McAfee Virtual Criminology Report - Fatal System Error

McAfee Virtual Criminology ReportCybercrime Versus CyberlawThe annual McAfee global study on organized crime and the Internetin collaboration with leading international security experts.454868.45 5 4889 8 488.5545 689645645 866 6654568 688.54 58486 868 8454868.45 5 48 452878289 8 488.5545 689644 822.6564568 45 4582 688.54 58486 86484 8 81

Virtual Criminology ReportCONTENTSForewordContributorsDr. Ian BrownLilian EdwardsMatthew BevanSharon LemonBob Burls MScPeter SommerRichard ClaytonPhilip VirgoMatthew PembleJames BlessingPeter MilfordDr Marco Gercke1241018ForewordIntroductionChapter One: Global Meltdown –The Scale of the ProblemChapter Two: The Frontline FightAgainst CybercrimeChapter Three: InternationalCooperation – Myth or Possibility?Cybercrime is a growing problem that negatively impacts everybody. While a lot has beendone to combat cybercrime over the past decade, criminals still have the upper hand. Someexperts have argued that a cyberattack could be more economically devastating than thephysical attacks on September 11, 2001, so clearly something has to change. This year’sMcAfee ® Virtual Criminology Report discusses what factors can drive that change.Global cybercrime has a significant financial impact on businesses and consumers acrossthe globe, while wider use of technology in developing countries is further opening thewindow of opportunity for evildoers.As part of McAfee’s effort in the fight against global cybercrime, we recently launched theMcAfee Initiative to Fight Cybercrime, a wide ranging initiative aimed at closing criticalgaps in the battle against cybercrime. Although we have new cybercrime laws, and recentindictments, we believe there’s still more progress to be made.You’re about to read our fourth annual Virtual Criminology Report. This year the reportdiscusses the extent to which cyberwar is winning the battle over cyberlaw. It highlightsexactly why the McAfee Initiative to Fight Cybercrime is needed.Marc VilanovaHaim VismonskiFerenc SubaErka KoivunenEugene H Spafford2426Chapter Four: Next StepsContributorsFor this report, we consulted with more than a dozen security specialists from top institutionsacross the globe. These individuals, who are also on the front lines in the daily fightagainst cybercrime, were invited to comment on the extent to which cyberlaw is keepingup with the crimes being committed, and provide insight into how we can actually fight –and win – the battle against the perpetrators of cybercrime.Andrea MatwyshynMary KirwanThe conclusions? Read on for the details, but at the highest level the experts agree thatinternational action on cybercrime law, enforcement, prosecution and judging is needed.Leo AdlerDr. Paulo Marco Ferreira LimaFighting cybercrime is a 24/7 battle, a global battle, and it’s only just begun.Adriana Scordamaglia Fernandes MarinsRenato Opice BlumAlana MaurushatPeter GuttmanAndrew AdamsDave DeWaltPresident & CEOMcAfee Inc.1

IntroductionThe annual McAfee Virtual Criminology Report has traditionallytracked the emerging and looming trends in cybercriminalbehaviour and exposed how it has become increasingly organized,sophisticated, and global in its approach and impact.This year, in collaboration with cybercrime experts from acrossthe world, the fourth annual McAfee Virtual CriminologyReport reveals the extent to which cybercrime is winning thebattle over cyberlaw and that a massive and coordinatedglobal effort is required to redress the imbalance.Commissioned by McAfee, Dr. Ian Brown from the OxfordInternet Institute and Lilian Edwards, Professor of Internet Lawat the University of Sheffield in the UK, undertook extensiveresearch with legal authorities, law enforcement agencies andsecurity experts across the globe to assess the currentstate of the fight against cybecrime and to evaluate the threatsand challenges to gaining a global approach for the future.Three Key Findings EmergedFirst, cybercrime isn’t yet enough of a priority for governments around the world to allow thefight against it to make real headway worldwide. Added to that, the physical threat of terrorism andeconomic collapse is diverting political attention elsewhere. In contrast, cybercriminals are sharpeningtheir focus. Recession is fertile ground for criminal activity as fraudsters clamour to capitalize on risinguse of the Internet and the climate of fear and anxiety. Are we in danger of irrevocably damagingconsumer trust and, in effect, limiting the chances of economic recovery?Second, cross border law enforcement remains a long-standing hurdle to fighting cybercrime.Local issues mean laws are difficult to enforce transnationally. Cybercriminals will therefore always retainthe edge unless serious resources are allocated to international efforts.Third, law enforcement at every level remains ad hoc and ill-equipped to cope. While therehas been progress, there is still a significant lack of training and understanding in digital forensics andevidence collection as well as in the law courts around the world. The cyberkingpins remain at largewhile the minor mules are caught and brought to justice. Some governments are guilty of protectingtheir in-country offenders. The findings suggest there is an ever greater need to harmonize prioritiesand coordinate police forces across physical boundaries.The report concludes with a look at suggested steps at both the local and international level to makethe fight against cybercrime more effective.2 3

CHAPTER ONEGlobal Meltdown – The Scale of the ProblemThe scale of the Internet’s security problems increases rapidly.Criminals have exploited vulnerabilities in both software andhuman psyche to spawn a broad range of threats includingspyware, phishing, adware, rootkits, spam, and botnets.The last 12 months have seen the volume of malware risingdramatically, yet cybercriminals are increasingly using tried andtested techniques to wreak havoc and solicit money.Malware and PUP growth 1 (main variants)In thousandsHow the EconomicDownturn isSet to ExacerbateSecurity IssuesThe Gold RushE-gold is a digital gold currency that allows forthe instant transfer of gold ownership. Unlike inthe case of credit cards, all payments are final andirreversible. There are currently more than fivemillion e-gold accounts worldwide. Due to theanonymity provided to account holders it becamea popular method for cybercriminals to turn illgottenproceeds into clean cash.In July 2008, the brother of Joseph Yobo (the vicecaptain of the Nigerian national soccer team andone of the English Premier League Club Everton’stop soccer players), was kidnapped and a ransomof $10,000 was demanded in e-gold. This wasclearly a new digital twist on an old crime.Also in July 2008, e-gold Ltd. and its three directorspleaded guilty to money laundering charges andthe “operation of an unlicensed money transmittingbusiness.” While e-gold’s executives are still tobe sentenced, the company is confident that thebusiness can reinvigorate itself.In October 2008, e-gold made moves towardsbecoming fully legal by registering with the FinancialCrimes Enforcement Network (FinCEN), one ofthe US Department of Treasury’s lead agencies inthe fight against money laundering.1401201008060402001997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008Viruses and bots Trojans PUPs1 A PUP (potentially unwanted program) is a program that is unwanted despite the possibilitythat users consented to download: PUPs include spyware, adware, and dialers.Online fraudsters are using a varietyof untraceable means by whichto launder the proceeds of crimeCybercriminals Are Becoming IncreasinglyMobilized and UntraceableA vast number of insecure Internet-connectedmachines now provide a safe haven forcybercriminals. Recent figures suggest that thenumber of compromised zombie PCs in botnetshas quadrupled in the last quarter alone and thatthese are capable of flooding the Internet withmore than 100 billion spam messages per day.Botnets are increasingly switching to phishing,distributed denial of service (DDoS) and websiteattacks which are capable of causing a hugeamount of damage and are a growing threat tothe security of nations, the national informationinfrastructure, and the economy.New ways of laundering illicitly gained moneyare also emerging. Online fraudsters are using avariety of untraceable means by which to launderthe proceeds of crime. While previously fraudulentpayments could be tracked and recoveredwithin the banking system, experts now agreethat the law has not kept up with innovationsin payment systems.Online fraudsters are increasingly using nonbankpayment services, for example e-gold.This is making the old style mantra of “followthe money” harder and harder to negotiatein the cybercrime era.Cybercriminals are also turning to the currenciesin virtual worlds as a way to legitimize money.For example, they are able to set up an account,fund the account with the proceeds of fraud,malware and other illegal activities, and havean associate on the other side of the world whowithdraws funds as profits, or even as workingcapital for another criminal enterprise. Alternatively,with the sending of messages being free inonline worlds, money can also be reinvested intospam campaigns and laundered as revenue fromthose ventures.Additionally, the spread of m-payments (paymentvia mobile phone) in less developed countries– which often lack regulatory frameworks andwhere corruption is rife – will likely increase theease of money laundering in cybercrime as wellas terrorist financing.Cybercriminals to Benefitfrom Global RecessionThe situation is set to worsen as the more headturningconcerns of the global economic crisisand the continued war on terror divert attention.Ironically though, there has never been moreneed for focus on Internet security as the opportunitiesfor cybercriminals to cash in have neverbeen greater and the cost to consumers, industryand national security continue to escalate.As Matthew Bevan, a reformedhacker, explains: “I don’t think thatcybercriminals are using new techniques,they are just using slightlydifferent approaches to fool people.The latest and most effective threatstend to be automated attacks asthey are much easier for cybercriminalsto carry out and will providebetter bang for their buck, so tospeak. The less they have to invest,be it time or money, to provide betterpickings, then this is where itwill go.”4 5

205 5622350479 658. 7895200.02. 33695 454868.45 5 48452878245 4582 688.54 58 89 8 488.5545 6896Today, while monies spent on the investigationand prosecution of cybercrime is increasing, itstill has some way to goCybercriminals are Capitalizingon Consumer FearCybercriminals are cashing in on the fact that theeconomic downturn is causing people worldwideto increasingly turn to the web to seek the bestdeals, jobs and to manage their finances. Theyare preying on fear and uncertainty and takingadvantage of the fact that consumers are oftenmore easily duped and distracted during times ofdifficulties. In fact, opportunities to attack are onthe rise.As Philip Virgo, Secretary General of EuropeanInformation Group Society (EURIM), The InformationSecurity Alliance in the UK, warns: “We areseeing rounds of phishing emails which purportto be from banks responding to the crisis. We arealso seeing a round of phony Curriculum Vitae (CV)sites, whose main aim is to collect personal details.”There is also the risk that as job security becomesmore volatile and unemployment rates rise,consumers may be tempted by the fast buck ofInternet money-making schemes and in fact endup as “mules” for cybercrime gangs. Recruitedas “international sales representatives,” “shippingmanagers” or other fake jobs, mules areasked by fraudsters to receive “payments” whichthey then transfer internationally after deductinga small “commission.”Similarly, there are sites that offer people moneysimply to add a few lines of code to their webpages. In this sense, they are becoming the mostbasic type of mule – they are the attack point.Matthew Bevan agrees that consumers areincreasingly at risk from cybercrime: “In the currenteconomic climate where people are much moreconcerned with money, people are more likely tofall for the old-style, ‘get rich quick’ scams as theirguard will be down. I am sure we’ll see attackslike this increase and they will keep increasinginto next year. The credit crunch is also hitting thecybercriminals – they’ll be working even harder tomake money.”He continues: “I also think there will be morevictims of cybercrime as security is something thatisn’t visibly beneficial, and some people may startcutting corners – for example, choosing not toupdate to latest patches or versions of securitysoftware which puts them even more at risk.”Yet, e-commerce and e-government are dependentupon consumer trust and confidence onlineand are therefore critical to economic recoveryand ongoing development.As Alana Maurushat, Acting Director of theCyberspace Law and Policy Centre of the Universityof New South Wales in Australia, summarises,consumers will eventually drive demand for cybersecurityat every level: “Consumers are, in trueform of the tortoise, slowly crawling their wayto becoming educated on security matters. Thiswill have a trickle-down effect similar to greenconsumer movements. Where consumers havedemanded environmentally friendly products,they will eventually demand safe products andservices, inclusive of secure Internet transactions.”“A few years ago, the seesaw had equilibrium:there was an insufficient level of security investmentfrom both the private and corporate sideas well as the cybercrime law enforcement side …Today, while monies spent on the investigationand prosecution of cybercrime are increasing,it still has some way to go.We have gone from an inactive to a reactiveapproach. Active prevention is the missingkey component.”Industry Faces Balancing Act BetweenShort-Term Spend and Long-Term LossesA key problem in the wake of the credit crunchmay be whether laws ensuring greater securitycan be regarded as feasible or acceptable toindustry, given the weak financial state of manyindustry sectors, especially banks.An opposing argument would be that laws areessential in poor financial times, as compliancerequirements will take precedence for spendingover other desirables.Peter Sommer, Visiting Professor at the LondonSchool of Economics’ Information SystemsIntegrity Group and Visiting Reader at the OpenUniversity in the UK, remains optimistic that theneed for spend to reduce potential losses will berecognized, though is conscious of the cost ofindustry consolidation. The hasty amalgamationof piecemeal and varied IT infrastructures willlikely expose compliance issues while also puttingvaluable data at risk.“Although one might think that the credit crunchwill hit security spend, many recent conversationspersuade me that most businesses do now realizethat security budgets should be a function ofefforts to reduce loss, not some arbitrary proportionof information and communications technology(ICT) infrastructure costs. A number of securitymanagers in financial institutions think they willhave actually to increase their budgets to meetthe needs of the new compliance and regulatoryframeworks. A further problem will be handlingthe transitional costs of forced, speedy mergersbetween institutions where two ICT infrastructuresand two differing corporate cultures mustnow become one.”Businesses must be cautious to fully evaluate theirrisks and assets, and to allocate security spendaccordingly. Security in a downturn is essential topreserving good business practice, reputation, andpublic confidence.Mary Kirwan, an international lawyer and formercybercrime prosecutor in Canada believes that thedownturn is taking business back to basics. Thiscan have a positive effect if done appropriately butwill have disastrous consequences if vital gaps insecurity are allowed to develop:“There’s a flight to quality, to safety, to studyingthe fundamentals. Complexity is out and simplicityis in. Business is going back to basics. Risk managementis back in vogue. Security needs to moveto where it belongs – up the value chain, as acritical component of a rational risk managementstrategy. If positioned in this way, its future is rosy.”“However, rebuilding trust is clearly essential tore-establish order from chaos in global markets.It will not be repaired if companies add insult toinjury by disrespecting sensitive consumer data,and selling customers down the hacker highway.”Constant Threat of National AttackLast year’s report focused on how the Internet wasincreasingly becoming a weapon for political, militaryand economic espionage. It is a trend that hasnot dissipated over the last twelve months, withreported attacks still continuing to rise.The threat of cyberterrorism has been commonlycited as over-hyped, yet there is a growing swell ofopinion that hackers will eventually be bold enoughand powerful enough to launch attacks that willdamage and destroy critical national infrastructure.44 822.6564568 45 4582 688.54 58486 86484 8 86541215.23. 5656565.369 21 4477787 4651546 7895202115205 5622350479 658. 7895200.02. 33695 454868.45 5 48 452878245 4582 688.54 58 89 8 488.5545 68966 7

