With the recent passing of the Investigatory Powers Act, UK police now explicitly have the power to electronically tamper with a suspect's device, or use malware to extract data for investigations. But cops have already been hacking for years, including installing keylogging software on computers.
According to expenditure records reviewed by Motherboard, the Metropolitan Police Service (MPS), which serves parts of London, has spent thousands of pounds on hacking training, although it is not totally clear whether the training was for defensive or offensive purposes.
In 2014, the MPS paid over £10,000 ($12,500) to attend a training seminar called "Ethical Hacking: Hands on Tracking Course," according to a public document the force published.
The MPS paid a company called 7Safe for the training. On its website, 7Safe says it provides digital investigation services, incident response, and training and professional development.
7Safe's training includes courses focused around infrastructure, web applications, and mobile apps hacking, as well as wireless security.
Curiously, 7Safe says it has never offered a product called "Hands on Tracking Course," the course the MPS has listed in its expenditure records.
"Most of our courses are hands-on in nature because that's the type of courses we run, but we've never done one called that," Richard Allen, education lead at 7Safe, told Motherboard in a phone call.
Allen said that 7Safe's customers come from various different organizations, and some will come looking to harden their defenses.
"We don't market courses as offensive," Allen said.
Companies, government bodies, or other organizations may enroll their system administrators or in-house penetration testers on ethical hacking courses to give them a better understanding of how attackers target networks.
There is a chance that the MPS paid for a hacking course for just this reason, but the police force has refused to clarify whether this was the case.
An MPS spokesperson told Motherboard in an email that "The officers are not intending to elaborate further on the course or what is is for operational reasons."
The MPS has previously expressed interest in hacking technology. According to emails from Italian surveillance company Hacking Team, previously reported by VICE News, in 2013 the MPS discussed trialling malware that could be deployed on iOS, Android, Windows and Linux systems. The MPS ultimately called the deal off.
In 2015, Detective Superintendent Paul Hudson, who leads the MPS' Technical Surveillance Unit, said that "a majority" of cases he dealt with involved the use of "equipment interference," the UK government's term for hacking tools.
from Why Did London Police Spend £10,000 on Hacking Training?