The Cyber Helpline enlists chatbot in battle to help cybercrime victims

In recent years, online platforms have become a common way for perpetrators of domestic abuse to stalk, intimidate, manipulate and control current or former partners.

According to UK-based domestic abuse charity Women’s Aid, this kind of abuse can include behaviours such as monitoring of social media profiles or emails, the sharing of intimate photos or videos without consent, and the use of GPS locators or spyware to track victims’ movements. In a survey conducted by the charity among almost 700 survivors of domestic abuse, 85% of respondents reported that online abuse had occurred, as part of a wider pattern of abuse also experienced offline.

These domestic abuse situations are among the trickiest cases dealt with by The Cyber Helpline, a confidential, 24/7, non-profit resource for cybercrime victims, staffed by cybersecurity experts who volunteer their time to offer callers advice and help them tackle vulnerabilities. According to its founder, Rory Innes, they make up a surprisingly large proportion of the cases it deals with, alongside others involving more general kinds of cybercrime and online scams, such as phishing and smishing attacks.

A cybersecurity expert himself, Innes spent many years advising corporates on how to protect themselves from hackers, before later turning his attention to the particular problems faced by the rich and famous, building a practice focused on high net-worth individuals. This is where he realized that, while these clients could easily afford expert help, there was little support on offer for those who couldn’t:

So the vision of The Cyber Helpline is to make sure that everyone in the UK has immediate access to free expert help if they become a victim of cybercrime – a place to turn to where you’ll receive some impartial, hands-on help to really understand what’s going on and recover.

Scaling to address victims’ needs

The Cyber Helpline had its formal launch in June this year, but has been operating in ‘soft-launch’ mode since late 2018. Early on in the process of designing the service, it became clear that human volunteers alone would be no match for the scale of the cybercrime problem. For a start, cybersecurity expertise is a limited resource and not every expert is able or willing to volunteer. And, as Innes recognizes, the service needed to be fast-acting and operate around the clock:

With many types of cybercrime, you have to deal with issues very, very quickly. There may be a deadline involved if it’s blackmail or the hacker may be gaining access into other accounts, so the issue is getting bigger by the minute. So it’s about giving really quick advice at any time of day or night.

Innes hit on the idea of using a chatbot powered by artificial intelligence (AI) to act as The Cyber Helpline’s frontline resource, dealing with simpler cases autonomously and prioritising those requiring human intervention. This brought him into contact with Greenshoot Labs, a company that specializes in chatbots and the applied AI that underpins them. The agency has built chatbots for legal, financial and business advisory BDO, beverage giant Coca-Cola and non-profit professional organization Engineering UK.

Some of The Cyber Helpline’s needs were very specific to its own particular mission, as Greenshoot Labs founder Tim Deeson explains:

The first thing we need to understand is how people report and describe these crimes; we wanted to build a system that allowed them to provide as much detail as possible in the most natural way, while ensuring privacy as an utmost priority.

It immediately struck him that victims don’t typically use complex hacking or crime terminology in their reports. Nor do they necessarily understand, on an in-depth level, how their laptops or smartphones work at all:

Our solution was to allow the user to write freely, letting them explain in their own language what has happened, and then using natural language processing and machine learning to interpret, categorize and diagnose the attack.

Today, that chatbot is handling around 60 to 70 cases a month that come via The Cyber Helpline’s website from start to finish, says Innes. That’s about 84% of the total caseload, with the rest escalated to the human element of the helpline.

The 20-plus volunteers who staff this line fall into two categories: IT professionals, often quite senior, some of whom offer their time as part of corporate volunteering initiatives; and recent computer science and IT security graduates, looking to build up their CVs. For this latter group, says Innes, it can be a valuable, if sobering, experience to see the real impact that cybercrime has on victims.

Anonymous help with sensitive cases

Using a chatbot to handle most cases offers the additional benefit of anonymity – a definite plus for victims in sensitive situations where they’re being blackmailed by hackers who claim to have webcam footage of them watching online porn, for example, or intimate photos or videos of them in the case of ‘revenge porn’ attacks.

The chatbot is also on the look-out for words and phrases that indicate cases where safeguarding is an issue or threats have been made – particularly relevant in online domestic abuse cases. Here, The Cyber Helpline has partnered with domestic abuse charities to figure out the measures it should take to help potentially vulnerable targets, as such cases are typically progressed more quickly to the human helpline.

As Innes explains, if all lines of communication are shut down, a perpetrator may resort to turning up at their victim’s home or workplace, so it often makes sense to keep at least one line open, which can also help to build evidence against them.

This aspect of the Cyber Helpline’s work looks certain to grow, especially in light of recent warnings from Scotland Yard that Internet-connected smart home gadgets are increasingly opening the door to stalking and abuse of occupants.

In May 2018, for example, Ross Cairns, director of a home electronics installation company in Hale, Manchester, was convicted of stalking his estranged wife by hacking into their home security system to listen to her conversations, as well as her Facebook account and her profile on online dating site, Bumble.

Today, The Cyber Helpline is reliant on funding from its directors and donations from users to keep going, but it’s exploring other options, including private corporate sponsorship or the provision of paid services to police forces. And work to train the chatbot continues, with Greenshoot Labs assisting Innes and his team in matching new attack descriptions to attacks, so that categorization and interpretation of cases improves over time. Says Innes:

For now, I’m pleased that we’ve managed to get the methodology right, for something that nobody else has provided before, in terms of being able to solve the more straightforward cases quickly and efficiently using the chatbot, leaving our volunteers free to apply their expertise to the tougher, more involved cases.