4205 5622350479 658.7895200.02. 33695454868.45 5 48 452878245 4582 688.54 58 89 8488.5545 689644 822.6564568 45 4582 688.54 58486 86484 8 86541215.23. 5656565.369 21 4477787 4651546 78952Case Study The GrowingEvidence of Cyberespionageand National AttacksIn May 2008, Belgium and India joined the growing force ofcountries claiming to be victims of attacks, believed to be originatingfrom China. Thought to be a target because it houses theheadquarters of both the EU and NATO in Brussels, Belgium hashad emails containing spyware sent to State departments. Similarly,India claims its government and private sector networks areunder constant cyberattack.In August 2008, a coordinated cyberattack was launched againstGeorgia’s infrastructure, compromising Georgian governmentwebsites including the Ministry of Foreign Affairs. The Georgiangovernment said the disruption was caused by attacks carried outby Russia in connection with the conflict between the two Statesover the province of South Ossetia.Case Study Steps to Heighten Security DeemedUnnecessary by GovernmentIn August 2007, the UK House of Lords science and technology committee warned the government thatthe Internet was increasingly becoming a “Wild West” outside the law and stated that immediate actionwas needed to stop the web from becoming a “playground of criminals.” They highlighted that fear ofe-crime was surpassing that of mugging and that without essential measures and incentives being put inplace to take control of security, public confidence in the Internet would be lost.In November 2007, the UK government elected to reject almost every one of the report’s suggestionsas unnecessary.Peer Lord Broers, who chaired the Committee’s Internet security sessions, said: “In our initial report weraised concerns that public confidence in the Internet could be undermined if more was not done toprevent and prosecute e-crime. We felt that the Government, the police and the software developerswere failing to meet their responsibilities and were quite unreasonably leaving individual users to fendfor themselves.”However, subsequent to the massive data breaches which have plagued the UK government agenciessuch as the Her Majesty’s Revenue and Customs (HMRC) in the last year, the House of Lords has reiteratedits basic recommendations and they may be given more attention this time.565271In October 2008, at the International Conferenceon Terrorism and Electronic Media, it was highlightedhow the Internet is now the leading sourcefor the creation of terrorist threats, and that thereare now over 7500 sites linked with terrorist threatson the web.The potential is significant, and governments mustcontinue to ramp up resources in the fight againstcybercriminal activity even in the face of globaleconomic recession.Governments Failing to Prioritize SecurityDespite the evident increasing risk to nationalsecurity, governments are still floundering at thefirst hurdle when it comes to cybercrime. They arefailing to view cybersecurity as a priority due totechnical ignorance and lack of foresight of thewidespread and longer term risks and are neglectingto prioritize legislative time and resources to it.Peter Sommer, Visiting Professor at the LondonSchool of Economics’ Information SystemsIntegrity Group and Visiting Reader at the OpenUniversity, declares: “Cybercrime was a biggergovernment concern in the late nineties when theBlair administration was convinced Britain mustbecome high-skills economy and the best placein world to do e-commerce – even then it was astruggle to get the National High-Tech Crime Unit(NHTCU) funded. NHTCU ceased to exist in 2006when the National Crime Squad disappearedand SOCA (Serious Organised Crime Agency) isnot part of the structure of UK policing – and itsoriginal ‘stealth’ mode of operation lost publicconfidence through invisibility.“From Spring 2009 we will have a Police Centrale-crime Unit (PceU), but it has taken a long timeand it is still very under-funded. The public is stilllikely to be very confused about where to reporta cybercrime. There will also be three quangosdevoted to fraud reporting and intelligence andwith the City of London Police as the fraud lead.Elsewhere there will also be the Serious FraudOffice. All this is a recipe for inter-agency disputes.Overall, cybercrime has not been fashionable inLabour government circles, having lost out toterrorism and antisocial behavior.”So what will happen if cybercrime continues to beoverlooked or de-prioritized?Mary Kirwan, international lawyer and formercybercrime prosecutor in Canada sums it up: “Thebad guys will inherit the earth, and we will be leftswinging in the wind.“The Achilles heel of the technology sector is thesame vulnerability that has the financial servicessector currently on its knees: a wealth of arrogance.Complexity is worshipped as an end initself, and simplicity is scorned. There’s no understandingof critical interdependencies, throughlack of communication. We’ve a poor grasp ofwhat glues the Frankenstein monster we’vecreated together, and what can just as equallytear it all apart.“But the bad guys are in the know, and they areready to exploit the demonstrable lack of bigpicture thinking in the sector.”7894152 02 308 9

Research shows that while many attacksare routed through faraway countries, theyare just as likely to originate close to victimsThe High–Tech Crime ScapegoatsCybercrime activity has often been cited as beingprimarily organized from legal havens such asMoldova and developing states such as Brazil andChina. However, research shows that while manyattacks are routed through faraway countries,they are just as likely to originate close to victims– where it is much easier to transfer money out ofbank accounts.“It’s a myth that hackers are 15-year olds in darkenedrooms, and similarly that all cybercriminalsare overseas,” said Bob Burls, Detective Constableat the Metropolitan Police Computer Crime Unit inthe UK. “As with drugs, you have major traffickersbut also street dealers. Wherever there is criminalitythere are criminal hierarchies, and there will alsobe local pockets of criminality.”Eugene Spafford, Professor of Computer Sciencesat Purdue University and Executive Director of theCentre for Education and Research in InformationAssurance and Security (CERIAS) in the US, alsohighlights that criminals are increasingly clever intheir attempts to disguise their “location” and areoften much closer to home than at first assumed:“I’ve been working with some law enforcementagencies trying to track down fraud that appears tobe coming from other countries. Some of it may beoriginating in those other countries, but some of itmay be originating down the street where somebodyis accessing and using a computer in anothercountry as a way of hiding their participation.”Alana Maurushat, Acting Director of the CyberspaceLaw and Policy Centre of the University ofNew South Wales in Australia, believes that it isa rising trend and that some countries have beencommonly used as scapegoats for criminal activity:“At the moment, Brazil is the scapegoat, with theChinese and Vietnamese rerouting traffic fromthese points. But the really interesting element isthat the actual attacks are being carried out locallywithout being picked up.”“In fact, obfuscation seems to be the name of thegame. It is easy to make it appear as if malware orespionage activities are originating from a countryother than their original source. There is considerablemisdirection as to origin of attacks. Muchtraffic is misdirected as a decoy. The actual attackmay originate in the same city as the target. Thisis often done with cases of country espionage andcorporate espionage.”Are We Catching the Cyberkingpins?Experts Don’t Believe We AreCybercrime efforts and arrests may be widelytouted but experts agree that those caught andbrought to justice are traditionally the ‘moneymules’ rather than the cyberbarons of crime.“Phishing is most commonly dealt with by catchingthe money launderers rather than the phishermenwho design the deceptive emails. In one of thebiggest cases to date in the UK, the main perpetratordisappeared to Russia while minor muleswere caught. It was a very expensive investigationthat got little publicity,” said Peter Sommer, SeniorResearch Fellow at the London School of Economics’Information Systems Integrity Group.He continues, “In general, international transactionsare very easily traced. Harvesters of accountdetails sell blocks of information with some levelof guarantee via covert websites and are difficultto track down. Their buyers therefore have totake risks to convert the information into cash,for example, through cash withdrawals, creditcard spend, loan fraud; to do so they in turnemploy expendable mules who in fact bear thegreatest risk of being caught. Money has beenlaundered through fake auctions and casinos.”4205 5622350479 658. 7895200.02. 33695 454868.45 548 452878245 4582 688.54 58 89 8 488.5545 689644 822.6564568 45 4582 688.54 58486 86484 8 86541215.23. 5656565.369 21 4477787 4651546 789525652717894152 02 3012 13

