UK’s National Cyber Crime Unit Speeds Searches by 10x with Analytics Platform Powered by AWS


The Agile Way to Fight Cybercrime

Cybercrime costs the United Kingdom (UK) billions of pounds each year. Leading the fight against this constantly evolving threat is the National Cyber Crime Unit (NCCU), part of the National Crime Agency (NCA). The NCCU supports law enforcement partners with specialist capabilities and coordinates the national response to the most serious cybercrime threats.

For more than four years, the NCCU has been developing a cloud-based platform for data analytics, built on Amazon Web Services (AWS) with the help of Contino, an AWS Premier Consulting Partner. Shifting from on-premises infrastructure to the cloud has allowed the NCCU to focus more on its mission and less on procuring hardware and managing infrastructure and licenses. Compared to its on-premises infrastructure, the AWS platform offers a tenfold increase in search performance while removing the cost of maintaining the hardware.

An NCCU spokesperson says, “Previously, we had on-premises infrastructure, which required a lot of management and prevented us from doing the data science we wanted
to do. Our small tech team spent a considerable amount of time building and managing infrastructure. This was a problem, because our recruitment and retention are based
on providing people with engaging and challenging work fighting cybercrime, not administering IT.”

Marble columns, and stairs background, Government Building

Our data scientists could probably have devised ways of analyzing this data themselves. But when we have more than 200 threats to life, we can’t afford to spend time doing that.
Using off-the-shelf services from AWS enabled us to go from a standing start to a full capability in the space of hours.”

National Crime Agency

Building a Secure, Scalable Analytics Platform

The analytics platform at the NCCU began with a small data analytics pilot using services including Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Relational Database Service (Amazon RDS). Within a year, the NCCU found ways to free up even more time for its data scientists by introducing advanced managed services like the Amazon EMR big data platform and AWS Glue, a serverless data integration service.

Contino was instrumental in this progression. An NCCU spokesperson says, “We relied on Contino’s years of experience in developing an AWS Landing Zone for customers working in public safety. Contino brought a unique perspective that included both the delivery of cloud capabilities and upskilling of our officers to build on AWS.”

Security of the platform is essential, and Amazon GuardDuty helps protect it against malicious activity. As a law enforcement agency, the NCCU conducts rigorous due diligence of its suppliers, especially those who will be handling sensitive and potentially harmful data.

“Moving data outside of our perimeter is not a decision we take lightly. The transparency of AWS, its shared security model, and the access we had to documentation and experts assisted us on that journey considerably,” says an NCCU spokesperson.

Ready for Immediate Action

The platform’s capabilities soon became known across the NCA. When the agency gained access to a criminal communication network as part of a multinational operation of 10,000 UK users—where the sole use was for coordinating and planning the distribution of illicit commodities, money laundering, and plotting to kill rival criminals—it had to act quickly to process incriminating messages.

“For us, it’s about preventing harm and protecting the public,” says a spokesperson. “We had a flood of unstructured data and had to operate swiftly to reduce harm to the public.”

The NCA tasked the NCCU because it knew the NCCU data platform had the capability to start segmenting data into categories for human investigators to analyze, plus the scalability to expand from tens of users in the agency to 300—more than ever before. The team had just two weeks to prepare for what would become the UK’s largest criminal investigation.

Because the platform was already approved from a security and compliance perspective, and because all infrastructure existed as code, reproducing parts of it was a straightforward exercise.

To automate the preprocessing of data, NCCU experts used AWS services including Amazon Textract to pull data from written or scanned text and Amazon Comprehend for natural language processing. The NCCU relies on Amazon Simple Storage Service (Amazon S3), in particular its write-once, read-many Object Lock feature that’s useful when segmenting data and storing it securely from an evidential perspective.

“Our data scientists could probably have devised ways of analyzing this data themselves,” says a spokesperson. “But when we have more than 200 threats to life, we can’t afford to spend time doing that. Using off-the-shelf services from AWS enabled us to go from a standing start to a full capability in the space of hours. If we were to build it ourselves from scratch, that might have taken over a month of effort.”

A Strong Case for Future Growth

As of July 2020, the criminal operation has led to more than 750 arrests as well as the seizure of $74 million (£54 million) in criminal cash, 77 firearms, and more than 2 metric tons of Class A and B drugs.

Thanks to AWS machine learning and artificial intelligence capabilities, plus Contino’s continued support and enablement, much of the data processing work required in the investigation could be reused from other projects.

Senior staff were therefore free to focus on hard-to-solve issues that have a higher mission impact.

The success of the project has given the NCA confidence to collaborate in the development and use of capability with the regional organized crime units—making better use of the combined resources of the UK’s law enforcement community.

About the National Crime Agency

The National Crime Agency is responsible for tackling serious and organized crime in the United Kingdom. Its officers work nationally and with local police to investigate, research, and develop specialist capabilities against threats to the public.

Benefits of AWS

  • Automates data processing for the UK’s biggest criminal investigation
  • Scales from tens of users to 300 in days
  • Provides 10x faster searches in core investigative capability

AWS Services Used

Amazon Textract

Amazon Textract is a machine learning service that automatically extracts text, handwriting and data from scanned documents that goes beyond simple optical character recognition (OCR) to identify, understand, and extract data from forms and tables.

Learn more »

Amazon Comprehend

Amazon Comprehend is a natural-language processing (NLP) service that uses machine learning to uncover information in unstructured data.

Learn more »

Amazon S3

Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. 

Learn more »

Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. 

Learn more »

Get Started

Oganizations of all sizes across all industries are transforming their businesses every day using AWS. Contact our experts and start your own AWS Cloud journey today.