In a surprise move the first chief of the Australian High Tech Crime Centre (AHTCC), Alastair MacGibbon, has quit his post after 18 months and will trade in his federal agent’s badge to become the Australian director of trust and safety for eBay Australia.
MacGibbon will leave the AHTCC on July 2, neatly coinciding with the first anniversary of the centre’s formation.
Before heading up the AHTCC, MacGibbon was the Australian Federal Police's Washington DC point man in charge of liaison for transnational crime matters. During his tenure, MacGibbon earned the reputation of being a quiet, passionate and highly-effective operator internally, and notoriously media shy externally. Most recently, MacGibbon has been widely credited with persuading a fiercely secretive and resistant Australian banking sector to second staff to the AHTCC at the banks' expense — a pragmatic move that afforded the banks a requisite degree of distance and the Police a single point of contact.
MacGibbon recently spoke to CSO about why he's on the move, the state of Australian cyber policing and the risks of joint ventures with the private sector.
CSO: So you’re off to eBay as the director of trust and safety. What prompted the move after such a long and established career in Policing?
MacGibbon: It was personal decision that involved myself and my family. It seemed to be an appropriate time to go. We have established the High Tech Crime Centre with a pretty good and firm foundation.
I think it’s a healthy thing for the centre. My replacement is a bloke called Kevin Zuccato and he’s currently our [the Australian Federal Police’s] senior person in the Washington DC office. He has an extensive policing career, is a well established detective and understands transnational crime, amongst other things.
I guess what I’m trying to say is: it’s not an easy decision to go. The AFP has been my life. The AFP has been my sole long-term employer. It’s not an easy decision, but it was a rational decision primarily for family reasons. I’m truly appreciative of the opportunity, and it’s been a great learning curve for me. I’m more comfortable in leaving because I know that the next guy is going to keep taking it to the next level — that’s an important thing.
Recently the banks have dipped into their own pockets and seconded staff over to the AHTCC. How’s that progressing and what were the challenges in orchestrating that?
MacGibbon: It’s known as the Joint Banking and Finance Sector Investigation Team. From the AHTCC point of view, we take a sector-based approach to how we try to engage industries. One of our roles is the protection of the National Information Infrastructure, and banking and finance is one of those critical industries — so we established a rapport there.
The rise of phishing, which first occurred in Australia of any note against a bank during Easter last year, saw us concentrating quite heavily upon developing better relations with financial institutions and trying to work on better ways to investigate and prevent crime.
It came about through a lot of discussions and working out how to better legally share data. As to how it’s working it’s very early days, but I hold out great hopes. In government work we talk about public private partnerships (PPPs), working with industry and the way that industry feels. This is an actual physical manifestation of that rhetoric.
It’s an actual real investment on the part of the government and the private sector to see if this type of policing can deliver dividends beyond what we can achieve in other ways. It will be some time I believe before we’ll actually know if it’s a more successful model.
The are risks associated with PPPs of course. Those risks are that we abuse that relationship — that we seek data we are not entitled to or that the banks collude or other things. But the simple reality is that it’s a mature relationship and that we know what the risks are. I don’t need to go and get data unlawfully from banks when I can lawfully go about and getting a warrant and obtaining it.
The key to a successful public private partnership is a joint understanding of the threat and a use of different skill sets. It’s having bank staff that know how the banking system works advising police on how to go about better gathering information, and police being able to advise those institutions about making systematic changes to how business gets done.
Some have criticised the AHTCC because there haven’t been any noticeable prosecutions to date. How come?
MacGibbon: These things take time. The way I would describe our investigative policy to date is that, in the last year since we opened the doors, we needed to know what the criminal environment was. We had some idea based on a pre-existing AFP team and our relationships with other law enforcement agencies in Australia and internationally, but we needed to go out there say OK, if we’re going to investigate a denial of service attack, how are we going to do it and what are the evidential issues? Nobody has ever used the Cybercrime amendments to the criminal code before, so what are the pitfalls for us?
