|Related security categories|
For more information on helping children protect themselves while on the Internet, visit:Cybertip.ca.
For more information on Cyber Security, visit: Get Cyber Safe
For more information about online fraud, scams or identity theft, visit:
Would police use malware to catch cyber-criminals?
Cyber criminals use Trojans to steal information, but are the same techniques of electronic surveillance being used by the agencies set up to protect us?
Internet crime "is no longer the elephant in the room. It is the room," Sir Ian Andrews, chairman of the Serious Organised Crime Agency (Soca), told this week's London Conference on Cyberspace.
The rapid increase in the cost of cyber-crime means police and governments are having to protect themselves from a threat that is often nearly impossible to trace.
But the web has also become a vital space to gather evidence on suspects for traditional crimes.
The internet is an "intelligence source," says Charlie McMurdie, Det Supt at the Police Central e-Crime Unit, Metropolitan Police Service.
"People now live, work, study, communicate online so even a traditional crime - a murder for example - we look at intelligence opportunities to investigate. That might be financial transactions, it might be CCTV, it might be phone call data, it might be their Facebook friends or what they've been doing online."
The internet has always been difficult to police because of the pace at which things can develop and the veil of anonymity it offers.
Global cyber-crime is estimated tocost $338bn a year in cash and lost time.
But just as with conventional threats, the police cannot create a plan to deal with a type of crime before it has been put into use by hackers - a threat cannot be policed before it has been programmed.
And so focus is shifting into more refined techniques to engage in surveillance on the web.
"It's the same as if you're going after an armed robber or a car thief," says Ms McMurdie.
"The cops investigating it need to know how that individual is stealing that car and what they are likely to do. We work on an intelligence-based response. We don't put someone who's just been on traffic duty to work on that cyber-crime."
For many security firms, this expertise often comes in the form of ex-hackers, who provide an insight from the other side of the digital battle-lines.
One example is Owen Thor Walker - known as Akill - who pleaded guilty to being the leader of a hacking group connected with cyber-attacks alleged to have caused $26 million (£16m) of damage.
New Zealand telecommunications company TelestraClear hired him to work with its security division.
Other former hackers have been hired by the US Homeland Security Advisory Council, Microsoft and numerous others.
"I've never hired computer hackers but that's not to say I would never do that," says Raj Samani, chief technical officer of McAfee Europe.
The old adage about setting a thief to catch a thief seems to be true here.
Fighting fire with wires
There was controversy earlier this month when the German state of Bavaria admitted using a Trojan - a malicious program sent to a digital device covertly to collect data - to gather intelligence on suspected criminals.
The R2D2 malware received criticism for it potentially allowing officials to launch software and capture images on the infected computer.
Germany's justice minister has since called for a national and state level probe into the use of the controversial computer software.
Ironically, the Trojan is not believed to have been sophisticated enough to beat antivirus software so would only be able to infiltrate unprotected computers - something unlikely amongst experienced computer users.
But there seems to be an emerging trend of governments going on the offensive.
Software company DigiTask confirmed creating the program and also selling it to state and federal agencies in Switzerland, the Netherlands and Austria.
But how far should and do the authorities go in online surveillance?
In the UK, senior officials have not ruled out doing something similar.
"In terms of the sensitivities around particular Trojans, it wouldn't be something that we would particularly like to talk about," says Lee Miles, head of cyber at the UK serious crime agency, Soca.
"But if it's available to be deployed within a lawful framework... then we would use any tactics at our disposal to fight organised crime."
Cybercrime expert Professor Peter Sommer, of the London School of Economics, believes that adding software remotely to a suspect's computer would probably be illegal under current UK law.
And the introduction of new powers for the police is something that is often picked over with a fine-toothed comb before its introduction is even proposed.
"We do need to exercise care embarking down this path [of using new techniques] because of the unintended consequences - it's something that has to be considered very carefully," says UK Minister for Crime and Security James Brokenshire.
"But we're very clear on having a robust legal framework balancing privacy and the ability of law enforcement to ensure that we're all protected."
