'A day in the life' - National Cyber Crime Unit

Here you will find testimonials from National Crime Agency (NCA) Officers serving with the National Cyber Crime Unit.

Prevent team - Zulfi

I have been a member of the NCCU Prevent team for over a year and I work on a number of activities that are both creative and challenging.

My role involves researching new tools and techniques to deploy against cyber criminals, in particular seeking to prevent individuals becoming involved in cyber crime. This involves working closely with academics, foreign law enforcement agencies and behavioural scientists to increase our understanding of the nature of cyber crime and develop new approaches. I assist in the coordination of operations, creating and reviewing intelligence and deploying with investigators to conduct arrests and searches.

I am also involved in looking at the infrastructure of the internet, training law enforcement colleagues across the globe on how to stop criminals from operating online and working with international bodies to help make the internet a safer and more secure environment for everyone.

The NCCU Prevent team provides an opportunity to be creative in tackling an ever-changing and evolving environment and preventing those involved or on the periphery of cyber crime from engaging in cyber crime.

NCCU Operations - Freddie

I arrive at the office at 8:00 in time for the weekly ops meeting during which all the unit investigations get discussed.  Currently I am the case officer for one operation and have specific responsibilities for four others.

Seven years ago I left my job as a construction project manager and started works at the NCA’s predecessor, the Serious and Organised Crime Agency (SOCA).  Since that time I have mainly been involved in drugs and corruption investigations, but have also spent two years working aboard in Afghanistan. I transferred to the NCA’s National Cyber Crime Unit (NCCU) nine months ago, having always been interested in the technical aspects of investigations.   Work here is by no means simple, as we are dealing with an ever changing threat which does not care about international borders. This means as investigators we need to be flexible and innovative in our approach. 

I the travel to the local Crown Court, to swear in a Production Order to obtain a copy of a UK based server that is controlling a particularly nasty piece of malicious software (malware). 

On returning to the office I just have time to grab a sandwich before I go into a conference call regarding my operation.  Also on the call are representatives from other foreign law enforcement agencies and a private industry partner.  We discuss new potential avenues of investigation how we could work in collaboration with private industry to help better protect the UK.

I go and have a quick chat with our technical team regarding their analysis of a computer seized earlier in the week.  I need to take my time going through their material, as it is often the small things that catch people out and are vital in helping to secure a conviction.

Just as I’m heading out the door, I get a call from one of the other NCCU operational teams.  They have just identified and arrested an individual who is believed to be using a piece of malware linked to millions of pound worth of fraud. They ask me to interview him.  I pick up my warrant card and notebook and get back to work.

Technical Team - Chris

As an NCCU Technical Officer I support the planning and execution of operations using my technical skills and knowledge to assist investigation teams. During a typical day I advise investigators and managers on technical issues and suggest solutions to a range of potential technical problems that may appear during the course of an operation.

I create bespoke tools using programming languages such as Python to speed up data analytics, and use technology to analyse malware to provide intelligence from samples. For example, I search for relevant IP address details or specific strings of information that may help provide vital clues to solving an investigation.

I often set up platforms, as well as test and report on new tools that will be of use to the NCA during various operations.

I am also required to produce witness statements for court, explaining the work I do in words that judges and juries can understand, even if they are unfamiliar to cyber language.

Share this Page: