Interpol: Give us the tools to fight cybercrime

Interpol: Give us the tools to fight cybercrime

Summary: International police want to see a new global legislative framework to deal with cybercrime, and Microsoft is also pushing for stronger laws

SHARE:
TOPICS: Security
1

Interpol has called on politicians to help law enforcement officers bring cybercriminals to justice by making it easier for evidence to be transferred between countries.

The international police organisation said on Monday a new global legislative framework was needed to deal with cybercrime, which has evolved dramatically since the current legislation was passed.

"With phishing and pharming, new technologies are being dealt with by old laws," said Bernhard Oputal, a crime intelligence officer with Interpol's financial and high-tech crime division.

"We need an integrated legal framework to exchange data. A lot of legislation doesn't consider a data stream as evidence, because the evidence is hidden behind 0s and 1s. We have to rethink the legislative framework," Oputal told ZDNet UK.

Many organised criminal gangs have turned to the Internet in recent years, using fake Web sites and emails to defraud users. According to experts, these gangs are based in countries such as Russia, China and the US but target Internet users across the globe.

Interpol said it has experienced problems with the international transfer of evidence, and said that some ISPs were unwilling to provide data, a problem exacerbated by the speed that phishing sites disappear after capturing information.

"I need a legal basis to get the data out of the service providers. The current system is protecting the offenders not the victims," said Otupal. "There are different types of service providers — some who are willing to tackle the problem, and some who say, 'We are content providers, that's not our role.'"

A global framework for legislation should be provided by the Council of Europe's Convention on Cybercrime, according to Otupal. The Convention, ratified in 2001, is a European treaty designed to allow a common criminal policy on cybercrime.

Microsoft agreed that current legislation needed to be reformed in some countries, following its announcement on Monday that it will bring prosecutions against suspected cybercriminals. Microsoft will prosecute over 100 phishers over the coming year, and is involved in lobbying for stronger anti-phishing laws.

"There is basic legislation to enforce the law in most countries. Whether the sanctions are proportionate to the damage caused remains to be seen," Jean-Christophe le Toquin, an attorney for Microsoft in Europe, told ZDNet UK. "The Council of Europe convention lets us use existing tools. We are pushing for stronger laws if they are not sufficient," le Toquin added.

Interpol admitted that it was limited in its power to stop phishers because of the lack of a cohesive global legal framework.

"Are these cybercriminals beyond the long arm of the law?" said Pat Cox, a former president of the European Parliament, speaking at the launch of Microsoft's Global Phishing Enforcement Initiative. "More or less, yes," Otupal answered.

"There are still some places in the world criminals move to where ISPs still permit phishing," Otupal later told ZDNet UK. "Criminals go to countries where this use of technology and movement of money across borders isn't criminal. Another big problem is that criminals [can operate in] many different countries — 25 countries in a recent case," he said.

Otupal also wants to see "more trust between parties" in divulging information to their customers, and to the police. He said banking institutions are afraid that their reputations will be damaged if their customers know that other customers had fallen victim to fake Web sites.

"Banks are not willing to admit they've been abused through cybercrime, and internal investigation doesn't necessarily work," he told ZDNet UK.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • The only thing really needed, from a legal standpoint, is increased and realistic liability across the entire chain up to and most certainly including the vendors involved.

    Simply because fighting symptoms is a long, costing and uphill battle you're bound to loose time and time again. Since there's always something to point the finger of blame to that looks like the problem and of someone goes to fight yet another symptom again.

    Remember when cars were totally unsafe? And the industry didn't do anything real about it? Despite mounting casualties? One might even have commented that it looked as if cars were designed to actually kill people whenever something unadvertized happened. Well, it took the leaking of some internal documents, public outrage and the politicians finally making laws that introduced real liability into the car industry. Since then a lot of progress and innovative solutions have been made and that continues on today.

    In the software industry however...
    anonymous