As one speaker said at the conference, it seems like police will always struggle to maintain the right to freedom while not letting it become a free-for-all.
Investigating International Cybercrimes
By Arnold E. Bell, Unit Chief, Innocent Images Unit, Cyber Division, FBI, Washington, D.C.
he past two decades brought rapid advancement in technology and placed Internet access in the homes of most families in the United States as well as many homes in other countries, and digital connectedness is a key element in the modern international economy. As a result, physical borders are less relevant to commerce and to crime. Cybercriminals are defrauding victims the world over at a current estimate of U.S. $67 billion dollars annually; that is $7.6 million of fraud per hour. U.S. law enforcement’s Internet Crime Complaint Center receives approximately 22,000 complaints per month.
The fraud schemes that define traditional white-collar crime have migrated in many ways to the Internet. The online pool of potential victims is the new frontier for the criminal methods that pose the greatest threat to financial institutions, critical infrastructures, national security, and intellectual property. In addition to the devastating fiscal losses they cause, cybercriminals give rise to incalculable harm through online sexual exploitation of children. Today, criminals have adopted the Internet as their preferred tool for networking, exchanging best practices, discussing the latest law enforcement techniques and ways to defeat those techniques, and victimizing people everywhere.
To address the growing problem of cybercrime, law enforcement must adopt investigative methods that draw from, and counteract, the ingenuity of the criminal element while at the same time adhering to laws, regulations, and policies. International cyberinvestigations present perhaps the most significant challenges to modern law enforcement because cybercrime respects no physical borders and some countries are only now recognizing the need for laws to address cybercrime. In certain situations law enforcement coordination arises from personal relationships and does not go through official channels.
The FBI’s Cyber Division was created in 2002 and, in coordination with the FBI’s Office of International Operations (OIO), routinely conducts and coordinates international cybercrime investigations. The United States is fertile ground for overseas cybercriminal groups that carry out all manner of online criminal activity from the ostensible security of their home country. This criminal activity includes phishing schemes, wire frauds, production and distribution of child sexual abuse images, mass distribution of counterfeit copyrighted material, and much more.
It is incumbent upon law enforcement to adapt to the changing criminal environment to remain effective. Criminals are forming cybernetworks and leveraging their resources and skills to unseen levels. Law enforcement agencies worldwide must develop and maintain mechanisms for the effective and efficient dissemination of intelligence to their counterparts worldwide so that information can translate into action. The flow of intelligence must be multidirectional to ensure benefit to all stakeholders.
Although the need for cooperation at an international level is clear, operational confusion begins at a point where laws differ from country to country. U.S. law enforcement generally has no power of enforcement beyond its borders. The FBI has established the OIO to facilitate federal investigations through a network of legal attaché offices that are strategically placed in various countries around the globe. Although FBI agents generally do not have enforcement powers in the countries where they are assigned regional responsibility, they have a deep understanding of their host nation’s investigative rules, and they cultivate productive relationships with officials in that country who do have enforcement powers. The FBI’s investment in generating and maintaining an international presence has advanced its investigative mission immeasurably and has been a diplomatic success for the United States.
To reiterate, U.S. law enforcement officers, whether they are agents of the FBI or another agency, do not have arrest powers, subpoena powers, or the authority to conduct any investigative activity abroad without the approval of the host government. Often, the legal attaché can secure this approval or can work with the host government to accomplish the desired investigative or operational result.
To avoid any diplomatic trespasses, all FBI investigations must be coordinated through the legal attaché in the country of concern. In addition, direct contact with the citizens of another country for investigative purposes is generally looked upon as an infringement of that country’s sovereignty and is, in most cases, strictly forbidden.
How do investigators obtain the information they need? Evidence may be obtained through the use of letters rogatory. Letters rogatory are requests from judges in the United States to judicial officers in foreign countries for assistance. A letter rogatory generally contains background information, the facts of a case, an articulation of the request, and the promise of reciprocity. Letters are virtually always drafted through a U.S. attorney’s office with approval from the Department of Justice International Affairs Office.
