out there,” he says.
“… if companies don’t report [breaches], how do we know it’s actually occurring?”
If there’s one legacy he hopes to leave behind with the NSW Police Force, it’s to have more police trained in helping track down cyber criminals.
“I think one of the challenging things for law enforcement here in NSW or globally is the fear that many police have of investigating cyber crime or fraud-related crime,” he says. “They see it as a very difficult type of crime to investigate it, they fear it and sort of stay away from it.
To fix this, he says he has tasked one of his sergeants to put together a fraud and cyber crime course for police officers. “We want to be able to have every officer that comes in as a recruit to be trained in some capacity, both as a cyber crime investigator and a fraud investigator.”