The hacker cracker

[InfoSec News <isn () C4I ORG>]

http://www.telegraph.co.uk/et?ac=000140326706927&rtmo=weteQAob&atmo=rrrrrrrq&pg=/et/00/12/3/cahack03.html

Sunday 3 December 2000

The internet and e-commerce have revolutionised business in just a few
years. But they also offer enormous scope to the criminal. Damian
Reece meets the head of the new police unit to fight cybercrime
hacking, spamming, pumping and dumping. We are in the new economy and
these are its crimes.

While such offences are not, admittedly, the average contents of a
police charge sheet, the threat from so-called cybercrime is growing.
Indeed, the Home Office is so worried that it has decided to throw 25m
at establishing a new breed of cybercop to tackle cybercrime. This
Flying Squad of the internet will be working for a new hi-tech crimes
unit being set up by the National Criminal Intelligence Service.

Far from being a virtual police force, it will recruit more than 80
officers, based both in local forces and at a new central hi-tech
crimes unit to be set up in London. Their daily duty will be surfing
the net rather than walking the beat. They will be backed up by the
Computer Misuse Act 1990, which empowers the courts to incarcerate
people for up to five years.

Announcing the 25m funding, Bob Packham, deputy director general of
the National Crime Squad, said: "Criminals' main motive is financial
profit. As the internet and computer technology become increasingly
part of everyday life, those criminals are turning to it to make
money. If you look to the future, e-commerce is taking off and if
business and industry goes electronic then organised crime will go
electronic. We must keep one step ahead."

The internet is a wonderful business tool but a perfect breeding
ground for criminals. Fraud against companies, investors and consumers
is the biggest single cybercrime alongside child pornography, while
other criminal activity such as sending viruses to cripple companies'
computer systems and hacking is on the increase. The scale of
cybercrime is anyone's guess. It will be one of the jobs of the new
cybercops to establish just how big the problem is, but credit card
fraud alone using the internet is thought to be worth 40m to
criminals.

Leading the charge against this new computer age underworld is Mark
Castelle, a chief inspector from the Metropolitan Police. A physics
graduate, Castelle is project director for the new hi-tech crimes unit
based in Vauxhall, just round the corner from MI6. Castelle has seen
the grubby end of policing as well as the new hi-tech sleuthing. For
seven years he was based at Stoke Newington police station in Hackney
and went from there to Limehouse CID.

Now he is faced by the voluminous but amorphous threat of fighting
cybercriminals such as internet fraudsters, hackers and malicious
programmers. But his biggest problem from the outset will be
persuading victims of cybercrime, be they gullible investors sucked
into a share ramping scam on the internet or a multinational company
faced with a fraudster or blackmailer hacking into its computer files
for secret data, to come forward and report crime.

Castelle says: "Hi-tech crime requires a response because the public
is using the internet and computers and it's an environment where
crime can overwhelm us if we're not careful but it is very difficult
to get a good picture of the scale of the problem. I can understand
why large corporations in a volatile market place would not want to
report vulnerabilities, especially if they thought that would then
leak out into the public.

"What I am saying is that we recognise the need for sensitivity, and
the new hi-tech crimes unit will provide a confidential route for
reporting this sort of criminal activity. We all need to know the size
and shape of this problem. If they [companies] don't tell us, we don't
know and we can't help them solve the problem. The fact that a company
might get rid of problem from its own business does not stop that
individual from being a drain on the country as a whole."

Investigating cybercrime poses unique policing problems, in particular
the fact that it knows no geographical boundaries, so Castelle and his
officers face the challenge of regularly having to pursue people
abroad and liaising with foreign police. At the same time many
companies have yet to acquire the technical infrastructure both to
protect themselves against cybercrime and to help police establish a
trail of evidence when investigating an offence.

Cybercrime also has a huge range, from an attack against essential
national infrastructure systems, such as the National Grid, to an
investor's fraudulent manipulation of penny shares through the
ubiquitous internet chat rooms and bulletin boards.

Meanwhile, says Castelle, consumers are still naive about the signs
and clues that point to the honesty or otherwise of web sites seeking
their business. He says: "There are two dimensions to cybercrime.
There are the traditional crimes such as fraud that take place because
they are aided by the internet and computers in general, and then
there are new crimes that exist only because of computers.

"These would include hacking and spamming. Spamming is the sending of
unwanted emails, an extreme form of which is "denial of service" where
so many are sent that they crash a system. Pumping and dumping is
perpetrated by unscrupulous investors who own a company's shares and
publish false information over the internet about the company's
prospects. If the share price reacts to the information the investor
then sells his shares for a profit."

Advance fee fraud and credit card fraud are examples of old crimes
given a new lease of life by the internet. The world wide web is a
wonderful way of persuading people to part with personal details that
can be used for someone else's profit. Castelle's first priority will
be to raise people's awareness of cybercrime and how they may,
unwittingly, be helping criminals.

"It's about making sure people involved in a head-long rush to market
say to themselves: 'Hang on a minute. Am I presenting criminals with
an opportunity?' When you improve the efficiency of a business, you
may well be improving the efficiency of the criminal.

"The challenge is to pursuade people to co-operate with us and make
them aware of the risks. It's about companies having systems in place
to keep accurate records of computer activity within their businesses.
If someone is abusing their employer's network for personal profit,
does the company have a robust enough system in place to detect it and
find out who is doing it?"

Castelle's 25m will fund the new unit for three years and establish
its operations across the country. It goes live in April and the unit
will allow him to lift the stone and uncover previously unseen
evidence of cybercrime overlooked by investigators. Only then will he
know what the shape and scale of Britain's cybercrime really is and
what realistic resources are needed to fight it.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".