An International Perspective on Fighting Cybercrime

1. An International Perspective on Fighting Cybercrime Robert Chang, Wingyan Chung, Hsinchun Chen, Shihchieh Chou NSF/NIJ Symposium on Intelligence and Security Informatics, Tucson, Arizona, June 2003

2. Agenda • Introduction • An Overview of Cybercrime • Approaches to Fighting Cybercrime • Fighting Cybercrime in Taiwan: A Case Study • Recommendations • Conclusions and the Future

3. Introduction

4. The Internet and Cybercrime • As the Internet becomes a part of our daily lives, criminals increasingly are using it to conduct cybercrime • The 2002 Computer Crime and Security Survey conducted by Computer Security Institute and the FBI shows that • 90% of respondents detected computer security breaches over the past twelve months • 80% acknowledged financial losses due to computer breaches, and • 71% detected unauthorized access by insiders

5. Research in Cybercrime • Because cybercrime is an emerging phenomenon of the information age, much research is at the inception stage • In this presentation, we • Provide an overview of cybercrime and review existing approaches to fighting it, • Present a case study of fighting cybercrime in Taiwan, and • Propose recommendations to the community of researchers, policy makers, and practitioners who are involved in fighting cybercrime

6. An Overview of Cybercrime

7. Definition of Cybercrime • Most researchers agree that it is any illegal activities conducted through computer, but some disagree on where cybercrime takes place • We define “cybercrime” as illegal computer-mediated activities that often take place in the global electronic networks • Types of cybercrime • Computer hacking, Internet fraud, virus spreading, and theft of confidential information, cyber-piracy, and others

8. Examples of Cybercrime Pornography Sales of illegal items Pirated software and CDs Hacking Fencing stolen goods Slander EC Fraud Spread of viruses Sales of personal information Illegal gambling

9. Types of Cybercrime (1) • Computer hacking or network intrusion refers to the unauthorized access of a computer or a computer network • Motives can be political or personal • Weapons: cyber-terrorism, logic bombs and electromagnetic bombs • Internet fraud refers to deceptive behavior conducted through the Internet in an illegal manner • Financial and personal benefits are the major motivations

10. Types of Cybercrime (2) • Spreading of malicious code refers to the sending of a virus, a Trojan horse through a computer network to affect its normal operation • Cyber-piracy is the illegal copying and trading of software through the Internet • Other types of cybercrime include identity theft, electronic property theft, money laundering, and cyber-pornography

11. Approaches to Fighting Cybercrime An International Perspective

12. Fighting Cybercrime • Data mining techniques have been used to analyze cybercrime • e.g., Unsolicited email identification, authorship analysis, link analysis, sequential pattern mining, association rule mining • In addition, fighting cybercrime involves government, public and private organizations, legislation, technologies, and cooperation from other countries

13. Fighting Cybercrime in Different Countries • Three approaches are typically used: legal, organizational, and technological • Legal approach aims to restrict cybercrime activities through legislation • Organizational approach aims to enforce laws, to promote cooperation, and to educate the public through the establishment of dedicated organizations • Technological approach aims to increase the effectiveness and efficiency of cybercrime analysis and investigation with the help of new technologies

14. Legal Approach • Within-country strategies • The U.S. – The National Infrastructure Protection Act of 1996, The Cyberspace Electronic Security Act of 1999, The Patriot Act of 2001 • England – The Data Protection Act of 1984 and the Computer Misuse Act of 1990; Regulation of Investigatory Powers (RIP) Bill in July 2000 • Law enforcement agencies have greater investigative power • Australia – The Australian Cybercrime Act, 2001 • Defines the following as criminal behaviors – unauthorized access, modification or impairment of restricted data • Mandates ISP to keep data between 6 and 12 months

15. Legal Approach • Across-country strategies • Group of Eight (G8) – The 1997 Ministers Communiqué mandates that member countries take appropriate measures to criminalize cybercrime • Protect confidentiality, integrity, and availability of data and systems against unauthorized impairment • Council of Europe (CE) – The 2001 Cybercrime convention • First international convention passed by U.S., Canada, South Africa, Japan • Mandates members to have unified legislation on cybercrime

16. Organizational Approach • Within-country strategies • The U.S. – FBI, National Infrastructure Protection Center, National White Collar Crime Center, Internet Fraud Complaint Center, etc. • Computer forensics, search of computer evidence • Support law enforcement agencies on preventing and investigating cybercrime • Canada – The Canadian Police’s Information Technology Security Branch • Performs security evaluation and inspection functions • Taiwan –Cybercrime Prevention and Fighting Center of the Investigation Bureau in the Ministry of Justice, Telecommunication Police Squad, etc.