205 5622350479 658. 7895200.02. 33695 454868.45 5 48 4528782 45 4582 688.54 58 89 8 4568 44 822.65645 4582 688.54 58 488.5545 6896 4.8 8. 486 86484 8 8 6541215.23. 5656546 78952 565.369 21 4477787 4651Case Study Myanmar Attacks – Political Protection“DDoS attacks almost always lead to blackmail andshould be dealt with in the same way, by catchingthe perpetrators at the point at which the ransomis paid. It is just too hard to identify the authors ofattacks, and we will continue to see an arms racebetween attackers and defenders.”Paulo Lima, criminal lawyer in Sao Paulo, agreesthat the cyber mafia men remain at large dueto law enforcement’s slowness to adapt and keepup with this growing and increasingly effectivecyberthreat:“There have been a few cases where cybercriminalshave been promptly arrested, but they’reusually responsible for the small attacks. Thoseresponsible for the large operations have neverbeen arrested. The public sector has usually actedin a mitigating manner, attacking the symptomand not the illness – there is an antiquated legalsystem and a completely unprepared law enforcementbody.”Cybercriminals Are Protectedfrom ProsecutionCatching the mafia men of the cyberworld is evenharder when they are shielded from prosecutionby political sympathies.As Eugene Spafford, Professor of ComputerSciences at Purdue University and ExecutiveDirector of the Centre for Education andResearch in Information Assurance and Security(CERIAS) in the US, explains:“Criminal behaviour is still receiving political cover.For example, in the case of the Myanmar denialof service attacks, they took place with localEastern European and Russian support. Russiaand China are especially reluctant to cooperatewith foreign law enforcement bodies for reputationand intelligence reasons.”The implication is that elements of Russianintelligence agencies are protecting the country’scybercriminals.Alana Maurushat, Acting Director of the CyberspaceLaw and Policy Centre of the University ofNew South Wales in Australia, believes that it is acase of mutual support: “Criminal behaviour hasalways received political cover from governments.It is a double edged sword. Quite often, thosewith the expertise and technical skill set that governmentsrequire to successfully handle tasks, areoften hackers themselves. It has been my experiencethat hackers wear multiple hats: some black,some white, and many grey.”The Cybercop Shortage: Lack ofUnderstanding and Training of Policeand Law Courts is Stifling ProgressExperts agree that cybercriminals are alsoeffectively immune to arrest due to the inabilityof policing to keep up with the digital age.The Internet often holds the evidence that couldbring cybercriminals to justice. Yet, digital tracingand forensics are often overlooked or ignoredbecause those involved, from investigationsthrough to trial, are untrained in how to comprehensivelyunearth and exploit it.“There are mountains of digital evidence outthere; the problem is that there aren’t enoughwell-trained investigators, prosecutors and judgesto use it effectively. With PC and broadbandpenetration increasingly high, direct and indirectevidence is easy to find from machines.Few criminals have the technical ability to avoidleaving or wiping digital traces,” said Peter Sommer,Visiting Professor at the London School of Economics’Information Systems Integrity Group andVisiting Reader at the Open University.In July 2008, the websites of the Oslo-based Democratic Voice of Burma (DVB) and New Delhi-based Mizzima News were hit by DDoSattacks that shut down their websites for several days. In August two community forums, Mystery Zillion and Planet Myanmar, were disabledand shut down and on September 17, The Irrawaddy, DVB and the Bangkok-based New Era Journal also experienced similar attacks.It is thought that these concerted attacks were coordinated by the Burmese government in anticipation of the first anniversary of TheSaffron Uprising – a peaceful protest by Buddhist monks, nuns, and students against an oppressive military regime. The websites were allknown to support the monks. The attacks all appeared to mainly originate from China and Russia, the main diplomatic backers of thejunta (military-led government) and where it has been suggested the junta have been receiving technical training.“In the UK, complex cases are generally well-investigated,as there is a small core of police that arehighly proficient in cyberinvestigations. The problemis that most of their colleagues are yet tounderstand where digital evidence exists, how toaccess and use it, and how to interact with forensicinvestigators.”Paulo Lima also backs the thinking that cyberlawenforcement needs to have more of a backgroundin the specific technicalities of cybercrime. In Brazil,while ad hoc attempts have been made to try toaddress the problem, for the most part investigationsare undertaken by officers ill-equipped tounderstand the intricacies of Internet-based crimes:“In some states there are specialized prosecutor(district attorney’s) offices (Rio de Janeiro andMinas Gerais). As for the rest, the investigationis done by the entire law enforcement body indistinctly,generally police not properly trained toeffectively fight this type of crime.”Matthew Bevan, a reformed hacker, agrees thatthe challenge for cybercrime is in recruiting peoplewith the right skill set: “I don’t think law enforcementis equipped to deal with cybercrime, andthis has always been the case as people that loveIT and have the right skills go into IT jobs, not alaw enforcement role. It is extremely rare that anIT specialist would join the police. Therefore, lawenforcers lack the right skills to interpret cybercrimeand know what to look for. A simple examplecould be a new USB stick that looks like a torncable but actually holds 4GB worth of data – thepolice wouldn’t recognize this.”It’s not only the police forces on the front line thatare struggling to effectively track down offendersbut, where cases are brought to caution, the lackof understanding in law courts is also impedingthe path to rightful penalties and convictions.Equally, sentencing has been traditionally basedon physical damage levels, where you can actuallysee the impact of the crime. However, withcybercrime it can be much harder to ascertain theextent of the damage done. One of the challengesfor law enforcement is in getting victims involved,either because they don’t realize or because they,especially in the case of businesses, don’t want toadmit to having been vulnerable to attack.Vijay Mukhi, President of the Foundation of InternetSecurity and Technology (FIST) in India said:“Cybercrime has become a big problem in Indiathis year. However, politicians and judges do notunderstand how to deal with it, and in fact fewof them ever use the Internet. Police are reluctantto register cases because they are too difficultto prosecute. The Indian IT Act 2000 has somerelevant provisions but has resulted in only onesuccessful prosecution, of credit card fraudsters.Generally, fraud and trade secrecy provisionsare civil offenses and hence will not be investigatedby police. Kingfisher Airlines recently lostfour or five million dollars due to stolen creditcards. After Kingfisher complained to the police,no other airlines complained of similar fraudsbecause nothing happened.”205 5622350479 658. 7895200.02. 33695 454868.45 5 48 4528782 45 4582 688.54 58 89 8 4568 44 822.656546 78952 565.369 21 4477787 465114 15

4205 5622350479658. 7895200.02.33695 454868.45 5 48452878245 4582 688.54 58 898 488.5545 689644 822.6564568 45 4582 688.5458486 86484 8 86541215.23. 5656565.369 21 44777874651546 789525652717894152 02 30Mary Kirwan, an international lawyer and formercybercrime prosecutor in Canada, also comments:“Judges and juries both get overwhelmed withtechnological gobbledygook. There are trainingprograms in Canada and Ireland, but again theproblem is the gap between the tech savvies andthose not. Judges should also be trained to havea great deal of skepticism about technology andits security.”Peter Sommer, Visiting Professor at the LondonSchool of Economics’ Information Systems IntegrityGroup and Visiting Reader at the Open University,added: “In the UK, experts have recentlybeen better used by the courts, for example,Criminal Procedure Rules allow prosecution anddefence experts to agree on consensual matters,such as how technology works and sometimeson a chronology of events. However, the Councilfor Registered Forensics Practitioners scheme toaccredit experts is still not yet working. Assessmentcriteria must be fluid in such a fast-movingfield, but this increases the expenses of accreditation,especially if it is to be meaningful. This mayneed to be made compulsory.”In addition, victims need to do more to protectthemselves, in the same way that they do in thephysical world, especially when it comes to preservingevidence. Companies need forensic readinessprograms. Individuals need basic trainingand advice.How Cyberspooks Are Being Poachedfor Private EnterpriseIn the rare cases where police are being effectivelytrained to tackle the unique technical challengesof the cybercrime industry, rewards and incentivesare often misplaced and damaging morale.“Police career rewards go to managers rather thanfront-line specialists, for example, some of thebest digital investigators are still detective constablesor sergeants,” commented Peter Sommer.Commonly, this has led to cybercops being successfullypoached by private enterprise with the promiseof higher wages, resulting in wasted investmentand leaving behind a dearth of essential experience.Case Study E-Experts IgnoredIn January 2007, Julie Amero, a substitute teacher inConnecticut, was convicted on four counts of risk of injury toa minor, following exposure of her pupils to pornography thatpopped up during a lesson on a school computer back in 2004.Internet experts agreed that she was a victim of circumstance– that it was malicious malware that popped up unprompted,allowed to get through because the school’s Internet filtersweren’t working properly that day.According to the defense’s expert witness, the defense at thefirst trial was not permitted to present prepared evidence insupport of this theory.Sentencing was delayed four times due to agreed lack ofevidence and failure to assess the case properly. Eventually inJune 2007, the conviction was thrown out, and she was granteda new trial.Case Study The Fine LineBetween Cybercop and CriminalIn 2003, hacker Brian Soledo was sentenced to nine years in prison for trying to steal credit card detailsfrom Lowe’s hardware chain in the US. He had in fact tried to back out of the scheme but was forced togo through with the online raid when he was threatened by the buyer of the credit cards who had alreadybeen lined up.In August 2008, it emerged that the buyer, who operated under the name SoupNazi, was 27-year-oldAlberto Gonzalez and that at the time he was working for the federal police. He was arrested in Miamiin possession of more than $20,000 in cash.Authorities admitted that Gonzalez was working as an informant in a separate US Secret Service hackinginvestigation. He was using information from their probe to help fellow hackers avoid arrest.Alana Maurushat, Acting Director of the CyberspaceLaw and Policy Centre of the University ofNew South Wales in Australia, said: “Canadian,Australian and American local and state policefind it extremely hard to recruit cybercops, oftendue to small hurdles like requirements to do sevenyears on foot patrol or fitness requirements. Oncestaff are trained, they are then often poached byindustry at much higher salaries.”There has also been the occasional case of trainedcybercops being lured into and recruited by thecriminal underground. Police forces, therefore,need to ensure that there are clear career pathsfor specialist cybercrime-fighting agents.However, while specialist training for cyberspooksis no doubt essential, there is also a needto balance their unique expertise with the corepolicing skills to ensure that they retain roundedproficiencies and instincts rather than whollyfocusing on technologies.As Mary Kirwan, international lawyer and formercybercrime prosecutor, warns: “We shouldn’tghettoize cyberenforcement and be carried awayby the mystique of technology, to the detrimentof traditional police skills. This is just crime inanother medium and it’s still all about the money.So traditional skills – using informants, gatheringevidence, a lateral turn of mind to understandhow criminals are thinking – are still the coreneeds and they still need the savvy to understandand exercise social engineering.”The De Factco Cybercops? The Crucial Roleof ISPs in Cybercriminal InvestigationsThe Internet has historically not been regulatedin the same way as, on the one hand, broadcastingand traditional media, and on the otherhand, banks, financial, munitions, and othersectors – all industries which can potentiallycause serious harm to basic societal interests. Yetthe Internet is as crucial as the first as a communicationsmedium and as likely to cause harm asthe latter.Experts agree that currently the main cybercopsare in fact the ISPs. It is via unencrypted emailsthat many scammers are caught discussing theirplans and that, when there is the legal authorityto do so, has proved invaluable in police inquiries.Both ISPs and other intermediaries, such asmoney transfer agencies, who can have an enormousimpact on the success of global investigations,must therefore be engaged in the fightagainst cybercrime.16 17