We have three of four people before the courts in relation to Cybercrime offences — and they are still before the courts. Part of that is because this is new ground for a range of people. It’s new ground for us, the prosecutors, the defence and for the court system itself.
Is it important to pick your initial prosecution mark carefully in terms of precedent?
MacGibbon: My philosophy has not been that. It’s been: let’s take matters before the court because they will ultimately interpret the legislation and decide what’s right or wrong, or whether what we gathered was sufficient or insufficient, so we can learn for the future.
We can always go back to government and argue for changes to laws. But if we wait too long we run the risk of never starting. I don’t think we have waited for the right types of cases, and we believe we have been involved in all legitimate investigations.
In relation to the lack of high profile cases, you need to cut your teeth and develop a reputation of being helpful to industry and taking on complaints. We’ve started doing that, but this is a long, long road.
We have investigations underway that in coming months and years will really show what can be done, from e-commerce investigations to electronic fraud to intrusion and crimes against children.
With proactive policing you will often fail as well, because you can look at a person or group with an expectation you will find them doing something and they may not be doing it at that time. [IT related policing] is prone to a success rate that is not as high as other industries. But I’m comfortable with how we have gone with investigations.
What was the hardest thing you’ve had to manage at the AHTCC?
MacGibbon: It was taking on the perspective on how we deal with industry and understanding industry’s motivation. Not falling into the trap of doing just what industry wants, yet also not going in as police officers and saying “‘allo, ‘allo, what’s all this then”.
It’s not a relationship of us dictating to [industry]. It needs to be a relationship where we understand how the banks respond and why they respond in a certain way to incidents. How we would normally respond to incidents in the physical world may not be the way we respond in the electronic world.
The sheer volume of relationships is also a challenge. We have seconded agency staff inside the centre and relationships we need to maintain outside. That’s internationally, domestically, private sector and public sector — it’s a unique challenge.
There’s also been very rapid growth. We came from a small base and in the term of one year we have come a very long way in terms of staff size, the scope of operations, technical skills and equipment. All of those things cause quite some pain. . .
There was some criticism on a recent ABC Four Corners program that Australia started out very well in the electronic policing game at the beginning and then dropped the ball. Do you think that was valid?
MacGibbon: I think Australian law enforcement is pretty well placed. There is no silver bullet for these things — there is no solution to this sort of crime, just as there isn’t for other types of crime in the community.
I think we are very well placed here in Australia with the formation of the AHTCC, and the relationships that come from that. The board of management includes all of the police commissioners who meet on a regular basis and talk about issues. When you have the CEOs of the country's police agencies talking specifically about high tech crime, that in itself is indicative of the institutional support that they give to it.
We can always want more police and larger budgets, but for me that is not the solution. Instead it's: have we established a centre of excellence? Are we staffing it well, and is it permeating into other institutions?
Technology is introduced very rapidly and taken up by society very rapidly. The social problems associated with that technology flow from that, and it's really only at that point law enforcement can say "here are new some issues that are a byproduct of that new technology".
Our job is not just to pick up the criminal spin-offs of [new technology] but to start talking to institutions about how, when they release their next item, we can talk to them about how to structure it so we can respond better. Indeed, maybe ask them not to introduce certain things because of the societal impact from a criminal point of view. But the lag between the introduction of technology and the bad bits that come from it means that there will always be an element of catch-up.
What do you see as your biggest challenge at eBay?
MacGibbon: I can't say because I'm not there yet. . . But to me the biggest problem for high tech crime at the moment is end user compromise. It's reaching out to the public and trying to get them to behave in a manner that protects themselves. You can't afford to be paternalistic about end users, you can't do it for them — they have to do it for themselves. You need to give them the tools and the motivation to do it.
Policing is part of society, so I very much see this as a natural continuation of what I've done. But I'm sure it will bring some unique challenges.