Growing numbers of UK firms are turning to private investigators to help solve IT security problems as the police struggle to provide adequate resources.

The lack of law enforcement staff trained to tackle e-crime is a well-documented problem in the UK, as it is in many countries around the world. And concerned companies are increasingly looking to alternative routes for help.

“Large firms may be worried that the police will handle a case clumsily, or generate adverse publicity, and that is when they turn to the private sector,” said London School of Economics digital investigations expert Peter Sommer.

“They may also do this when they are specifically concerned about asset recovery.”
Benedict Hamilton, associate managing director at private security company Kroll, said much of its business comes from clients who believe the police will not achieve the results they need.

“Almost all the work we do is because the police do not have the time or the capabilities to carry out a particular investigation,” he said.

Kroll has seen a marked increase in major business clients who have been subject to fraud, information theft, phishing scams and black-market sales of intellectual property.

The firm also deals with cases of reputational damage on blogs, working to have damaging material taken down and finding its source.

“Our clients are varied,” said Hamilton. “We have a number of private equity firms, hedge funds and high net worth individuals who want to get online problems sorted out.”

Private investigation firms can be very expensive to hire, but they also tend to have excellent international contacts as well as an obvious business incentive to achieve results as quickly as possible.

Compelling people to talk to you when you do not have the authority of the police behind you requires a degree of subtlety, said Hamilton.

“We often have to use softer, more persuasive techniques than the police, but we usually get there in the end,” he said.

And after investigations are complete, many police forces are happy to be handed a finished case to make arrests.

The investigation of every case begins with following up online clues – ­ the trail left behind by any action performed on the internet.

“Even when a firm has been careless with tracking data, there are logs of what has moved where,” said Hamilton. “The same applies to emails – ­ if I get an email, I can tell in minutes where it came from.”

After the digital trail takes investigators as far as they can go, operations move to the offline world.

Large firms such as Kroll have offices all over the world, providing an advantage over police forces which are often hampered by red tape and local priorities.

It is then a task of surveillance, working with local police, using civil court orders and negotiating with ISPs to achieve results ­ – whether arresting someone who
is sending threatening emails or having damaging material removed from web sites.

“Being overseas does make it more difficult to get things done, but we have had content taken down from sites in Russia and China. It is still possible to get to them with enough resources,” said Hamilton.

So is there anything to which a decent private investigator cannot gain access?

“The FBI, for example, may have faster access to satellites than it takes us to commission a commercial satellite ­ – which we have done in the past,” said Hamilton.

“Given enough time and money, you can get to just about anyone.”

Old-fashioned detective work meets cyber-sleuthing

• When senior staff at a large Swiss bank reported receiving death threats, Kroll suspected a disgruntled ex-employee. The firm identified the person’s general location from emails and took pictures of the suspect to internet cafés in the area. Six weeks later, the bank emailed to say it had another email and one café got in touch to say it had seen the suspect. Kroll arranged for the local police to arrest him.

• Kroll had a case where a new computer game was put on a BitTorrent site prior to commercial release. Many gamers were sophisticated enough to download it and the theft was very damaging to the company financially. The case was solved extremely quickly because the game was uploaded using an account linked to a home computer. The perpetrator was identified within 48 hours.