Think back to the Wild West and the untamed American frontier. There was no DNA forensics or overarching laws – just the borderline between civilization and the wilderness where lawlessness ruled. The internet has been compared to the Wild West countless times, but the analogy probably holds more weight now than ever before.
As global interconnectivity flourishes and criminals gain sophistication, law enforcement agencies all over the world are stepping up their efforts in this modern-day battleground. The locations making strides, and those lagging, may surprise you. Stringing the investigations and prosecutions together is the forensics behind the alleged cybercrimes.
Jurisdictional Issues Across Borders
Fighting internet crime doesn’t come cheap. To put it in perspective, the UK government recently announced that cyber intrusions cost the British economy $43 (£26.5) billion annually. The government has since vowed to devote more than $88 (£54) million to the issue. Yet, more money doesn’t solve the international jurisdictional problems that come along with intercepting the ‘bad guys’.
“The number one issue is that there is simply no homogenous legislation worldwide, and that’s a function of nation-state”, says Richard Boscovich, senior attorney with Microsoft’s Digital Crimes Unit. “There has to be a corresponding statute in another country from which you are requesting information. If you look at international treaties, it has to be a crime in both countries for you to even get that evidence in or back to your own jurisdiction”, he adds.
One of the biggest problems lies with the scope of legislation within a particular country. “There is a tremendous range in the laws – with many countries not having laws covering such simple concepts as unauthorized access to a computer system or installation of malicious software”, says Gunter Ollmann, vice president of research at network security firm Damballa.
| "Legislative bureaucracies tend to move slowly, whereas the attackers have shown a spectacular capacity for adaptation and innovation" |
| Chris Burchett, Credant Technologies |
So how do you handle a crime across borders when the only thing stolen is information? Simply put: it can get complicated. “The victim may have no idea that a crime has occurred, the criminal may be hiding behind multiple layers of fake identities and may be operating out of nation-states with no vested interest in cooperating in a criminal investigation”, says Chris Burchett, co-founder of encryption specialist Credant Technologies. “Legislative bureaucracies tend to move slowly, whereas the attackers have shown a spectacular capacity for adaptation and innovation.”
Invincea founder Anup Ghosh notes that law enforcement agencies “don’t have jurisdiction to prosecute outside their borders, so they need bilateral or multi-lateral agreements to bring criminals to justice. But often it is really just sharing information with foreign law enforcement agencies and hoping they will do something about it.”
The International Fight on Cybercrime
Despite disparate laws, efforts are being made to achieve more unity worldwide. The International Telecommunications Union seeks to promote cooperation in the prosecution of cybercrimes and the detriments of jurisdiction. The Council of Europe’s Cybercrime Convention, which has been ratified by 30 countries so far, has a similar mission.
In February, US Secretary of State Hillary Clinton spoke about the Convention during a speech at George Washington University, declaring it “sets out the steps countries must take to ensure that the internet is not misused by criminals and terrorists while still protecting the liberties of our own citizens . . . we are cooperating with other countries to fight transnational crime in cyberspace. The United States government invests in helping other nations build their own law enforcement capacity.”
When it comes to law enforcement, the FBI lists cybercrime as its number three priority. But it doesn’t go at it alone. The organization works with the US Secret Service and Immigration and Customs Enforcement, which has overlapping jurisdiction for some violations, including computer intrusions.
| "Even when armed with a conclusive trail of evidence to a cybercrime, the laws necessary to successfully arrest and prosecute the attacker may be independent of the cyber evidence" |
| Gunter Ollmann, Damballa |
In the past year, the FBI has started dispatching “cyber assistant legal attachés” into local police forces around the world to train and work one-on-one with foreign agency officials. “We’re seeing a lot of benefit from that”, says James Harris, acting unit chief of Cybercrime Unit 2. “It builds a bridge.”
But is the FBI doing enough? “The FBI has a fairly substantial cybercrime division, but they haven’t begun to take a bite out of it yet, and they have to pick their targets based on the economics of the crime”, Ghosh believes.
Harris reveals that the FBI has recently started “reaching a saturation point in the number of cases we can handle.” As a result, there’s a trend toward “addressing the higher priority ones”, he adds.
The Global Cyber Landscape
Traditionally, developed areas – including the US, Western Europe and the Asia-Pacific rim – have served as leaders in the legislation and prosecution of internet crime. Lesser-developed locations have fallen short, including parts of Africa and South America.
