US cybercops face global challenge

[InfoSec News <isn () C4I ORG>]

http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3FWFDWPEC&live=true&useoverridetemplate=ZZZ99ZVV70C&tagid=ZZZOMSJK30C&subheading=US

Published: October 24 2000 18:22GMT
Last Updated: October 24 2000 22:37GMT

By: Peter Spiegel

When the FBI began investigating a computer break-in at New York-based
Bloomberg News earlier this year, they came upon a troubling
realisation: the hackers were based in Kazakhstan, a country more
known for its occasionally shady oil dealings than international law
enforcement co-operation.

But when US lawmen contacted Kazakh government officials, they were in
for another, more pleasant surprise: "The co-operation we received
from the Kazakh authorities was very good," said the Federal Bureau of
Investigation's Ron Dick. With the help of the Kazakhs, the two
culprits were lured to London, and arrested by UK police.

Such is the nature of investigating and stopping cybercrime, a scourge
that by one estimate costs global businesses $1.5bn annually. Although
almost all crimes - from bank robberies to aeroplane hijackings -
potentially have international links, computer-based crimes have
become almost exclusively global in nature, whether because of
offshore "hop sites" used by criminals to confuse investigators or
because computer security can be more lax in developing countries such
as Kazakhstan.

"It's the nature of the crime," said Mr Dick, head of computer
investigations at the FBI's National Infrastructure Protection Centre
(NIPC), and thus America's top cybercop. "There are only a handful of
cases where we're not addressing things from an international
standpoint."

But the global nature of cybercrime has raised some unique and
troublesome problems for the FBI and its law enforcement partners in
industrial countries. At the most basic level, for instance, some
developing nations do not have laws making cybercrime illegal.

When the FBI tracked down the man responsible for this summer's "Love
Bug" virus they were hampered by the lack of a computer crime statutes
on the books in the Philippines, where the hacker was based.

"The Philippine government was embarrassed," said Mr Dick in an
interview with the Financial Times. "Here you have a country that
wants to be part of the global economy and e-commerce and are training
their people on these skills, and yet they don't have laws to deal
with that."

The Philippines has since passed new computer crime statutes, but
having laws on the books is only a first step. Mr Dick says very few
countries around the world have the technological expertise to deal
with the mounting problem.

The FBI has tried to help. Overseas lawmen visit the NIPC on a weekly
basis, and the FBI regularly sends its agents to train other law
enforcement agencies at international police academies in Budapest and
Bangkok - but it is an uphill road to travel.

"I don't have all the hardware, personnel and software skills that I
need to address all the vulnerabilities that are out there, and I come
from a law enforcement entity in a country that has pretty substantial
wealth," said Mr Dick. "Take that to a country that doesn't have those
kinds of resources, and obviously there are some gaps."

The problem becomes even more acute since evidence of a cybercrime can
often vanish in a matter of minutes.

But Mr Dick remains optimistic. On top of the help the FBI received
from countries like the Philippines and Kazakhstan, the US has worked
almost hand-in-glove with its closest cybercrime-fighting partners -
the UK and Canada - to spread the information needed. Gradually,
developing countries are taking cybercrime more seriously.

But the sharing of technological expertise with non-Nato allies can
raise its own questions. An increasingly wired world has opened up a
Pandora's box of opportunities for information warfare and
state-sponsored counter-intelligence.

How can the FBI be sure the law-enforcement practices it shares with
developing countries will not later be used against it as weapons in a
cyber battlefield?

"There's always a balance," admits Mr Dick. "There's always a
discussion about tools that are defensive in nature and those that are
offensive. But in a cyber world, the difference is frequently one
keystroke."

And for the aspiring cyber terrorist, there is no more inviting target
than the NIPC itself, perhaps the only place in the US government
where criminal information, counter-intelligence, and proprietary data
from the private sector are gathered in one place.

It is a fear that keeps Mr Dick and his fellow cybercops constantly on
their toes. "There's always been a concern that someday there could be
a rogue state that would allow cyber criminals to exist and do their
illegal activities and be out of touch from international law
enforcement," he says.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".