CHAPTER THREEInternational Cooperation – Myth or Possibility?Some regions, especially the Arab regions, feel they had no part in developmentof the Cybercrime Convention and prefer to put together their own regionalinstruments rather than accede – in most cases, however, such instruments remainin keeping with the Convention.Currently the Council of Europe Convention on Cybercrime isthe only international agreement that covers all relevant areasof cybercrime legislation (Substantive Criminal Law, ProceduralLaw and International Cooperation). Adopted by the Committeeof Ministers of the Council of Europe at its 109 th Session on8 November 2001, it was opened for signature in Budapest,on 23 November 2001 and it entered into force on 1 July 2004.The Gulf States meanwhile have chosen to go the route of preparing their ownlaw, with the Cybercrime Convention as a model. The UAE was the first countrythat enacted a comprehensive cyberlaw among the Gulf States. It has been workingwell against cybercrime in the country, but plans are underway to extend thelaw into other Gulf Cooperation Council (GCC) States.The Cybercrime Convention – A Current SnapshotRegional approaches also play an important role. This is especiallyrelevant with regard to the criminalisation of illegal contentwhere you find more similarities on a regional than on a globallevel. Examples for current regional approaches are: the EuropeanUnion (EU), the Common Market for Eastern and Southern Africa(COMESA) states, Asia-Pacific Economic Cooperation (APEC),Organisation of American States (OAS) and the Gulf CooperationCouncil (GCC).1. EC, the Council Framework Decision 2005/222/JHA onattacks against information systems, was adopted by theCouncil of the European Union on 17 January 2005. TheFramework Decision will ensure a common minimum level ofapproximation of criminal law for the most significant formsof criminal activity against information systems, such as illegalaccess, illegal system, and data interference. This includes theso-called “hacking” and “denial-of-service attacks” as wellas the spreading of malicious code, spyware and malware andviruses. This approximation is desirable in order to avoid anygaps in Member States’ laws that could hamper the responseof law enforcement and judicial authorities at national levelto these growing threats.European Program for Critical Infrastructure Protection(DG JLS) – The Directive has been drafted, while the criteria andguidelines are under development until year-end 2008.2. Other European group initiativesG8 High-Tech Crime Sub GroupEuroSCADA GroupEuropean Governmental CERT GroupForum of Incident Response and Security Teams3. http://www.virtualglobaltaskforce.com/. The VirtualGlobal Taskforce (VGT) is made up of police forces fromaround the world working together to fight online child abuse.There is considerable activity being undertaken in Latin America to come into linewith the Cybercrime Convention but there are problems surrounding the lack ofprocedural law. Most countries cover child porn and system attacks but it remainsunclear as to whether botnets are illegal. Costa Rica and Mexico have been askedto accede to the Cybercrime Convention while Argentina and Dominican Republicalready have working legislation. Brazil is drafting cybercrime legislation which isunder debate but alleged to be “very tough.”Countries that are ratifiedwith the Cybercrime ConventionCountries that are signed withthe Cybercrime ConventionCountries who have yet to participatewith the Cybercrime Convention18 19

Case Study Heist at the Habbo HotelPhishing, identity theft, and virtual worldcrime have emerged as new forms ofattack since the Convention was draftedCybercriminality in virtual worlds is becoming an increasingly big problem. Virtual world gaming isstarting to suffer from real-world problems – theft of identity and virtual assets, extortion, and eventerrorist attacks. This is particularly evident in countries such as South Korea where 30 million of its46 million people are active in social networks like CyWorld and police are seeing many attackscoming from China.International Standards Stumbleas Countries Fail to SynchronizeIn total, 45 countries have signed up to theCybercrime Convention to date, but after sevenyears since its inception, only half of them havesuccessfully ratified it.The Convention is viewed as having been mainlydeveloped by the West, and of all the non-memberStates to have acceded, the US is the onlycountry to have fully ratified. There are somenotable exceptions.However, Marco Gercke, Professor at the Universityof Cologne and UN and Council of Europeexpert on the Cybercrime Convention, clarifiesthat it is proving a good harmonization model:“You have to drill down into each country andregion to see the success of the Cybercrime Convention.For example, Germany has not yet ratifiedonly because it has one provision left to get rightin its own country legislation.”Overall, it appears that the principle of the modelis working, but some countries are still toofocused on national concerns and priorities tothink about the international greater good.Peter Sommer, an expert in information systemsand innovation at the London School of Economicsin the UK, said: “The Council of Europe cybercrimetreaty is working reasonably well, althoughsome countries are still ignoring it. It providesstandard definitions, mutual legal assistanceand evidence exchange procedures, and makesextradition easier. Eastern European nations areless cooperative, especially Russia. They attendmeetings – for example the G8 meeting 10 yearsago – make promises, but do not follow through.They have been more cooperative on child abuseimages. They make plain that they cannot prioritizefraud against non-Russians. Nigeria has beenbad in the past but is now improving, especiallyin boosting their forensics capabilities.”One of the biggest problems in drafting cybercrimelaws is in harmonizing definitions. It is ahuge challenge to be able to get agreement oncrime X being the same in State A and State B.Yet this agreement is essential for extradition aswell as for evidence and jurisdiction.The Cybercrime Convention has helped but hasnumerous get-out clauses meaning that synchronizationhas not really been achieved.This lack of harmonization also affects comparativereporting and statistics and so the full scaleand impact of cybercrime cannot be counted.Law is Failing to Keep up with CybercrimeNow seven years old, the Cybercrime Conventionis also showing signs of being too dated toeffectively address the modern-day attacks onthe cyberworld.Phishing, identity theft and virtual world crimehave emerged as new forms of attack since theConvention was drafted which fails to offer explicitguidance on how to deal with them. This makes itdifficult for local prosecutors and again adds to theproblem of extradition if countries do not agree ona definition of, or response to, a crime.Though these crimes can be covered under moregeneral provisions, it makes it easier for prosecutorsif there are nominate offenses. So do weneed a new Cybercrime Convention?In November 2007, a Dutch teenager was arrested for allegedly stealing 4,000 worth of virtualfurniture from rooms in Habbo Hotel, a 3D social networking and gaming website.Five other teenagers were also questioned in connection with the case. The group apparently createdfake Habbo websites and lured players into visiting them. Usernames and passwords were thenharvested and used to break into the real accounts to steal the virtual furniture. The credits to buyfurniture in the first place were purchased using real money.Police are certain they will need better capacity to deal with such virtual crimes in future.Marco Gercke, Professor at the University ofCologne and UN and Council of Europe expert onthe Cybercrime Convention, disagrees with theneed for a whole new structure but acknowledgesthat there is a definite lag in law. Regular reviewsand updates are needed to take place to ensurethat both laws and investigations stay in line withcybercriminal advancements:“While we don’t need a new model law, we couldhave added protocols to deal with new issues.I think that new scams should be addressed if thecurrent legislation is not able to cover them. Ina 2007 identity theft study for the Council ofEurope, I pointed out that the Convention doesnot cover the transfer of obtained identities(identity theft). This could be an issue that needsto be covered in the future.“The Convention was developed before the endof 2001. A lot of things have changed since thattime. This is not only relevant with regard tosubstantive criminal law but the necessary proceduralinstruments as well. New investigationinstruments like key-loggers (“Magic Lantern”)and identification instruments (Computer andInternet Protocol Address Verifier) are already inuse in countries like the US but not mentioned inthe Convention.”International Cooperation Yields Successfor Cybercriminals. Why is Law EnforcementFailing to Communicate?As Ferenc Suba of CERT in Hungary comments:“The Council of Europe’s Cybercrime Conventionis a good guide for legislation. Operational needsnow trump the need for new law.”Indeed, traditional law enforcement is stronglybound to physical national boundaries. Such distinctionsgenerally do not exist on the Internet, solaw enforcement by local agencies is very difficult.”Mary Kirwan, a former cybercrime prosecutor inCanada, highlights that while cybercriminals areorganized and work fast together to ensure success,international law enforcement falls short ateven simple communication:“The law is irrelevant to most cyberhackers –they can operate out of anywhere. The realityfor law enforcement is that if you want themto act as speedily and effectively as the internationalcybercrime community, you need togive them the tools. If the hackers share all theirinformation, and businesses and governmentsshare none of their information, you can imagine205 5622350479 658. 7895200.02. 33695 454868.45 5 48 4528782 45 4582 688.54 58 89 8 4568 44 822.65620546 78952 565.369 21 4477787 465120 21

