Law enforcement officials ask Congress for help in fighting cybercrime

[InfoSec News <isn () c4i org>]

http://www.nandotimes.com/technology/story/25600p-463255c.html

By D. IAN HOPPER, Associated Press 

WASHINGTON (June 12, 2001 09:55 p.m. EDT) - As they touted recent
successes, law enforcement officials asked Congress on Tuesday for
more funds and expanded powers in their fight against cybercrime.

Michael Chertoff, head of the Justice Department's criminal division,
said his staff wants higher penalties for computer criminals. He
specifically cited the case of David Smith, who pleaded guilty to
writing the 1999 "Melissa" virus.

"In that case, even though the defendant caused tens of millions - if
not billions - of dollars of damage," Chertoff told the House
subcommittee on crime, "the maximum penalty was five years in prison."

Chertoff also said police should have broader powers to investigate
computer crimes, including an update to the wiretap laws that were
written for telephones and have been translated clumsily to the
Internet age.

New wiretap laws are essential in tracking criminals who use the
Internet, Chertoff said. He revealed that investigators traced e-mail
messages connected to James Kopp, who was on the run for three years
after being indicted for the death of an abortion doctor. Kopp was
found and detained in France, where he is awaiting a decision on
extradition to the United States.

The FBI and Justice Department use a device called DCS1000 - once
known as Carnivore - to monitor e-mail messages going to and from a
suspect. The device has been under fire from privacy advocates and
some legislators.

Investigators have used electronic wiretapping to track fugitives,
drug dealers, extortionists and computer hackers, as well as suspected
foreign intelligence agents.

Carnivore critic Alan Davidson of the Washington-based Center for
Democracy and Technology told Congress that new laws should come in
the form of privacy enhancements, not investigative powers.

Davidson said the last "significant update" to privacy rules occurred
in 1986, before the World Wide Web was invented. The outdated rules
leave "gaps and ambiguities" that can lead to abuse, he said.

"Greater clarity and enhanced protection are needed both to promote
public confidence in law enforcement," Davidson said, "and to provide
deserved guidance about what is and is not acceptable behavior for
electronic surveillance and data gathering."

Davidson said the best way to promote online security is to encourage
the use of strong encryption by regular Internet users. The Justice
Department has argued against that and called for the police to be
able to decrypt a message with a court order.

An official with the Secret Service described several cases it has
worked on to illustrate different flavors of computer crimes. As part
of the Treasury Department, the Secret Service investigates crimes
against financial institutions.

Without naming the victims, James A. Savage of the financial crimes
division told legislators about a medical diagnostic service provider
that suffered a "catastrophic shutdown" of its entire computer network
in March. A former employee later admitted guilt.

In February, two "major wireless telecommunications service providers"
identified two hackers who got free long distance and other services,
Savage said. While they only stole service, they had enough access to
the network to shut down telephone service over a large area,
including emergency 911 systems and government installations.

Savage said an unidentified financial institution had its entire
banking network shut down just two weeks ago. It could not control its
ATMs, banking transactions or other functions. Again, a former
employee admitted to disabling the system.

Savage told lawmakers that the Secret Service is being swamped with
"desperate pleas" from local police departments for training,
assistance and equipment "on an alarmingly increasing basis."



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.