London’s Financial District’s Cybercrime “War Games”: What Can They Teach Us About Building a Cybercrime Defense?

April 14, 2014 by David S. Seltzer

Here's a curious story that speaks to the issue of Florida cybercrime defense.

In late 2013, authorities in the UK put together a series of “war games” in London’s financial district designed to test the capacity of the city’s big businesses, banks, and insurance companies to manage a cyber attack.

The games were fictional -- there were no real assets at stake. However, many big agencies and companies demonstrated sophisticated plans to defend against cybercrime. Stunningly, though, UK authorities found that not a single participant in the war games contacted the police!

An article in the Financial Times about the games -- code-named “Waking Shark 2” -- asked a probing question: “how is online and computer crime policed and, moreover, how should it be?”

This is an important question not only for companies that want to protect their assets but also for defendants who stand accused of committing cybercrimes. What protocols should be followed? What laws should be applied, when, and under what circumstances?

The reality is that the online world is still a turbulent “wild west” of sorts, legally speaking. Consider what Scotland Yard detective, Adriane Cully, observed about Operation Waking Shark 2: “many of the participants … had little or no understanding of when criminal offenses were being committed.”

Think about that. These are some of the most sophisticated organizations in one of the world’s most urbane cities (London) that had access to enormous technical know-how. Yet even these entities “had little or no understanding of when cyber offenses were being created.”

If that's the case, how and when are “normal people” supposed to understand when and how they might be violating cybercrime law?

This is not just a theoretical question. As this blog reported last month, the U.S. Congress wants to expand the purview and powers of prosecutors in cybercrime cases. Soon, “attempted hackers” might face the prospect of massive jail sentences and other big penalties. In other words, even if a hacker doesn’t change a single line of code or cause any disruption or monetary damage, he or she could face years (maybe even decades) behind bars.

The Financial Times article on the cybercrime games makes an interesting observation: “the problem is that, for many organizations, cybercrime still seems so intangible … a bank suffering physical robbery, for example, has a site from which money is stolen and the staff there who is responsible specifically for the security of that site. Doing nothing is not really option. An attack against the whole organization though -- particularly an organization as large as a bank -- is just far harder to feel or care about, if the relative impact is far smaller, even if the same – or more – money is stolen in absolute terms."

Curiously, the protagonists in the movie “Office Space” used a similar line of moral reasoning to defend their (fictitious) decision to shave pennies off of millions of bank transactions to collect millions in proceeds.

So where does this all leave us? More specifically, where does that leave you, if you’ve been charged with a cybercrime in Florida or elsewhere?

Even if you have sophisticated, technical knowledge of computers, odds are that you lack an equally sophisticated understanding of applicable law. Fortunately, you can turn to the team here at Seltzer Law, PA, for a detailed, ethical, and systematic assistance with your case. Call us now at 1-888-THE-DEFENSE (888-843-3333) for a free consultation.