/>
X

Is the world ready to fight cybercrime?

Cybercrime poses a growing threat to companies and governments around the world, yet experts are concerned law makers and judicial systems are still not equipped to provide an adequate response.
zd-defaultauthor-ian-grayson.jpg
Written by Ian Grayson on

Cybercrime poses a growing threat to companies and governments around the world, yet experts are concerned law makers and judicial systems are still not equipped to provide an adequate response.

While there have been recent high-profile apprehensions in the United States and Europe, it's feared these wins are just scratching the surface. Calls are growing for a new global approach to tackling the problem.

Executive director of the Cyberspace Law and Policy Centre at the University of New South Wales, David Vaile, says the potential financial spoils of cybercrime make it an attractive option for disaffected programmers and security specialists looking to make big money.

He says there is also evidence that it's become part of the armoury of terrorist groups and others wanting to instigate high-profile attacks on financial institutions and markets.

"Why would you bother with flying a plane into a skyscraper when you could cause a crisis of confidence in the financial sector with an internet-based attack?" says Vaile. "You don't even need to rob the banks, just cause a run on them."

One of the key challenges for law enforcement authorities is the lack of a coordinated global structure under which cyber criminals can be charged and prosecuted. To take advantage of this, some groups have set themselves up in countries with less stringent checks and controls.


A recent report by the Australian Institute of Criminology titled "Future directions in technology-enabled crime: 2007-09" points to instances of "jurisdiction shopping" where offenders base themselves in countries where law enforcement is less robust and penalties lower.

"Until the process of harmonisation of laws and sanctions is more advanced, disparities between countries will continue to create risks," says the report.

Why would you bother with flying a plane into a skyscraper when you could cause a crisis of confidence in the financial sector with an internet-based attack?

David Vaile, UNSW

As well as the prospect of criminal efforts to attack financial markets, the report points to a range of other cybercriminal activities growing in popularity. They include online auction frauds, fraudulent lotteries, identity thefts and even click fraud. The report also points to an overall trend toward more semantic attacks that take advantage of the growing number of social networking sites on the internet.

"Faced with these potential developments, the design of effective policies and strategies to combat consumer fraud will become more problematic," the report warns. "When coupled with the complexities associated with apprehending suspects, obtaining convictions and imposing sizeable penalties, the deterrent effect of the law will remain limited."

One of the other challenges facing law enforcement agencies and the judicial system is figuring out exactly what sort of penalties should be imposed on cybercriminals. The task is made difficult because some of the types of crimes being committed have only existed for a relatively short period of time.

Security solutions executive with management consultancy Logica, Ajoy Ghosh, says the judiciary tends to look differently on cybercrimes than it does on "real-world" crimes in which technology happens to have been used.

Ghosh, who is called regularly as an expert witness in criminal cases involving IT, says this is leading to very different levels of punishment being handed out.

He says judges need to have legal precedent to guide their sentencing decisions and, while this is easy to find for real-world crimes, it often doesn't exist for cybercrimes.

"Cases such as child pornography where the internet is used have precedent from cases involving printed materials and video tapes, so sentences being handed out are on par.

"But if someone loses their credit card number or is the victim of cyberstalking, what is the formula for figuring out what it has cost them? We are in the dark where there is no real-world analogy," he says.

We are in the dark where there is no real-world analogy

Ajoy Ghosh, Logica.

To emphasise the challenge, Ghosh points to the fact that in Australia there have only ever been a handful of prosecutions for unauthorised computer system access and hacking. There have been none for virus or worm propagation.

"There is the potential for 10 to 25-year sentences, yet very rarely are the sentences more than a year and sometimes they are not even custodial," he says. "There is no easy formula for a judge to figure out what the sentence should be."

Yet, despite the challenges facing the judiciary in all countries, cybercrimes continue to be solved and the perpetrators tried and convicted.

In June, 90 people were charged with allegedly downloading child abuse images over the internet following a six-month investigation by the Australian Federal Police.

In May, a Sydney man was charged in connection with an identity theft syndicate of money laundering offences. If convicted, he faces a maximum penalty of 20 years' jail.

Australian Federal Police commissioner Mick Keelty says criminals devote a lot of time and effort in reviewing the ways in which they can commit crimes, and the internet provides them with a powerful new channel.

"We should not underestimate the determination of criminals to gather intelligence," he told a recent gathering of legal professionals. "Today many of them use our open court system to study methodologies used by the police and then share that intelligence. It is a real problem for us."

There's little doubt that the number and severity of cybercrimes will continue to climb throughout the world. With modern economies now totally dependent on networked data and systems, the financial incentive to thwart the security of these systems is just too great.

"There is no single all-encompassing answer to responding to technology-enabled crime," says the AIC report. "In fact, countering these risks is a multi-dimensional challenge. It requires effective coordination and collaborative efforts on the part of a wide range of government and private sector entities that can occur at various levels."

Spam and a lot of the abuses that go with it are effectively authorised because they are not prosecuted.

David Vaile, UNSW

Ghosh agrees, saying the only way the trend will be countered is by raising the ability of the legal system to deal with new crimes.

"You need a body of case law to deal with it," he says. "And the only way you are going to build up that body of case law is to have successful prosecutions."

Another approach is to start small and work up. UNSW's Vaile points to the zero tolerance approach taken in New York City, where petty crimes were tackled in the belief that a "trickle up" effect would lead to a reduction in more serious crimes. The approach worked.

Vaile says more attention should be given to policing and prosecuting things such as spam.

"I believe you would get a much safer internet if you diverted some of the attention away from breeching every form of security in the name of tracking terrorists and strengthened things like anti-spam laws," he says. "It then becomes clear that any sort of online crime is being treated as serious."

He says the mutual respect and trust model on which the entire internet was built demands that such an approach be taken by law enforcement authorities.

"I really suspect that major cybercrime would be much more effectively dealt with that way, rather than the current environment where spam and a lot of the abuses that go with it are effectively authorised because they are not prosecuted."


Related

Hackers are finding ways around multi-factor authentication. Here's what to watch for
a-man-looking-at-his-smartphone-while-sitting-at-a-computer-in-his-home-office

Hackers are finding ways around multi-factor authentication. Here's what to watch for

Security
How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Home & Office
A United Airlines pilot made a big speech to passengers. Not everyone will love it
screen-shot-2022-08-09-at-9-39-33-am.png

A United Airlines pilot made a big speech to passengers. Not everyone will love it

Business