17. Organizational Approach • Across-countries strategies • G8 – mandates that all member countries to have a point of contact on a 24  7 basis • Cybercrime training for all law enforcement personnel • CE – Requires member countries to set up organizations to execute Cybercrime Convention • International cooperation and extradition, obtaining evidence for investigation

18. Technological Approach • Within-country strategies • The FBI has developed Carnivore, a computer surveillance system for cybercrime investigation • The Canadian has introduced Internet training that is specifically designed for police officers • The British government has applied technologies of filtering and rating to protect minors from inappropriate material on the Web • The Australian Computer Crime Program has developed various tools for police agencies to investigate cybercrime • The Japanese government established Cyber Force Center and developed the Real Time Intrusion Detection Network

19. Technological Approach • Across-countries strategies • G8 recommends member countries to use IT to prevent and detect network abuse, facilitate tracing of criminals and collect forensic evidence • Two articles in Cybercrime Convention by CE deal with using IT to collect and intercept data for law enforcement agencies

20. Fighting Cybercrime in Taiwan: A Case Study Based on statistics collected by Taiwan Criminal Investigation Bureau between 1999 and 2002

21. Cybercrime in Taiwan • The Internet population has been growing much faster than the total population • The numbers of cybercrime cases and suspects have been increasing much faster than even the Internet population and reached a record high in 2002 • Also, cybercrime suspects are becoming younger • Cybercrime is conducted by highly educated people • Only 21% (1050) of all 5035 suspects in cybercrime cases had not completed high school, compared with about 60% of all suspects of general criminal cases

23. Fighting Cybercrime in Taiwan • Legal approach • Amended ten articles of Criminal Law to deal with cybercrime in 1997 • Another legislation targeting computer hacking and virus spreading is under review • Technological approach • CIB has developed proprietary software tools and hardware equipment for cybercrime investigation, e.g., • Internet Patrol Agent, Globe IP Tracer, Evidence Collector, Packet Analyzer, Remote Monitor

24. Fighting Cybercrime in Taiwan • Organizational approach • The Ministry of Justice has established a Cybercrime Prevention and Fighting Center in Prosecutors’ Office • Established a Computer Crime Unit in every county police department in 2000 • Telecommunication Police Squad was set up in 1997 to clamp down on illegal use of radio frequencies and investigating cybercrime

25. MoJ MoI The Agencies of Fighting Cybercrime in Taiwan National Information and Communications Initiative ＮＩCＩ, Executive Yuan MoT&C Directorate Gen. of Telecommunication Prosecutors’ office, the High Court National Police Administration Information Office Investigation Bureau Computer Crime Unit, County PD Telecommunication Police Squad Cybercrime Prevention & Fighting Center Cybercrime Investigation Unit Computer Crime Squad, CIB

26. Problems and Lessons Learned • Limited identification of Internet and cellular phone users • Difficult to trace the activities of overseas-hosted illegal Web sites • Many ISPs, Internet Content Providers (ICPs), and Internet companies keep users’ log files for only a short time (1-3 months) • Internet Cafe House – safe heavens for cybercriminals • Lessons: legal and technical knowledge for cybercrime investigation

27. Recommendations

28. Recommendations • Updating existing laws • e.g., laws regulating ISPs’ operations • Enhancing specialized task forces • e.g., Computer forensics training • Utilizing civic resources • e.g., technical support from universities or research organizations • Promoting cybercrime research

29. Conclusions and the Future

30. Conclusions • Summary: Overview, international perspective on fighting cybercrime, Taiwan case studies, recommendations • Cybercrime greatly affects individuals, businesses, and national security due to the pervasiveness of the Internet • We believe that different countries should work together and use legal, organizational, and technological approaches to combat cybercrime • To reduce the damage to critical infrastructures • To protect the Internet from being abused

31. Thank you very much! Questions and comments?