International cyber-cop unit girds for uphill battles

An group of international cyber cops is ramping up plans to fight online crime across borders.

The unit, known as the Strategic Alliance Cyber Crime Working Group, met this month in London and is made up of high-level online law enforcement representatives from the FBI, Australia, Canada, New Zealand, and the United Kingdom. One of the main goals of the group, which was founded in 2006, is to fight cyber crime in a common way by sharing intelligence, swapping tools and best practices, and strengthening and synchronizing their respective laws.

And it has its work cut out for it.

The Government Accountability Office last year said there is concern about threats that nation-states and terrorists pose to our national security through attacks on US computer-reliant critical infrastructures and theft of our sensitive information.

For example, according to the US-China Economic and Security Review Commission report, Chinese military strategists write openly about exploiting the vulnerabilities created by the U.S. military's reliance on advanced technologies and the extensive infrastructure used to conduct operations.

Also, according to FBI testimony, terrorist organizations have used cybercrime to raise money to fund their activities. Despite the reported loss of money and information and known threats from adversaries, there remains a lack of understanding about the precise magnitude of cybercrime and its impact because cybercrime is not always detected or reported.

The group hopes to impact some of those problems. At the London meeting, participating countries outlined ways to share forensic tools, possibilities for joint training, and strategies for a public awareness campaign to help reduce cyber crime. According to the FBI, the group is one outgrowth of the larger Strategic Alliance Group-a formal partnership between these nations dedicated to tackling larger global crime issues, particularly organized crime.

The group so far has:

· Collectively developed a comprehensive overview of the transnational cyber threat-including current and emerging trends, vulnerabilities, and strategic initiatives for the working group to pursue (note: the report is available only to law enforcement);· Set up a special area on Law Enforcement Online, the FBI's secure Internet portal, to share information and intelligence;· Launched a series of information bulletins on emerging threats and trends (for example, it drafted a bulletin recently describing how peer-to-peer, or P2P, file sharing programs can inadvertently leak vast amounts of sensitive national security, financial, medical, and other information);· Began exploring an exchange of cyber experts to serve on joint international task forces and to learn each other's investigative techniques firsthand; and· Shared training curriculums and provided targeted training to international cyber professionals.

The GAO noted cybercrime laws vary widely across the international community. For example, Australia enacted its Cybercrime Act of 2001 to address this type of crime in a manner similar to the US Computer Fraud and Abuse Act. In addition, Japan enacted the Unauthorized Computer Access Law of 1999 to cover certain basic areas similar to those addressed by the U.S. federal cybercrime legislation.

Countries such as Nigeria with minimal or less sophisticated cybercrime laws have been noted sources of Internet fraud and other cybercrime. In response, they have looked to the examples set by industrialized nations to create or enhance their cybercrime legal framework. A proposed cybercrime bill, the Computer Security and Critical Information Infrastructure Protection Bill, is being debated before Nigeria's General Assembly for consideration. Because political or natural boundaries are not an obstacle to conducting cybercrime, international agreements are essential to fighting cybercrime. For example, in November 2001, the United States and 29 other countries signed the Council of Europe's Convention on Cybercrime as a multilateral instrument to address the problems posed by criminal activity on computer networks. Nations supporting this convention agree to have criminal laws within their own nation to address cybercrime, such as hacking, spreading viruses or worms, and similar unauthorized access to, interference with, or damage to computer systems. It also enables international cooperation in combating crimes such as child sexual exploitation, organized crime, and terrorism through provisions to obtain and share electronic evidence. The U.S. Senate ratified this convention in August 2006. As the 16th of 43 countries to support the agreement, the United States agrees to cooperate in international cybercrime investigations.

The governments of European countries such as Denmark, France, and Romania have ratified the convention. Other countries including Germany, Italy, and the United Kingdom have signed the convention although it has not been ratified by their governments. Non-European countries including Canada, Japan, and South Africa have also signed but not yet ratified the convention, the GAO report said.

In the US alone, the GAO said the annual loss due to computer crime was estimated to be $67.2 billion for US organizations, according to a 2005 FBI survey. The estimated losses associated with particular crimes include $49.3 billion in 2006 for identity theft and $1 billion annually due to phishing. These projected losses are based on direct and indirect costs that may include actual money stolen, estimated cost of intellectual property stolen, and recovery cost of repairing or replacing damaged networks and equipment.

Meanwhile the Strategic Alliance Cyber Crime Working Group will meet again in May, to bring together legal and legislative experts from the five countries to talk about common challenges, differing approaches, and potential ways to streamline investigations and harmonize laws on everything from data retention standards to privacy requirements, the FBI said.

Layer 8 in a box

Check out these other hot stories:

Intellectual property protection needs a kick in the pants

Wal-Mart's 'greenest' store devours 45% less energy

Annoying online advertiser to pay record $2.9 million to settle FTC charges

DARPA chief outlines expansive array of future networking projects

What do March Madness and vasectomies have in common?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey 2021: The results are in