Silent victims thwart cybercops: Qld Police

Summary:Police could pursue more online criminals if more victims reported the crimes committed against them, according to one of Australia's highest-profile investigators.

Police could pursue more online criminals if more victims reported the crimes committed against them, according to one of Australia's highest-profile investigators.

"Probably less than 1 per cent of computer crimes are reported to police," said Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service.

However, businesses are reluctant to become involved. "The last thing they want is the police taking their file servers away to perform a forensic analysis, to seize and examine the logs to find the intrusions or compromises for offenders in another country that may never even be brought to justice," he said.

Hay believes this reluctance goes back to the internet's historical roots. "It commenced as a science and military tool. They didn't want the coppers involved. Then it's exploited by academic institutions. They didn't want the coppers involved either. The commercial world saw the opportunities to make money from the internet. And they too didn't want the boys and girls in blue being involved," he said. "But when the internet became a place to make money, it wasn't just the commercial environment that piqued its interest. The organised criminal world also saw opportunities. And by the way, they didn't want to talk to the coppers either."

Hay's comments came during his entertaining presentation to the AusCERT information security conference. Entitled "Mythbusters", it ridiculed the fictional police work we see on TV.

"They're immediately accessing 47 different jurisdictional databases, constructed 12 offender suspect profiles, and found out that he's just bought a packet of Cheezels at the Baltimore 7-Eleven store earlier that morning, not yet finished, they do an online access to the local Baltimore council database, retrieve the recorded files for the CCTV footage across the road from the 7-Eleven store, play them back, and from a piece of blurry footage utilise photo-enhancement software to generate clear photo blow-ups that'll run through their special facial recognition systems and then, within 2.5 seconds, their suspect's criminal mugshot appears from nowhere. Magic," he said.

Hay said it's a myth that the police know how to investigate all computer crimes, that police share information with other law enforcement agencies, and that police will hunt down overseas offenders and bring them to account. "Reality? Generally speaking, our skill levels and knowledge are behind that of the criminals ... We do lack effective and efficient sharing mechanisms commensurate with the speed of the cyber environment," he said. "Australia is a victim country, and we do not have the necessary international treaties and legal frameworks in place to facilitate many overseas prosecutions."

Other myths busted included the idea that crimes are always solved in 43 minutes plus commercials without any paperwork, that detectives can "saunter into any premises without [a] warrant", and that warrants can be obtained in seconds rather than hours.

"You know when they're really onto something because out comes the trusty pen, which is used to infect the crime scene and cross-contaminate the evidence. That pen seems to have several uses except one: taking notes," Hay said. "Complicated crime scenes can take days to process. Detectives do not handle crime scene evidence, and extensive notes are taken."

Topics: Security

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.