Interpol has called on politicians to help law enforcement officers bring cybercriminals to justice by making it easier for evidence to be transferred between countries.
The international police organisation said on Monday a new global legislative framework was needed to deal with cybercrime, which has evolved dramatically since the current legislation was passed.
"With phishing and pharming, new technologies are being dealt with by old laws," said Bernhard Oputal, a crime intelligence officer with Interpol's financial and high-tech crime division.
"We need an integrated legal framework to exchange data. A lot of legislation doesn't consider a data stream as evidence, because the evidence is hidden behind 0s and 1s. We have to rethink the legislative framework," Oputal told ZDNet UK.
Many organised criminal gangs have turned to the Internet in recent years, using fake Web sites and emails to defraud users. According to experts, these gangs are based in countries such as Russia, China and the US but target Internet users across the globe.
Interpol said it has experienced problems with the international transfer of evidence, and said that some ISPs were unwilling to provide data, a problem exacerbated by the speed that phishing sites disappear after capturing information.
"I need a legal basis to get the data out of the service providers. The current system is protecting the offenders not the victims," said Otupal. "There are different types of service providers — some who are willing to tackle the problem, and some who say, 'We are content providers, that's not our role.'"
A global framework for legislation should be provided by the Council of Europe's Convention on Cybercrime, according to Otupal. The Convention, ratified in 2001, is a European treaty designed to allow a common criminal policy on cybercrime.
Microsoft agreed that current legislation needed to be reformed in some countries, following its announcement on Monday that it will bring prosecutions against suspected cybercriminals. Microsoft will prosecute over 100 phishers over the coming year, and is involved in lobbying for stronger anti-phishing laws.
"There is basic legislation to enforce the law in most countries. Whether the sanctions are proportionate to the damage caused remains to be seen," Jean-Christophe le Toquin, an attorney for Microsoft in Europe, told ZDNet UK. "The Council of Europe convention lets us use existing tools. We are pushing for stronger laws if they are not sufficient," le Toquin added.
Interpol admitted that it was limited in its power to stop phishers because of the lack of a cohesive global legal framework.
"Are these cybercriminals beyond the long arm of the law?" said Pat Cox, a former president of the European Parliament, speaking at the launch of Microsoft's Global Phishing Enforcement Initiative. "More or less, yes," Otupal answered.
"There are still some places in the world criminals move to where ISPs still permit phishing," Otupal later told ZDNet UK. "Criminals go to countries where this use of technology and movement of money across borders isn't criminal. Another big problem is that criminals [can operate in] many different countries — 25 countries in a recent case," he said.
Otupal also wants to see "more trust between parties" in divulging information to their customers, and to the police. He said banking institutions are afraid that their reputations will be damaged if their customers know that other customers had fallen victim to fake Web sites.
"Banks are not willing to admit they've been abused through cybercrime, and internal investigation doesn't necessarily work," he told ZDNet UK.