High-tech crime is put on trial

Court cases against hackers, software pirates and online fraudsters require a different plan of attack. Bill Goodwin reveals how the Crown Prosecution Service is getting to grips with nailing high-tech criminals

These are difficult times for fighting high-tech crime. The cost of computer crime is rocketing, but law enforcement agencies are battling with limited resources.

The only national organisation dedicated to fighting computer crime has effectively closed, leaving a gap in policing which has yet to be filled. And local forces are questioning whether they can afford to continue running regional high-tech crime units.

The abolition of the National High-Tech Crime Unit (NHTCU) this year and its replacement by the Serious Organised Crime Agency (Soca), a UK equivalent of the FBI, has had mixed results. Businesses are concerned that the move will lead to a downgrading of investigations to everyday computer crime.

In the midst of this turmoil, the Crown Prosecution Service (CPS) has found itself at the sharp end of the war against computer criminals. The government department has embarked on a programme to train its best lawyers in how to prosecute cases against hackers, virus writers and software pirates.

So far, 42 prosecutors have passed through an intensive boot camp, designed to bring them up to speed with the complexities of technology and computer crime law. The three-day course offers a grounding in everything from how computer discs work, recovering deleted files and encryption, to peer-to-peer networks and internet news groups. Prosecutors also learn how to prepare and present technically complex cases in court.

Esther George is the policy adviser at the CPS responsible for developing the training programme and devising the service's computer crime strategy.

"The prosecutors are taught how to think outside of the box, and to think about other ways they can prosecute computer crime using a variety of legislation such as money laundering and blackmail laws," she says.

The training has helped the CPS bring high-profile cases against hackers and virus writers, including a complex case brought last year against the Drink or Die software piracy group.

Drink or Die was a network of computer hobbyists who spent their free time cracking copyright-protected software to share with each other. Although they acted for fun rather than profit, investigators claimed that organised crime groups were reselling the cracked software they posted on the internet. More than 60 people were arrested following an international investigation. In the UK, three members of the network were jailed following a trial at the Old Bailey last year.

Russell Tyner, the prosecutor in the Drink or Die case, says there is an art to presenting highly complex issues in a non-technical way. "One of the skills of the prosecution is to avoid the whole thing becoming a morass of technical detail," he says.

The need to present information to juries in a simplified way was highlighted in the aftermath of the controversial prosecution of 19-year-old Aaron Caffrey.

Caffrey was acquitted in 2003 of launching a denial of service attack against the Port of Houston. The court accepted that his computer may have been infected by a Trojan which could have launched the attack automatically, leaving no trace of its presence.

The "Trojan defence" has now become standard in many types of computer crime cases. But the defence often plays on the ignorance of juries and prosecutors. It has raised the need for the CPS to do more to explain complex technical issues in simple terms to judges and juries, says George.

One way is to develop visual aids. In the Drink or Die case, Tyner worked with police to develop a Powerpoint presentation to explain technical concepts in a simple way for the jury.

"A lot of studies have shown that people generally retain less when you speak to them, but a lot more when you show them pictures," George says. "We are looking to make our presentations more visual."

When they are not fighting cases, CPS prosecutors use their specialist knowledge of high-tech crime to shape computer crime law. This includes helping to drive reforms to the Computer Misuse Act that will give police extra powers to seize computer equipment and extradite hackers from foreign jurisdictions.

Sometimes, shaping the law has meant having to challenge the verdicts handed down by the courts, as in the case of David Lennon, a 17-year-old cleared by a Wimbledon magistrates court of launching a denial of service attack against his former employer.

The court heard that Lennon had downloaded a "mail bombing program" called Avalanche, and used it to bombard insurance company Domestic & General with five million e-mails. The judge in the case ruled that Lennon had done nothing wrong by sending so many messages - because the server was designed to receive e-mail.

The CPS referred the case to the High Court for review. The judges overturned the initial decision, arguing that the server should be treated in the same way as the letterbox in a front door.

Although householders with a letterbox give implied permission for people to deliver post to them, they do not expect their house to be flooded with junk mail. The High Court's decision closed an important loophole.

