Officials weigh in on cybercrime

Peter Nevitt, the IT director of international crime-fighting organization Interpol, called the antivirus reward program unveiled Wednesday by Microsoft Corp. a first step toward fighting the problem of computer viruses. But more needs to be done, Nevitt said — especially in the many countries that lack basic skills and laws to pursue cybercriminals.

Just after Microsoft offered a US$500,000 reward for information about the authors of the Blaster and Sobig computer bugs, Nevitt and Keith Lourdeau, acting deputy assistant director of the FBI’s Cyber Division, spoke with Computerworld about some of the international obstacles to fighting cybercrime and what can be done to overcome those hurdles.

You called Microsoft’s bounty program “the first step in a consistent and focused collaboration between the private sector and law enforcement.” What other steps are needed to pursue cybercriminals?

Nevitt: What we’ve been doing today is looking at this from a particularly United States perspective, where we are all used to technology and understand what the problems are. What needs to be done, from Interpol’s point of view, is to bring the rest of the world — because there are large parts of the world where there is no awareness of the problem — somewhere up to similar speed to that of the United States and Western Europe. I’m talking about that in terms of public perception and from the government point of view, whether the right laws are in place to deal with this.

From a law enforcement point view, is it a priority? Do they have the investigative techniques to do this, to do training? The next step that Interpol is proposing is a meeting of industry and law enforcement leaders with a view to try to shape some strategy for future collaboration and cooperation in this area. I expect something like that would be scheduled in the first quarter of 2004. From there, we hope we would get some kind of a plan of mutual action.

What is needed to make international collaboration effective?

Nevitt: One thing that Interpol has done in the past with money laundering, for example, is to define model legislation, which can be adopted and introduced by countries. That’s one simple example. Investigative techniques are another. How do you investigate this kind of crime? In many countries, there is no knowledge of these things. Developing training programs and delivering them is part of the Interpol mission. It’s something we do in partnership that we would do with the industry and colleagues in the FBI and everywhere else.

How big an obstacle is the lack of uniform laws and technology expertise in some countries?

Nevitt: It’s something that must be addressed systemically. Take the example of child pornography. When Interpol first became involved in protecting children from the ravages of child pornography, there were large parts of the world that regarded that as an Anglo-Saxon problem that didn’t affect the rest of the world. Through a consistent program of awareness training, there is not a country in the world that now denies that this is a global problem and there is a huge amount of global collaboration now. Think of that model in relation to this new form of crime that is striking the world.

From an IT perspective, are there limitations in your ability to share information?

Lourdeau: Technology does not inhibit law enforcement sharing of information. That’s not the problem. The problem is that technology is growing so fast that criminals pick up on a technology to use it to their advantage. So that’s why we have to cooperate with private industry to assist us.

Even internationally?

Nevitt: Internationally, technology does become a problem. Police agencies in some countries find it difficult to have uniforms and motorcars let alone equipment that can analyze (a) hard disk. But Interpol has developed a handbook for the investigation of IT crimes, and we are running courses now — very basic courses to start with, but building blocks to building competence.

Lourdeau: We have conducted a number of different exercises on forensics assisting foreign law enforcement on how to obtain evidence, not only in Europe but in Asia and South America also.