In March of last year, the Australian Federal Police launched its High Tech Crime Operations unit in response to the ongoing convergence of analogue, digital and internet technologies. Assistant Commissioner Andrew Colvin is the national manager of HTCO. In addition to fighting high-tech crime, he says the unit also provides support to federal officers around technical operations and encourages them to make the most of innovation.
This has been a major challenge during its first year of operation because police are conservative by nature and have a tendency to view technology as a tool that is used against them rather than in their favour. One of the biggest tasks for Colvin has been to change that philosophy.
“The AFP has had a couple of false starts at this over the last four or five years but there’s now a concerted effort,” he says. “We have started online and face-to-face training programs. It’s a matter of tiering because the investigator on the ground doesn’t need to know everything about how a box works – they just need to know what to do to preserve evidence.
“Those that show proficiency or a particular interest are taken to the next level. At the top end we have computer experts that can stand up in court and say how we took a computer box or a PDA and ended up with evidence following a chain of procedure.
“It’s new to the courts so it’s often challenged through a lack of knowledge as much as a legitimate way to have evidence thrown out. That’s OK because it’s all part of the judicial process. Government is focused on educating the judiciary.”
From an operational perspective, HTCO has helped improve efficiency across the AFP by eradicating duplication of tasks and deploying innovative software to mine terabytes of data seized during investigations.
Back in May 2007, the AFP went public with a massive online child protection investigation dubbed Operation Centurion. A website containing pornographic images of children had been put up in Europe and attracted a staggering 12 million people in the space of just 76 hours.
“We had to distil how many of those 12 million visitors were in Australia, how many of them were real people, how many were in locations that we could do something about, and how to prioritise and triage,” Colvin recalls. “Traditionally that would have taken police days, weeks, in fact probably months, but we can write codes now that help us do it in hours. It’s not only efficiency in terms of human resource but also in our time of investigation so we can do things a lot quicker.”
HTCO has now established a covert internet presence where investigators are using assumed identities to trawl online in places where criminals are known to be active.
The government has provided money for the AFP to grow its HTCO portfolio. By the end of 2012 it is expected to have more than 130 people dedicated to child protection. When looking to bring more people in, Colvin is not looking for traditional policing traits.
“A lot of my portfolio is made up of people who bring a particular skill set. When there’s a cyber investigation into an attack on a piece of infrastructure I don’t need a lot of police to knock on doors, I need a lot of smart people that understand software and can write code.
“It’s different to a normal police force because there are a lot of non-police that are specialist and often transient. I might be able to interest them for four or five years before they want to go on and do something else.
“That’s anti to traditional police culture, which sees policing as a career. A lot of the people I’m interested in see it as a vocation to do for a while and I need to suck the best out of them that I possibly can.”
A good example is the HTCO youth advisor – an 18-year-old that has grown up in the internet age and understands the world of online communications better than any of Colvin’s officers. She sits with covert investigators and tells them how they should be interacting, what children would typically be doing online and how predators draw them into conversations.
HTCO also has a standing group of 20 children that officers consult regularly to find out what their fears are, how they want to see police involved in the internet and how it can be made safer.
A trend during the past two years, which accelerated in 2008, has been the increasingly structured nature of online fraud. Colvin stops short of blaming this on organised crime but says there are increasingly well-organised networks behind the trend. Advances in technology means criminals don’t even need to know each other in order to collaborate.
Colvin spent a month travelling around North America and Europe at the end of last year because Australia is part of the global community and has great relationships with traditional partners like the UK, the US, Canada and New Zealand. The AFP has also built links with other major European countries and some of the emerging giants in Asia
It is part of the Virtual Global Taskforce along with UK agencies, US, Canada, Italy and Interpol. Set up in 2004, Colvin says this is the sort of collaboration we will see a lot more of in future.
Global organisations like the World Bank are talking about the growing trend for people to create financial advantage fraudulently using the internet and – when lost business opportunity is factored into the equation – estimated losses quickly escalate into billions of dollars.
HTCO works closely with financial institutions and has employees seconded to it from the major banks. Colvin says they have a commercial entity to protect but are smart enough to realise that an attack on one is likely to be used on another if successful.
Together they work to tackle a variety of financial frauds including phishing sites (where people are asked to provide their personal details), mule scams (where they answer what appear to be legitimate ads on sites asking for financial information in return for a commission) and advanced fee frauds (where they are tricked into sending money in return for a share of a much larger sum).
