Although the Internet may be considered the greatest achievement of the past 50 years, the technology behind it has created a sanctuary for various types of computer criminals. The unfortunate and ugly truth is that the Web is providing a brand new “world” where international cyber criminals can thrive, and the world’s numerous criminal justice systems just aren’t ready to address these crimes in their entirety.
Cyber criminals don’t necessarily need to leave the comfort of their homes to commit their crimes. Today, for example, bank robberies can be committed in Southeast Asia via a computer that’s being controlled by an individual in Russia. Identity theft is achieved through a complex network of individuals residing in North America, Europe, and Africa, all effectively working together on the Internet to profit from shared information. And organized crime has ties to spam campaigns, identity theft, denial-of-service attacks, and organized hacking rings.
The fact is that Internet crimes are almost always international crimes. When you read about a bank system being hacked in order to steal 100,000 accounts, more than likely this crime was committed by perpetrators overseas, and there will almost definitely be a connection to organized crime. This part of the story is rarely conveyed to the everyday reader, but it is critical to understand this fact if we are going to fix the problem.
In the world of cyber crime, law enforcement officials in most countries have recognized that they must move much faster than the average investigator due to the fact that computer evidence can “disappear” rather quickly. These same cyber investigators realize they must be willing and ready to cooperate with law enforcement officials in other countries if they actually plan to capture the Internet criminals.
Laws, treaties, and conventions, such as the Convention on Cybercrime, have attempted to address the international cooperation issue. Although the Convention on Cybercrime is an outstanding step in the right direction, is not a “law” that applies to all countries. Regardless of whether the country is a member of this Convention, the punishments levied are based on the local laws of the land.
But the problem with investigating international cyber crimes and capturing criminals on the Internet is not necessarily due to lack of cooperation among international law enforcement bodies. The issue has much more to do with the fact that the legal systems throughout the world vary greatly and take a very long time to change. These two facts make it extremely difficult for law enforcement to cooperate, investigate, capture, and ultimately prosecute the cyber criminals today.
If we accept the fact that the greatest hurdle in arresting international cyber criminals is that various legal systems just aren’t prepared to address the speed at which these crimes occur or the various nuances that are unique to computer crimes, then the question is: What can we do to fix the problem?
It’s obvious that the Internet requires some type of governance. But it is just as obvious that trying to establish this governance through the numerous legal systems might not be practical. The other possibility for governing the Internet, and, more specifically, the criminal activity that occurs on the Internet, would be to change the structure of the Internet. Although I don’t support ideas like the “national firewalls” put in place by some countries, this type of solution does afford some level of control over Internet traffic flowing through said country.
However, knowing all the possibilities with disguising or “spoofing” one’s information on the Web, I’m not sure that there is a way to truly “protect our borders” when it comes to the Internet. The solution might be to establish two Internets -- the current Internet and a new, more secure Internet where users would be required to register prior to gaining access. Once again, though, we’re confronted with the issue of what would be the governing body that would manage the user registrations? Would it be an organization similar to the IANA (Internet Assigned Numbers Authority) or InterNIC that would manage user registrations on the “new” Internet, or do we need to establish an entirely new entity to manage a more secure Internet?
The fight against international cyber crime is going to take a concerted effort from large and small corporations, law enforcement in all countries, as well as the governments and legislative bodies of those same countries. Most importantly, the average end user will have to join the fight to bring about change on the Internet, or create a “new” Internet using the lessons we’ve learned.
— Patrick J. Dempsey, Chief Information Security Officer for Janney Montgomery Scott and former FBI agent