These are difficult times for fighting high-tech crime.
The cost of computer crime is rocketing, but law enforcement
agencies are battling with limited resources.
The only national organisation dedicated to fighting computer
crime has effectively closed, leaving a gap in policing which has
yet to be filled. And local forces are questioning whether they can
afford to continue running regional high-tech crime units.
The abolition of the National High-Tech Crime Unit (NHTCU) this
year and its replacement by the Serious Organised Crime Agency (Soca), a UK
equivalent of the FBI, has had mixed results. Businesses are
concerned that the move will lead to a downgrading of
investigations to everyday computer crime.
In the midst of this turmoil, the Crown Prosecution Service
(CPS) has found itself at the sharp end of the war against computer
criminals. The government department has embarked on a programme to
train its best lawyers in how to prosecute cases against hackers,
virus writers and software pirates.
So far, 42 prosecutors have passed through an intensive boot
camp, designed to bring them up to speed with the complexities of
technology and computer crime law. The three-day course offers a
grounding in everything from how computer discs work, recovering
deleted files and encryption, to peer-to-peer networks and internet
news groups. Prosecutors also learn how to prepare and present
technically complex cases in court.
Esther George is the policy adviser at the CPS responsible for
developing the training programme and devising the service's
computer crime strategy.
"The prosecutors are taught how to think outside of the box, and
to think about other ways they can prosecute computer crime using a
variety of legislation such as money laundering and blackmail
laws," she says.
The training has helped the CPS bring high-profile cases against
hackers and virus writers, including a complex case brought last
year against the Drink or Die software piracy group.
Drink or Die was a network of computer hobbyists who spent their
free time cracking copyright-protected software to share with each
other. Although they acted for fun rather than profit,
investigators claimed that organised crime groups were reselling
the cracked software they posted on the internet. More than 60
people were arrested following an international investigation. In
the UK, three members of the network were jailed following a trial
at the Old Bailey last year.
Russell Tyner, the prosecutor in the Drink or Die case, says
there is an art to presenting highly complex issues in a
non-technical way. "One of the skills of the prosecution is to
avoid the whole thing becoming a morass of technical detail," he
says.
The need to present information to juries in a simplified way
was highlighted in the aftermath of the controversial prosecution
of 19-year-old Aaron Caffrey.
Caffrey was acquitted in 2003 of launching a denial of service
attack against the Port of Houston. The court accepted that his
computer may have been infected by a Trojan which could have
launched the attack automatically, leaving no trace of its
presence.
The "Trojan defence" has now become standard in many types of
computer crime cases. But the defence often plays on the ignorance
of juries and prosecutors. It has raised the need for the CPS to do
more to explain complex technical issues in simple terms to judges
and juries, says George.
One way is to develop visual aids. In the Drink or Die case,
Tyner worked with police to develop a Powerpoint presentation to
explain technical concepts in a simple way for the jury.
"A lot of studies have shown that people generally retain less
when you speak to them, but a lot more when you show them
pictures," George says. "We are looking to make our presentations
more visual."
When they are not fighting cases, CPS prosecutors use their
specialist knowledge of high-tech crime to shape computer crime
law. This includes helping to drive reforms to the Computer Misuse
Act that will give police extra powers to seize computer equipment
and extradite hackers from foreign jurisdictions.
Sometimes, shaping the law has meant having to challenge the
verdicts handed down by the courts, as in the case of David Lennon,
a 17-year-old cleared by a Wimbledon magistrates court of launching
a denial of service attack against his former employer.
The court heard that Lennon had downloaded a "mail bombing
program" called Avalanche, and used it to bombard insurance company
Domestic & General with five million e-mails. The judge in the
case ruled that Lennon had done nothing wrong by sending so many
messages - because the server was designed to receive e-mail.
The CPS referred the case to the High Court for review. The
judges overturned the initial decision, arguing that the server
should be treated in the same way as the letterbox in a front
door.
Although householders with a letterbox give implied permission
for people to deliver post to them, they do not expect their house
to be flooded with junk mail. The High Court's decision closed an
important loophole.
Another aspect of CPS's work is to assist police in the
investigation of high-tech crime. Often, given the increasingly
international nature of high-tech crime, this can mean liaising
with lawyers overseas, says Tyner.