which does better. When a crime gang needs adocument decrypted, say, they ping the communityand an answer comes back like that.”In a handful of cases, international cooperationhas successfully brought down cybercriminals, butexperts are skeptical of the impact that it is havingon cybercrime gangs who are quick to mobilizeand move on.“My previous experience, not only with credit cardand similar exchanges, but also underground websitesdealing in cracked software, hacking toolsand indecent images of children leads me to anticipatethat there are always several rival websitesfor each ‘theme,’ and although at any particulartime one may dominate, the others will assertthemselves if the dominant one disappears or iscompromised for any reason,” said Peter Sommer,Visiting Professor at the London School of Economics’Information Systems Integrity Group andVisiting Reader at the Open University in the UK.The recent sting on a criminal forum called DarkMarket by the FBI, in conjunction with other lawenforcement agencies, is thought to be a dropin the ocean: while it is encouraging to see thatefforts can be coordinated, it is not happeningnearly enough.Alana Maurushat, Acting Director of the CyberspaceLaw and Policy Centre of the University ofNew South Wales in Australia, said: “Every fiveyears a major bust like this is made and victory isclaimed for the good guys. Dark Market forum,while a great sting, is merely one of many similarforums. I am not aware of any foreign partiesbeing arrested in this operation, especially fromcountries where a significant source of this organizedcrime hails from, namely Eastern Europeancountries. I do not see this as putting even a dentin the level of online fraud. That being said, theFBI and Federal Trade Commission (FTC) shouldbe commended for this operation, as well as fora great deal more arrests that have been maderecently for spam rings and botnet herders. Itwould be nice if non-US counterparts steppedup their investigations as well.”Case Study Dark Market – International Triumphor the Tip of the Iceberg?In October 2008, an internationally coordinated crime operation saw the arrests of 56 membersof a transnational criminal network used to buy and sell stolen financial information. The “carder”forum hosted on the Dark Market website had attracted more than 2,500 registered membersbefore its closure.In addition to the arrests, police seized compromised victim accounts to prevent $70 million ineconomic loss through identity fraud.The FBI conducted the two-year operation with the assistance of the Computer Crime and IntellectualProperty Section of the US Department of Justice, the UK’s Serious Organized Crime Agency (SOCA),Turkish National Police – KOM Department, Bundeskriminalamt (German Federal Criminal Police) andthe Landeskriminalamt Baden (State Police of Baden-Württemberg).FBI Cyberdivision Assistant Director Shawn Henry said: “In today’s world of rapidly expanding technology,where cybercrimes are perpetrated instantly from anywhere in the world, law enforcement needsto be flexible and creative in our efforts to target these criminals. By joining forces with our internationallaw enforcement counterparts, we have been, and will continue to be, successful in arrestingthose individuals and dismantling these forums.”Without Global Communication,Information is Being Siloed and theProblems Are Expanding ExponentiallyCyberhacking, warfare, and crime are inherentlytransnational problems, presenting enormousproblems to law enforcement in tracking downthe perpetrators, collecting evidence, negotiatingjurisdiction between investigating agencies andin courts, and arranging extraditions.At the moment, effective policing by a nationalauthority regarding a transnational crime requiresmounting a joint operation every time fromscratch, a highly expensive and time-intensiveprocess. Interpol exists but does not seem to havea high profile in cybercrime policing.As Richard Clayton from Cambridge UniversityComputer Centre in the UK outlines: “Interpol isa fax passing mechanism – it has a limited intelligencefunction of its own these days, but doesn’taspire to leadership. Although its mechanismscan be used to coordinate, it does not itselfattempt to set priorities, or choose when andwhere to deploy resources most effectively.”There is, therefore, the argument for the set upof a global task force specifically for transnationalcybercrime investigations to go beyond the treatyand ensure action. It would help track and coordinatecybercrime across borders and help speed upresponse times.Clayton continues: “The basic idea is to establish acentral coordinating body with full-time membersfrom all relevant forces. Essentially their role wouldbe twofold, first to help achieve consensus, or atleast high levels of support, on what criminalityto deal with; and second to be able to liaise backwith their home forces to provide appropriatelogistical support to particular operations and tofeed forward the ability or inability to assist toensure that central planning is reasonably efficient.Whether it all worked in practice would comedown to the effectiveness of the leadership for thecoordinating body; along with sufficient high profilesupport from politicians in key states. But withsupport amongst at least the G8 players wouldhelp regain control along with the main hotbedsof wickedness.”However, given the number of bureaucratic bodiesalready involved in cybercrime, perhaps what isneeded more is to rationalize and harmonizeexisting organizations.22 23

