Preserving the digital crime scene poses one of the
biggest challenges in the global fight against cybercrime, said
participants at a major international conference on fighting
internet-based crime.
The two-day conference, organised by the Council of Europe, was
meant to encourage more countries to sign the council's convention
on cybercrime, which aims to strengthen international co-operation
in combating computer-based crime and to harmonise national
legislation.
The conference drew more than 200 participants from governments
and the private sector. Law enforcement officials attending the
conference stressed the importance of rapid cross-border
co-operation between agencies to bring cybercriminals to
justice.
"Communications networks between law enforcement agencies have
to be strong and rapid," said Andy Leatherby, of the National
Hi-Tech Crime Unit (NHTCU).
Getting evidence before the tracks vanish is a major probelm, he
said. Dealing with computer-based crime requires officers to trace
back IPs over the internet, but few countries have legislation
requiring internet service providers to retain data and some even
have laws preventing them from keeping connection records, he
said.
This is precisely the information investigators need, he argued.
Normally, investigators are only interested in traffic data, not in
information about content accessed, so there should be less concern
about privacy protection, he said.
His view is shared by Bernhard Otupal of Interpol. Greater
understanding of investigators' needs would make co-operation
easier, he said. "Data protection would not be a big problem if
people knew what law enforcement actually does with it. The huge
problem is identifying people by IP or telephone number," he
said.
There should not necessarily be a clash between effective
enforcement and data protection, said Christopher Painter, deputy
chief of computer crime at the US Department of Justice.
"There is an issue of security versus privacy but if we are
doing our job properly we are protecting privacy by stopping
personal information getting into the hands of people who will
misuse it," he said.
The convention made a major contribution to this process by
asking signatories to provide a round-the-clock point of access
where other agencies can request data needed in an investigation,
law enforcement officials said.
"It requires each country to set up a 24x7 point of contact so
in case of an incident, a law enforcement office can phone a
contact point in another country and preserve the digital crime
scene," Leatherby said. There are 89 countries in the 24-hour
network worldwide.
Participants stressed the need for as many countries as possible
to sign up, emphasising that in fighting cybercrime it is important
to avoid the mistakes made in the battle against money-laundering
and to prevent the creation of places where criminals operate
beyond the reach of the law.
"We don't want countries to have safe havens because it is easy
for a hacker to route communication through third countries,"
Painter said.
While the business community is taking the problem more and more
seriously because of the cost implications of failing to protect
their systems, some participants said there is still work to be
done raising awareness of the threat from cybercrime.
According to the NHTCU, cybercriminals caused more than £195m in
financial impact on companies that said in a survey they were
affected by such crimes last year, while an estimated 83% of UK
businesses are reported to have been victims of computer-based
attacks.
"In terms of security implications, [businesses] still don't
understand the potential for attacks," Leatherby said. His agency
is "looking at closer working relationships with industry so law
enforcement can learn from them and they can learn from us so that
they can build crime prevention into their methodology".
While public awareness of the problem is growing, there is the
need for greater sensitivity among users to security issues,
speakers agreed.
"You have to move away from a trusting society where you can be
duped into going to a fake web site to one where individuals
exercise their responsibilities. You can put hundreds of locks on a
door, but if you leave it open it's not secure," Leatherby
said.
The Convention agreement requires signatories to criminalise
four types of offences: those against the confidentiality,
integrity and availability of computer data and systems;
computer-related offences, including forgery and fraud;
content-related offences, including child pornography and racist
and xenophobic material; and offences related to copyright
infringements.
Simon Taylor writes for IDG News Service