Another aspect of CPS's work is to assist police in the investigation of high-tech crime. Often, given the increasingly international nature of high-tech crime, this can mean liaising with lawyers overseas, says Tyner.

"High-tech crime has an international dimension. A lot of ISPs are outside the UK. We become involved at that stage, seeking to facilitate evidence gathering abroad. A lot of this crime originates in Eastern Europe and Russia," he says.

The UK has mutual legal assistance treaties with other countries, but often it is more effective to contact a prosecutor in another country directly. The service has liaison magistrates in France, Italy, Spain and the US to facilitate this work.

In the UK, many local police forces, left to pick up this area of the NHTCU's work since its closure, are ill equipped to investigate breaches of company systems. For most chief police officers, this sort of crime is not a priority.

George is reluctant to comment on political matters, but says the CPS is already meeting the challenge of working with Soca.

The CPS has revised its three-day boot camp to match the objectives of the new organisation. It now covers the Police and Criminal Evidence Act, data protection, cover surveillance, the Terrorism Act and the Fraud Bill. Discovery, evidence collection and prosecuting cases which extend beyond the borders of the UK are also covered.

In the long term, George believes that the skills needed for high-tech crime prosecutions will increasingly be required in everyday prosecutions, as computers, mobile phones and PDAs become ubiquitous.

"I think what you will probably find is that high-tech crime will become mainstream. A prosecutor who prosecutes murder will also be trained to prosecute high-tech crime," she says.

"Computer crime for us is really any crime that has a computer aspect. So it is crimes where a computer is used as a means of communication. Child abuse, fraud, even the clocking back of cars, we would call computer crime."

Origins of the cps high-tech crime drive

The UK's first national body devoted to fighting organised computer crime, the National High Tech Crime Unit was set up in 1999 and was the catalyst behind the CPS's decision to embark on a drive against computer crime.

The then director of public prosecutions, David Calvert-Smith, used a CPS conference to lay down a challenge to government prosecutors to develop expertise in computer crime."While the CPS has successfully prosecuted a number of cases, especially in the area of child pornography, we still have much to learn and must make use of the best available expertise," he told the assembled lawyers and officials.

CPS policy adviser Esther George was responsible for creating a cyber-crime strategy for the service. A report acknowledged that the growth of broadband and the ubiquitous use of mobile phones and desktop computers had clear implications for law enforcement agencies.

"General awareness of high-tech crime issues among prosecutors is limited, and existing guidance on high-tech crime is not sufficiently comprehensive," the report concluded.

"It is important for the CPS to develop its own high-tech crime strategy to ensure there are national specialists who can advise other prosecutors locally and develop links with their network investigator counterparts," said the report.

The CPS organised a series of roadshows to raise awareness of computer evidence in the law enforcement community, and now offers training in computer crime to its leading prosecutors.

Who's who in combating computer crime

Local police forces

All UK forces have some form of computer crime forensic and investigation capability.

Serious and Organised Crime Agency (Soca)

Soca's remit is to reduce harm caused by organised crime. It has replaced the National High Tech Crime Unit, which focused solely on high-tech crime.

Child Exploitation and Online Protection Centre (CEOP)

CEOP runs a website and an offline education campaign to advise young people and their parents about online awareness and safety.

Communications Electronics Security Group (CESG)

CESG is the National Technical Authority for Information Assurance (ensuring that communications and IT systems are secure and reliable) for UK government agencies, armed forces and various bodies in the public and private sectors.

National Infrastructure Security Coordination Centre (NISCC)

This cross-governmental centre works to reduce the risk to critical national infrastructure from electronic attack and acts to coordinate and promote information sharing.

Government departments

The Home Office has a computer crime policy team and the Department of Trade & Industry produces a biennial information security breaches survey, web resources and other publications. The Cabinet Office contains the Central Sponsor for Information Assurance and plays a lead role in Get Safe Online and ITsafe - the government alert systems for computer viruses and technological flaws.

Source: Parliamentary Office of Science and Technology.


Changing of the e-crime guard

David Lacey's security blog

Stuart King's risk management blog

Comment on this article: [email protected]

Read more on Antivirus, firewall and IDS products