205 5622350479 658. 7895200.02. 33695 454868.45 5 48 4528782 45 4582 688.54 58 89 8 4568 44 822.656546 78952 565.369 21 4477787 4651CONTRIBUTORS4528782 45 4582 688.54 58 89 84568 44 822.656EMEA:Dr. Ian Brown – Research Fellow at the OxfordInternet Institute, Oxford University, UKDr. Ian Brown is a research fellow at the OxfordInternet Institute, Oxford University, and an honorarysenior lecturer at University College London.His work is focused on public policy issues aroundinformation and the Internet, particularly privacy,copyright, and e-democracy. He also works on themore technical fields of information security, networking,and healthcare informatics.He is a Fellow of the Royal Society of Arts andthe British Computer Society and an adviser toPrivacy International, the Open Rights Group, theFoundation for Information Policy Research andGreenpeace. He has consulted for the US government,JP Morgan, Credit Suisse, the EuropeanCommission, and the UK Information Commissioner’sOffice.In 2004 he was voted as one of the 100 mostinfluential people in the development of theInternet in the UK over the previous decade.Lilian Edwards – Professor of Internet Law,University of Sheffield, UKLilian Edwards leads a program of researchand teaching at Sheffield University, focusing onthe law relating to the Internet, the web andnew technologies.Her research interests are generally in the lawrelating to the Internet, the web, and communicationstechnologies, with a European and comparativefocus. Her current research focus is onthe role of intermediaries and ISPs on the Internet,privacy and data protection online, cybercrimeand cybersecurity, “Web 2.0” and the law,digital IP, and e-commerce. She has co-editedtwo editions of her bestselling book Law and theInternet (the third is due out in early 2009) and athird collection of essays The New Legal Frameworkfor E-Commerce in Europe. Her work ononline consumer privacy won the Barbara WellberyMemorial Prize in 2004 for the best solutionto the problem of privacy and transglobal dataflows. She is an adviser to BILETA, the ISPA, FIPR,and the Online Rights Group, and has consultedfor the European Commission and WIPO.Matthew Bevan – Reformed Hacker andComputer ConsultantMathew Bevan is a British hacker from Cardiff,Wales. In 1996 he was arrested for hackinginto secure US government networks under thehandle Kuji. He was 21 when he hacked intothe files of the Griffiss Air Force Base ResearchLaboratory in New York. Intent on proving aUFO conspiracy theory, his sole tool was a CommodoreAmiga loaded with a blueboxing programcalled Roxbox. He was one of two hackerssaid to have “nearly started a third world war,”according to Supervisory Special Agent JimChristy, at the time working for the Air ForceOffice of Special Investigations. He now runs hisown computer consultancy business.Sharon Lemon – Deputy Director, SeriousOrganized Crime Agency (SOCA), e-Crime, UKDeputy Director Sharon Lemon of the SeriousOrganized Crime Agency (SOCA) is Head ofe-Crime and Crime Techniques Departments.Sharon started her career with the MetropolitanPolice and has served at many busy inner Londondivisions at all ranks, until she joined the NationalCrime Squad (NCS) in 1999. She has held anumber of key portfolios, including the Head ofFirearms and the Pedophile On-Line InvestigationTeam – a precursor to the Child Exploitation andOnline Protection Centre. She also played a keyrole in the formation of the Virtual Global Taskforce(VGT), an international law enforcementcollaboration comprising Australia, Canada,Interpol, the UK and the USA.Until April 2006, Sharon was head of theNational HiTech Crime Unit (NHTCU), the firstnational unit responsible for the investigationof high tech crime. Since then she has developedthe e-Crime Department within SOCA byencouraging a range of alternative interventionsto compliment traditional prosecutions.More recently, she has taken on the additionalresponsibility of managing the Crime TechniquesDepartment, which explores creative approachesto tackling organised crime by exploiting weaknessesin criminal networks and anticipatesfuture crime threats.Bob Burls – Detective Constable,Metropolitan Police Computer Crime Unit, UKThe Computer Crime Unit is a center of excellencein regard to computer and cybercrimecommitted under the Computer Misuse Act1990, notably hacking, maliciously creating andspreading viruses and counterfeit software. Theunit provides a computer forensic duty officerand offers computer evidence retrieval adviceto officers.Peter Sommer – Visiting Professor at theLondon School of Economics’ (LSE) InformationSystems Integrity Group and Visiting Readerat the Open University, UKPeter Sommer’s main research interest is thereliability of digital evidence, a subject whichencompasses forensic computing and e-commerce.He has helped developed the LSE’s socialscienceorientated courses on information securitymanagement. In the last Parliament he wasSpecialist Advisor to the UK House of CommonsTrade & Industry Select Committee while it scrutinizedUK policy and legislation on e-commerce.He was part of the UK Office of Science Technology’sForesight Study, Cyber Trust, Cybercrime.He sits on a number of UK Government AdvisoryPanels. Recent research contracts have beencarried out for the UK Financial Services Authorityand the European Commission’s Safer InternetAction Plan. He is currently part of the EuropeanFIDIS Network of Excellence and also a memberof the Reference Group (review mechanism) ofanother European Commission initiative, PRIME.He is an external examiner at the Royal MilitaryCollege of Science and an advisor on a numberof law enforcement and other committeesconcerned with cybercrime and emergencyresponse. He has advised Centrex, which provideshigh-tech crime training to UK law enforcement,and TWED-DE, a US DoJ-funded exercise todevelop training on digital evidence. He has alsolectured at UK and US law enforcement seminaron cyberevidence and intelligence matters.He was on the program committee for FIRST2000 in Chicago.Peter Sommer acts as an advisor and surveyorfor leading insurers of complex computer systems.His first expert witness assignment wasin 1985, and his casework has included theDatastream Cowboy / Rome Labs internationalsystems hack, the Demon v Godfrey Internetlibel, NCS Operation Cathedral, Operation Oreand many other cases involving such diversecrimes as multiple murder, forgery, softwarepiracy, bank fraud, credit card cloning and thesale of official secrets.He is on the Advisory Council of the Foundationfor Information Policy Research, a UK-basedthink tank.Richard Clayton – Cambridge UniversityComputer Laboratory, UKThe Computer Laboratory at Cambridge is thecomputer science department of the Universityof Cambridge. The Cambridge Diploma in ComputerScience was the world’s first taught coursein computing, starting in 1953. Richard Claytonis a leading security researcher and a long-timecontributor to UK security policy working groups.Philip Virgo – Secretary General, EURIM, UKPhilip has been associated with EURIM since itwas relaunched in January 1994. He was thefirst executive officer to be appointed and hascarried the designation Secretary General since1996. Philip was Finance Executive of PITCOMfrom 1982–2006 and remains on the Counciland Program Committee. He was an externaladvisor to the High Tech Unit of Barclays Bank(1983– 89), Campaign Director for the Womenin IT Campaign (1989 – 92), IT Skills Advisor tothe West London TEC (1991 – 2, a SpecialistAdvisor to the Information Committee of theHouse of Commons (1993–4), has been StrategicAdvisor to the Institute for the ManagementInformation Systems (IMIS, previously IDPM)since 1993 and has served on various advisoryboards and committees.Matthew Pemble – Security Architect andAdvisor, UKMatthew is an experienced security architectand operational manager, having worked fornumerous international commercial and voluntaryorganizations, as well as for the UKgovernment. Much of his recent experiencehas been in the combating of online fraud andother attacks against e-commerce and bankingsystems. Having led the Information SecurityIncident Response Team for Royal Bank of ScotlandGroup for five years, he has now returnedto consultancy, working in the security unit of anindependent software testing company. A Fellowof the British Computer Society and a foundermember of the Institute of Information SecurityProfessionals, Matthew holds a Bachelor of Engineeringdegree from Heriot-Watt University inEdinburgh, and is a European Engineer, a CharteredEngineer, and holds the Certified InformationSystems Security Professional (CISSP),Certified Fraud Examiner (CFE) and CertifiedInformation Security Manager (CISM) credentials.James Blessing – COO, Entanet Internationaland Council Member of the Internet ServiceProviders’ Association (ISPA), UKJames Blessing is Chief Operations Officer forEntanet International, part of the IT distributionand communications services group Entagroup.An innovative and creative IT professional, hehas more than ten years experience of deployingInternet technologies and takes an active rolein the Internet industry. He has been a councilmember of the Internet Service Providers’ Association(ISPA) since 2004 and is Chair of the ISPAbroadband sub-group. James was electedto the Board of the UK Enum Consortium inMarch 2008.Peter Milford – Regulatory Affairs Manager,Newnet, UKPeter joined the company in April 2001 workingas a member of NewNet’s senior managementteam with responsibilities for regulatory andcorporate affairs.Before joining NewNet, Peter was Chief Executiveof the Hampshire On-Line Learning projectand formerly Director of Learning Resources atSt. Vincent College, Gosport.Peter was seconded to BT plc from 1995 – 1997to develop online services for education. He hasa BA degree in Physics and Information Technology,a Masters degree in Law (LL.M IntellectualProperty), holds a post-graduate diploma inEducational Technology, is a Chartered Physicist,Member of the Institute of Physics, and Memberof the British Computer Society.Dr. Marco Gercke – Professor, University ofCologne and UN and Council of Europe experton the Cybercrime Convention, GermanyDr. Marco Gercke is an attorney-at-law admittedto the German bar. He is teaching Lawrelated to Cybercrime and European CriminalLaw at the University of Cologne and is visitinglecturer for International Criminal Law at theUniversity of Macau.26 27