In one case last year, a farmer from South Australia went to Mali looking for wife after searching the internet and ended up being taken hostage.
“The internet is a wonderful thing and people should have confidence in the systems but, unless they’re aware not to do in the online world what they wouldn’t do in the offline world, then they will get themselves into trouble,” Colvin says. “It’s about education.”
Partners in crime
The AFP has also built key relationships within the IT industry, with companies like Microsoft and Google, because these organisations are responsible for writing the software that controls the space its officers are trying to police.
Colvin is keen to foster an environment of partnership rather than regulation. He says this is easy with the bigger companies because they have a corporate conscience and cooperating with law enforcement agencies helps build confidence in their brands. However, the number of new software exploits and criminal websites continues to grow exponentially and is much more difficult for police to detect.
Another major challenge is presented by increased complexity in the interception of communications.
“How do you find a Skype phone call among simultaneous flows of data as a user plays games and downloads music from the internet at the same time?” Colvin asks. “It’s like drinking from a fire hose and, even if you could capture it, how do you work out which drop of water is the crucial bit?
“We’ve had consultants work with us to say where we need to be in four years and pretty soon we’ll go another four years beyond that. It’s a roadmap for us but it changes constantly. My job is not to get everything right now; my job is to make sure we are flexible and innovative enough to deal with whatever’s coming.”
At an operational level, the AFP has an IT department that provides computers and basic software to its 6000 staff members. The IT department has more than 220 permanent employees and about 120 contractors.
The agency has a technology budget of about $1.25 billion for the year to June 30, with the IT department accounting for a relatively small percentage at $70 million in operating and $40-50 million in capital expenditure. The lion’s share goes into application development for HTCO and Forensics Operations.
But this promises to be a busy year for its IT shop as the AFP starts building a replacement for its case management and intelligence system. It was allocated $84 million over four years when the former coalition government handed down its final federal budget in May 2007 but has spent more than 18 months in planning.
The new system, dubbed Spectrum, will use contemporary technologies and a more sophisticated architecture, which will make it more configurable and responsive to changing business needs. It will also be more capable of integrating with the systems of AFP partner agencies.
Building is due to start during this quarter with the creation of a search engine, entity relationship identification and matching, multi-source searching and information management for intelligence purposes expected to be top of the agenda.
The IT department has committed to using commercial off-the-shelf software instead of custom-built applications in an attempt to minimise costs. But finding the capacity to manage large lumps of project work as they appear is a perennial problem in government IT shops so, where commercial software is not available and development needs cannot be met using internal resources, a panel of eight Australian companies and NZ-based Jade Software will be asked to bridge the gaps.
Spectrum will replace PROMIS, a system which came into operation more than a decade ago and was at the time revolutionary. It was developed into a single point of content management and broke down the silo approach that had previously seen different areas of AFP operations such as drugs, fraud and child protection using separate computer systems.
Like all legacy applications, PROMIS is becoming increasingly expensive to maintain. It has also struggled to adapt to new AFP functions including HTCO and the former Protective Service. However, some of its more modern applications will be retained and incorporated into the new Spectrum system.
If that wasn’t enough, the AFP’s IT department also has to handle a move into its new corporate headquarters this year, with all the requisite cabling and infrastructure demands that brings, and recently completed the construction of a new data centre that it will share with the Department of Finance. This will be fitted out and gradually moved into during the next two years.
Sidebar: Managing reluctance
The best way to overcome technology resistance is by getting people using it. Champion its benefits and be patient.
Take a tiered approach to training. Make sure everybody is grounded in the basics and encourage people to specialise where they show keen interest or potential.
Be flexible and offer new challenges. Giving people the opportunity to move around and try their hand at different things will keep them fresh and engaged.
Sidebar: Previous form
Jade Software has worked with the Australian Federal Police previously to create a light version of its case management and intelligence system for use in jurisdictions that don’t have strong infrastructure.
Although it can be delivered on a disc, the light system is highly configurable and scalable so more than 30 different versions are currently in operation ranging from a few seats on a Pacific island to several hundred for a larger South East Asian jurisdiction. It can also be translated into a different language overnight.
The AFP has now entered into an agreement with Jade so that the software company can sell the system commercially, which it is gearing up to do in Europe and North America.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.