But that’s starting to change. “South America has been under a lot of pressure lately because of its explosive increase in connectivity, as in Brazil for example”, says Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab. “We’re seeing a lot of discussion in those capitals of trying to tackle those issues by passing legislation.”
Another area turning its focus to cybercrime is South Africa. A draft cybersecurity policy was issued last year, and several IT forensics-training initiatives are in motion. “The challenge is to find a balance between implementing international standards and defining the laws, policies and institutional capacity that is coherent with South Africa’s economic and social conditions”, says Pria Chetty, principal attorney of Chetty Law, South Africa.
Eastern European countries are doing their part to “catch up”, says Schouwenberg. The Netherlands and Ukraine, for example, have been proactive in their efforts. “The Netherlands has been very progressive in their approach – in particular trying to take down botnets”, he adds.
Then there’s the issue of law enforcement. “Russia has very strict laws, but they are not being enforced”, says Schouwenberg. “On one hand, Russia’s good, but on the other it doesn’t really work if you’re going to slap people on the wrist with two weeks of community service after the criminals have made millions.”
Still, some say even developed countries haven’t placed as much emphasis on cybercrime as you might expect. Schouwenberg thinks Japan is “very much behind with its outdated laws”.
Regardless of legislation, collaboration is the key component to any internet attack. Philadelphia-based FBI special agent Brian Herrick recalls his involvement in the 2007 arrest of a New Zealand teen accused of running an international cybercrime gang operating botnets for profit. “Without a solid working relationship with our foreign partners, it would have been very difficult to get the traction”, he remarks.
IT Forensics Is the Glue
In the US, digital evidence is crucial to prosecuting cybercriminals, according to the FBI. As part of the Regional Computer Forensics Lab there are 16 FBI-led digital forensics units, which help recover evidence from computers, phones and other devices.
Herrick says that in 2011, almost every crime violation the FBI investigates will have some linkage to a computer or digital storage device.
| "The number one issue is that there is simply no homogenous legislation worldwide" |
| Richard Boscovich, Microsoft |
“We use our forensic examiners to extract key elements of criminal activity in order to produce them at trial”, he explains. “Those examiners have a formidable job – with the explosive growth of technology and the continued miniaturization of storage technology. Keeping up with that technology growth is a considerable challenge that keeps both our forensics examiners and cyber agents in the classroom on a routine basis.”
Although digital forensics play a major role in helping to identify criminals, locate stolen data and uncover other vulnerabilities, many hindrances still exist. “IT forensics is the glue to piecing all aspects of the cybercrime together”, says Damballa’s Ollman. “However, even when armed with a conclusive trail of evidence to a cybercrime, the laws necessary to successfully arrest and prosecute the attacker may be independent of the cyber evidence.”
The Future of International Cooperation
Insiders say that even without an international treaty or cohesive laws, more can be done to control digital intrusions before they end up in a court of law.
Microsoft found that in most cybercrime situations, the information registered with a domain name is fraudulent. Microsoft’s Boscovich says criminal organizations are leveraging the domain name system to advance their infrastructure. What needs to happen, he believes, is a revamping of the registration process via the International Corporation for Assigned Names and Numbers (ICANN). “I think that would definitely help in terms of at least taking away some of the ability of criminals to serve botnets and use that as criminal infrastructures”, Boscovich asserts.
Schouwenberg agrees, and suggests that making domain name registration more expensive or requiring additional identification could help curb cyber threats. He also argues that credit card companies need to get more involved by blocking payments from processors handling accounts by repeat offenders.
Credant’s Burchett suggests that IT forensics become more tightly integrated in pre-event analysis. “Many crimes take place over significant periods of time, and with greater capability to use forensic analysis techniques as a discipline, there is an elevated chance that the pre-attack activity would be identified before the damage is done”, he contends.
Meanwhile, analysts remain hopeful as international law enforcement agencies pump up their resources and begin to place more legislation on the table.
“It’s starting to turn, and you’re seeing a lot of attention focused on cybercrime, but we still have a long way to go both on the civil side and the criminal side”, Boscovich concludes.
Until then, the open frontier motif lives on. People liken the internet to the 1860’s Wild West of America “with the sheriffs, vigilantes and cowboys fighting it out”, Ollmann says.
We’ve traded in our guns for digital forensics, and swapped our horse for a mouse. The railroad helped tame the American Wild West. Now it’s up to analysts and lawmakers to help lay the track that will civilize the internet.