Another mechanism for diplomatic investigative communication is the mutual legal assistance treaty (MLAT). The United States has entered into a number of MLATs, which define the margins of cooperation within a particular context. MLATs have been negotiated between the United States and many other countries and are particular to those countries. Therefore the level of cooperation each MLAT sanctions will vary from one country to the next. These treaties generally shorten the letters-rogatory process by providing a formal procedure for making and receiving requests. For an agent or officer seeking subpoena information, search warrant execution, or court order compliance, the foreign assistance must be sought through a letter rogatory or an MLAT request.
There are many other considerations surrounding the diplomatic hazards involved in international investigations, such as extradition, subpoena service, informant management and operation, and prisoner transfer. But this article focuses on cybercrime.
In cyberspace, most major investigations have suspects in other countries. Although MLATs and letters rogatory are required to obtain documents that could be used in U.S. courts, the time required to use these instruments renders them obsolete in cybercrime investigations. Fortunately, the sharing of intelligence is not limited to official processes.
The FBI uses a familiar investigative mechanism known as the task force to address the need for the speedy transfer of information while, at the same time, strengthening cooperation in the investigation of online child exploitation. Although the task force model is nothing new to the FBI, the concept of an international task force has presented some unique considerations. With the exception of the participating FBI personnel, all of the Innocent Images International Task Force members come from other countries. Each participant serves for up to six months at an FBI building with FBI agents and task force members from other countries. This arrangement allows officers from the participating countries to have access to information and share it much more quickly than using the mechanisms articulated earlier in this article. In the world of cybercrime investigations, even more than most other investigations, time is a critical factor.
In all cases of online child exploitation there is potentially a victim child on the other end of the investigation. Law enforcement must quickly do whatever it can to intervene and stop the abuse. The lack of standard data retention rules for Internet service providers (ISPs) in the United States makes time an accomplice of the perpetrator in cybercrime investigations. As a result, it is often difficult, if not impossible, to obtain the necessary information from ISPs to support a warrant or indictment and properly advance an investigation. Time constraints are magnified when the initial information originates in another country and then must be passed to the agency that can act on it.
The task force model allows for the timely dissemination and receipt of needed information. Because the officers share space with the FBI, all of the investigations are joint investigations and allow for information to be passed directly between any two officers and, by extension, their two countries. The FBI legal attaché with the responsibility for any particular country is kept apprised through internal communications. This process ensures that the legal attaché is aware of any action that takes place in the attaché’s territory as a result of task force investigations.
The success of the task force mechanism in the area of online child exploitation was evident in a recent case principally investigated by the FBI and the Queensland Police Service in Australia. In December 2005, a Queensland officer who had completed the basic covert online investigation course at FBI offices in Maryland was, within a week of his return to Australia, in communication with an American subject who was distributing images of prepubescent children engaged in sexual activity as well as images of minors engaged in sadistic or masochistic conduct. The information was passed from Australia to the United States, and in a matter of weeks police identified, located, and arrested a suspect named Walter J. Kemic, who was later sentenced to 17-1/2 years in federal prison for distributing images of child sexual abuse.
Another example that drives home the point that the rapid exchange of intelligence is necessary to fighting crime in the modern world occurred in late November 2003. An officer from Denmark found on the Internet disturbing images of a young child being sexually abused. Because these pictures were not what investigators call known images, authorities believed the victim was being subjected to ongoing abuse. These images were transmitted through a secure Interpol system to officers in Toronto, Canada, who, believing the victim to be in the United States, communicated their findings to FBI agents in Maryland. Working with the Toronto Provincial Police, the FBI followed the clues to North Carolina.
Police arrested Brian Todd Schellenberger about two weeks after the initiation of an investigation that spanned two continents and three countries. Police found and rescued five Schellenberger victims.
From The Police Chief, vol. 74, no. 3, March 2007. Copyright held by the International Association of Chiefs of Police, 515 North Washington Street, Alexandria, VA 22314 USA.