Security experts wrestle cybercrime

Move over car theft and bank robbery, cybercrime is hottest new topic for police forces around the world, and with good reason. Your stolen car can be replaced, your bank has insurance, but if somebody steals your on-line identity you might really be in trouble. That was a key message of the 2nd International Summit on Cybercrime organized in Washington, D.C. recently by the National Institute for Government Innovation (

An audience made up mostly of law enforcement and U.S. government personnel heard experts like James Perry, detective chief superintendent of Scotland Yard. He reminded them that the old crimes like fraud and extortion are going high-tech.

“In the U.K. we’ve got a real problem with drug trafficking where people are using the Internet to order drugs from places where the legislation is more liberal than in the U.K.,” he said. The contraband is then delivered by the unwitting U.K. postal service. There’s also the famous “West African 419 fraud” which lures greedy people with impressive letters about a shady but lucrative business deal. “In the U.K., we’ve been quite successful in stopping these letters,” said Perry. “We’ve physically intercepted more than 500,000 of them, but now with e-mail, they’re much more difficult to detect, so it increases the victim base.” He also cited cyberstalking and extortion as problem areas.

Finding the proper legal jurisdiction is often a problem in high-tech cases since a person in country X can use a computer in country Y to defraud a victim in country Z.

The whole situation is about to get much worse, according to Scotland Yard’s Perry. “Just off the U.K. coast is the new country of Sealand, which was an old WW II fort put up to protect the U.K. from the German army.”

It’s been bought by someone who is starting his own virtual country (see While Perry does not accuse him of any wrongdoing, there is certainly the potential for abuse when you have your own legally-sovereign principality. “They could set up false investment scams, issue passports, create whole new identities,” Perry said. “It’s a whole new ball game.” He argues that international legislation needs to be updated to deal with challenges such as virtual countries.

Many governments are hard at work updating their cybercrime laws. The council of Europe has a Draft Treaty on cybercrime which defines crimes like “data interference” and “computer forgery” and tries to make the law uniform across Europe. The director of commercial crime services for the International Chamber of Commerce in London, P.K. Mukundan, tells of a sophisticated scam where fraudsters go to victims with a complicated financial deal offering a high return on a small investment.

“The investor looks at a long legal document which he doesn’t understand, then he’s directed to a Web site which they claim to be the financial news site. When they go there they see lots of evidence supporting the deal. However, on closer examination, they’re not at the Bloomberg site at all. The perpetrators made their own version of on, a Utah-based free Web site provider. They even copied some of the graphic elements from the real Bloomberg site,” Mukundan said. According to the ICC, fraudulent investments worth an estimated US$3.9 billion U.S. were sold in this fashion.

Canada has its own cybercrime problems, and our law enforcement authorities are working on their response. Corporal Peter McLelan heads the RCMP’s Technological Crimes Unit which functions as a component of the RCMP’s Commercial Crime Section. At the Cybercrime Summit, he gave a tutorial on Computer forensics, the art and science of finding and preserving evidence. It’s a tricky business, because even booting up a computer can destroy important clues like time and date stamps on system files. One U.S. law enforcement agency was embarrassed because an agent used a crime scene computer to surf the Web. This gives the defence attorney all kinds of opportunities to challenge the computer evidence and ruined the case.

Mark Rasch served as a trial attorney with the U.S. Department of Justice for almost 10 years, heading the department’s prosecution of high-tech crime. He was responsible for the prosecution of Robert Morris, who launched the first “Internet worm,” as well as the Hannover, Germany-based hackers featured in Clifford Stoll’s book The Cuckoo’s Egg. Now he’s vice-president of cyberlaw at Predictive Systems in Reston, Va. He carries a flotilla of wireless modems and networked PDAs, and he said there’s a major issue hiding inside them.

“The expectations of privacy in wireless technology have really not been developed yet,” he said, “so there are questions of what you can pull off the air and read from a law enforcement perspective.” When you factor in location-based technology such as GPS, privacy all but evaporates, according to Rasch. “Soon, I’ll not only be able to say that you sent Joe an e-mail, I’ll be able to say that you were standing on a particular street corner when you did it, and exactly the time and date you sent it.”

Looking ahead to the future, most of the experts feel that they’ll be spending less time on issues like Internet death threats and child pornography, and more time catching international financial criminals. Whole new kinds of crimes will become possible.

“The biggest crimes in the cyberworld are going to be crimes against intellectual property,” Rasch said. “These are crimes against information, not against computers. So the type of Napster copyright things are going to move into video, conversations, voice over IP, and so forth.”

With the proliferation of high-tech crimes units, law enforcement is doing its best to keep up with the bad guys, who just need to find one crack in the system to do their cyber dirty work.

Dr. Keenan, ISP, is Dean of the Faculty of Continuing Education at the University of Calgary, and teaches a course called Hot Issues in Computer Security.