Bank heists aren’t what they used to be. With sophisticated underground networks of hackers able to remotely swipe millions from financial institutions within seconds, many now look back wistfully on the days when a bank robbery involved a getaway chase, fat wads of cash and a bandit eye mask.
“Cyber is now the tool of choice for significant financial crime: it is easier to dispose of the stolen assets and the crime is easier to get away with,” says Andrew Moir, head of global cyber security at law firm Herbert Smith Freehills. “Compare the $81m (£61m) Bank of Bangladesh cyber heist [stolen from the bank’s account at the US Federal Reserve last year] to the £25m Hatton Garden jewel raid.”
The City of London is eager to show it is a leader in the fight against computer crime, particularly as Brexit rumbles in the background and threatens London’s status as Europe’s financial centre.
Dominic Raab, the justice minister, said last month that a decision to open a new court in the City to focus on cyber crime was a “terrific advert for post-Brexit Britain” while Catherine McGuinness, the City’s top official, is heading to Israel to meet cyber security experts and academics, with the aim of mirroring Tel Aviv’s success in attracting start-ups.
“[It’s] the first time we’ve made a trip like this, there is a fresh focus on cyber from us as an organisation,” Ms McGuinness made clear, adding that she will be looking at potential partnerships with specialists in Israel. She uses the new court, which is being funded by the City of London Corporation and will be based in the Square Mile, as an example for how the UK is keeping up with financial crime in the 21st century.
The UK was the target of one in eight cyber attacks in Europe between January and September last year, according to research from cyber security firm FireEye. No wonder then that the City is ploughing money into the issue – all too aware that finance is among the most targeted industries. The UK’s National Cyber Security Centre has dealt with more than 600 “significant” cyber attacks since it was opened just a year ago by the Government Communications Headquarters (GCHQ), and today is hosting a summit for EU member states to share what it has learnt.
Few are aware of the importance of tackling this issue more than Robert Hannigan, the former GCHQ boss who joined the intelligence agency just after the Edward Snowden scandal in 2014 and left earlier this year. Credited with preparing the UK for a new era of cyber challenges (he was behind the launch of the cyber centre), he is now advising businesses on how to prepare for future risks.
“Attacks used to be very crude misspelled [emails], now they are sophisticated – we have seen criminals researching targets, seeing where a CEO’s children go to school so an email looks like it comes from there,” he says, illustrating how hard it can be to spot a red flag. “These aren’t teenagers in a bedroom, these are seriously organised groups. They’ve taken the internet and gig economy model and hire people in.”
Having been Tony Blair’s adviser on Northern Ireland peace talks and a former director general of defence and intelligence at the Foreign Office, Mr Hannigan has seen first hand the changes in the way criminal gangs operate. Many have grown up with the internet, and with technology moving so fast one of the biggest challenges is trying to forecast what the techniques will be in 10 or 20 years, he says.
Trying to make that prediction will require a lot more specialists than are currently available. The UK has a shortage of experts, with start-ups competing to recruit convicted hackers for expertise. Lobby group TheCityUK told The Daily Telegraph this year that it wants to see cyber schools in each UK city with a big financial services presence so that institutions aren’t scrabbling for talent, with plans to transform Bletchley Park – used to crack codes in the Second World War – into the UK’s first National College of Cyber Security delayed by a year. Part of Ms McGuinness’s trip to Israel this week will be about learning how to draw cyber entrepreneurs to the UK.
Mr Hannigan, who is currently advising Lloyd’s of London insurer Hiscox on potential cyber risks ,warns that, while the finance sector is miles ahead of many others in terms of cyber security and awareness, institutions can be “naive” when it comes to state-linked cyber threats with many underestimating the extent to which some countries work with crime groups.
“As state and crime threats merge in some areas, that’s something which needs more work,” he said, using North Korea as an example. “Institutions tend to think that states wouldn’t want to damage the international financial system which they have a stake in, but of course North Korea doesn’t have a stake in it and doesn’t really care.
“That crossover of crime and state is here to stay. I think, thinking beyond fraud and crime, companies need to think about the motives of states that might want to access their data. Financial institutions hold very personal data about millions of people.”
“Cyber crime certainly is capable of causing the next financial crisis – anything that undermines confidence in the banking system could have that effect,” adds Mr Moir, underlining the severity of a potential attack. “Suppose hackers penetrate a bank’s systems and manipulate balances or mortgages so they can no longer be trusted?”