"High-tech crime has an international dimension. A lot of ISPs
are outside the UK. We become involved at that stage, seeking to
facilitate evidence gathering abroad. A lot of this crime
originates in Eastern Europe and Russia," he says.
The UK has mutual legal assistance treaties with other
countries, but often it is more effective to contact a prosecutor
in another country directly. The service has liaison magistrates in
France, Italy, Spain and the US to facilitate this work.
In the UK, many local police forces, left to pick up this area
of the NHTCU's work since its closure, are ill equipped to
investigate breaches of company systems. For most chief police
officers, this sort of crime is not a priority.
George is reluctant to comment on political matters, but says
the CPS is already meeting the challenge of working with Soca.
The CPS has revised its three-day boot camp to match the
objectives of the new organisation. It now covers the Police and
Criminal Evidence Act, data protection, cover surveillance, the
Terrorism Act and the Fraud Bill. Discovery, evidence collection
and prosecuting cases which extend beyond the borders of the UK are
also covered.
In the long term, George believes that the skills needed for
high-tech crime prosecutions will increasingly be required in
everyday prosecutions, as computers, mobile phones and PDAs become
ubiquitous.
"I think what you will probably find is that high-tech crime
will become mainstream. A prosecutor who prosecutes murder will
also be trained to prosecute high-tech crime," she says.
"Computer crime for us is really any crime that has a computer
aspect. So it is crimes where a computer is used as a means of
communication. Child abuse, fraud, even the clocking back of cars,
we would call computer crime."
Origins of the cps high-tech crime drive
The UK's first national body devoted to fighting organised
computer crime, the National High Tech Crime Unit was set up in
1999 and was the catalyst behind the CPS's decision to embark on a
drive against computer crime.
The then director of public prosecutions, David Calvert-Smith,
used a CPS conference to lay down a challenge to government
prosecutors to develop expertise in computer crime."While the CPS
has successfully prosecuted a number of cases, especially in the
area of child pornography, we still have much to learn and must
make use of the best available expertise," he told the assembled
lawyers and officials.
CPS policy adviser Esther George was responsible for creating a
cyber-crime strategy for the service. A report acknowledged that
the growth of broadband and the ubiquitous use of mobile phones and
desktop computers had clear implications for law enforcement
agencies.
"General awareness of high-tech crime issues among prosecutors
is limited, and existing guidance on high-tech crime is not
sufficiently comprehensive," the report concluded.
"It is important for the CPS to develop its own high-tech crime
strategy to ensure there are national specialists who can advise
other prosecutors locally and develop links with their network
investigator counterparts," said the report.
The CPS organised a series of roadshows to raise awareness of
computer evidence in the law enforcement community, and now offers
training in computer crime to its leading prosecutors.
Who's who in combating computer crime
Local police forces
All UK forces have some form of computer crime forensic and
investigation capability.
Serious and Organised Crime Agency (Soca)
Soca's remit is to reduce harm caused by organised crime. It has
replaced the National High Tech Crime Unit, which focused solely on
high-tech crime.
Child Exploitation and Online Protection Centre
(CEOP)
CEOP runs a website and an offline education campaign to advise
young people and their parents about online awareness and
safety.
Communications Electronics Security Group (CESG)
CESG is the National Technical Authority for Information
Assurance (ensuring that communications and IT systems are secure
and reliable) for UK government agencies, armed forces and various
bodies in the public and private sectors.
National Infrastructure Security Coordination Centre
(NISCC)
This cross-governmental centre works to reduce the risk to
critical national infrastructure from electronic attack and acts to
coordinate and promote information sharing.
Government departments
The Home Office has a computer crime policy team and the
Department of Trade & Industry produces a biennial information
security breaches survey, web resources and other publications. The
Cabinet Office contains the Central Sponsor for Information
Assurance and plays a lead role in Get Safe Online and ITsafe - the
government alert systems for computer viruses and technological
flaws.
Source: Parliamentary Office of Science and
Technology.
Changing of the e-crime guard
David Lacey's security blog
Stuart King's risk management blog
Comment on this article:
computer.weekly@rbi.co.uk