205 5622350479 658. 7895200.02. 33695 454868.45 5 48 4528782 45 4582 688.54 58 89 8 4568 44 822.656 546 78952 565.369 214477787 465154868.45 5 48 4528782 45 4582 688.54 58 89 8 45685 4528782 45 4582 688.54 58 89 8 4568 44 822.656 54868.45 5 48 4528782 45 4582 688.54 58 89 8 4568 44 822.6568 4568 44 822.656 546 78952 565.369 2154868.45 5 48 4528782 45 4582 688.54 58 89 8 45685 4528782 45 4582 688.54 58 89 8 4568 44 822.656 54868.45 5Marco is a frequent national and internationalspeaker and author of more than 50 publicationsrelated to the topic cybercrime. His mainareas of research are international aspects ofcybercrime (especially the challenges of fightingcybercrime and legal responses) and comparativelaw analysis regarding the implementationof international standards. The latest researchescovered the activities of terrorist organizationson the Internet, identity theft, money launderingon the Internet, and legal responses to theemerging use of encryption technology. He isSecretary of the Criminal Law Department of theGerman Society for Law and Informatics, memberof the ITU High Level Expert Group, andworks as an expert for the Council of Europe,the International Telecommunication Union, andother international organizations.Marc Vilanova – CSIRT Memberat e-la Caixa, SpainMarc Vilanova is a member of CSIRT (ComputerSecurity Incident Response Team) at e-la Caixa,one of the most important savings banks inEurope.He was previously and IT security consultant andauditor at GMV Soluciones Globales Internet S.Aand a volunteer at The Institute for Security andOpen Methodologies (ISECOM).Haim Vismonski – Lawyer,Ministry of Justice, IsraelHaim Vismonski is a lawyer at the Ministry ofJustice and a Senior Deputy at State Attorney.Ferenc Suba – Chairman of the Board,CERT, HungarySince 2004, Ferenc Suba is Special Envoy of theMinister, Ministry of Informatics and Telecommunications;General Manager of CERT-Hungary,the government’s computer emergency responseteam; and Vice-chair of the Management Boardof the European Network and InformationSecurity Agency.Erka Koivunen – Director of CERT-FL, FinlandErka Koivunen is an experienced professional inthe field of information security. His current positionis head of CERT-FI, the Finnish national informationsecurity authority. His area of expertise isincident response and response coordination.UNITED STATES:Eugene H Spafford – Professor of ComputerSciences, Purdue University and Executive Directorof the Centre for Education and Research inInformation Assurance and Security (CERIAS)Eugene H. Spafford is one of the most seniorand recognized leaders in the field of computing.He has an ongoing record of accomplishment asa senior advisor and consultant on issues of security,education, cybercrime and computing policyto a number of major companies, law enforcementorganizations, academic and governmentagencies, including Microsoft, Intel, Unisys, theUS Air Force, the National Security Agency,the GAO, the Federal Bureau of Investigation,the National Science Foundation, the Departmentof Energy, and two Presidents of theUnited States. With nearly three decades ofexperience as a researcher and instructor, ProfessorSpafford has worked in software engineering,reliable distributed computing, host andnetwork security, digital forensics, computingpolicy, and computing curriculum design. He isresponsible for a number of ‘firsts’ in several ofthese areas.Andrea Matwyshyn – Assistant Professor ofLegal Studies and Business Ethics, The WhartonSchool, University of PennsylvaniaAndrea Matwyshyn is assistant professor of legalstudies and business ethics at the Universityof Pennsylvania. Andrea’s research focuses oncorporate information security and risk management;information technology regulation; andpolicy and contracts. Current projects includetransformation in the corporate form and itsrelationship to the information technology revolutionand data vulnerability, and legal strategiesfor combating information crime.She was previously assistant professor of law atthe University of Florida and executive director ofFlorida’s Center for Information Research (CIR).CANADA:Mary Kirwan – CEO Headfry Inc. and journalist,former cybercrime prosecutorMary Kirwan is an Irish international lawyer andrisk management consultant. She is a qualifiedlawyer on three continents, with extensive litigationand senior management experience.She practiced commercial litigation in Toronto,Canada, for several years, where she workedon a number of high-profile commercial andinternational white-collar crime, tax evasion, andfraud cases. She was also a Senior Federal CrownAttorney in the wiretap and money launderingdivision at the Department of Justice in Toronto.She has a degree in German and Irish (Gaelic)from Trinity College Dublin, and she holds severalIT security certifications, including the CISSP. Shehas a first class honours Masters Degree in Businessand MIS (Management Information Systems)from the Michael Smurfit Graduate School ofBusiness at University College Dublin, Ireland.She actively participates in the Toronto ComputerLawyers Association and the AmericanBar Association (ABA) Science & Technology(SciTech) Section. She has contributed to severalABA publications in the IT, information securityand biotechnology fields. She is the Chair ofthe ABA Science and Technology ECommercePayments Committee, and a member of theSciTech book publishing board. She has a specialinterest in online banking, payments fraud,the global ATM and debit card markets, andevolving payments methods.She is currently completing two books for theABA for publication in January 2009: Guide toATM and Debit Card Legal Issues for the US massmarket, and The Business Case for Data Securityfor broad release.Ms. Kirwan is a regular contributor to the Globeand Mail, Canada’s national newspaper, and shehas written extensively about data security, riskmanagement, compliance, corporate governance,law enforcement, and consumers issues.She has spoken at conferences around theworld, and has appeared on radio and TV.Leo Adler – Toronto Criminal LawyerWhile Leo Adler’s practice is almost exclusivelycriminal, he has also appeared before variousboards, tribunals and inquests and he has beenretained or consulted in cases involving extraditionmatters, trials and administrative and quasicriminalhearings throughout Ontario, as wellas in Quebec, Manitoba, New Brunswick, theNorthwest Territories, Alberta and British Columbia,right up to the Supreme Court of Canada.He has represented individuals arrested in theU.S. in courts from Florida, to Michigan, to NewYork, California, North Carolina and elsewhere,including Europe, and his advice has beensought out in numerous instances. His experiencein DNA cases and other forensic issues hascaused him to be consulted by other counsel.He is an adjunct professor at Osgoode Hall LawSchool of York University, and a participant in theIntensive Law Program of that school. Several ofhis cases have been reported as legal precedents.He is a member of the Criminal Lawyers Association,the National Association of Criminal DefenseLawyers, the International Association of DefenceAttorneys and the Canadian Forensic Society.LATIN AMERICA:Dr. Paulo Marco Ferreira Lima, BrazilDr. Paulo Marco Ferreira Lima is a Notary Publicin São Paulo city. Since 1997 he has been advisorfor several offices in Brazil. He has been the secretaryfor the Commission of Legislative projectsmonitoring digital crimes.Dr. Lima is the author of the book ComputerCrimes and Computer Security (Crimes de computadore segurança computacional, publishedby Millennium), launched in 2007. He is also ateacher at University of Santos (city in São Paulostate) for a post graduation course. The NotaryPublic has majored in law school at MackenzieUniversity, has a Masters in Criminal Law, a Ph.D.in Criminal Law at the University of São Paulo,and is also a doctoral candidate for Digital CriminalLaw at the University of Rome, UNIROMA3.Adriana Scordamaglia Fernandes Marins,BrazilDr. Adriana Scordamaglia has been a federalprosecutor since 1997. She has also worked inthe criminal activity area in Ministério PúblicoFederal (Brazilian Federal Prosecution), in the 2ªVara Criminal da Seção Judiciária de São Paulo(2 nd Criminal Judicial Section of Sao Paulo). Priorto this, the Prosecutor worked as Bureau Officialin the Gabinete da 21ª Vara Federal (21st FederalCriminal Judicial Agency) from 1993 to 1997.Dr. Scordamaglia graduated in law school at theFaculdades Metropolitanas Unidas in Brazil anddid her post-graduate work at the University ofLusíada Porto in Portugal. In 2008, she organizeda workshop on crimes against children thatare facilitated by the computer, and also gave aseminar about psychological pedophile profiling.Additionally, she participated in the InternationalWorkshop on Legislation on Cybercrime in Bogotá,Colombia, through the Department of Justice ofthe United States.Renato Opice Blum – Opice Blum AdvogadosAssociados, BrazilOpice Blum Advogados Associados has years ofsolid experience in law, especially in technology,electronic law, information technology, and itsvariations. As a pioneer in those matters, hisfirm is also active in mediations, arbitration, oralsustaining in Court, bio-law, typical technologicalcontracts, and cybercrimes. The organizationoperates throughout the Brazilian territory andhas international correspondents in the maininternational financial centres, such as Miamiand New York.As a member of several institutional organizations,it contributes to the evolution of the law relatedto technological development. He is foundingpartner of the Brazilian Chamber of ElectronicCommerce, member of the Computation BrazilianSociety, among other institutions.28 29

8 4568 44 822.656 546 78952565.369 21ASIA-PACIFICAlana Maurushat – Acting Director of theCyberspace Law and Policy Centre of the Universityof New South Wales, AustraliaAlana Maurushat is Acting Academic Director ofthe Centre, sessional lecturer, and PhD candidateat the Faculty of Law at UNSW. She was AssistantProfessor and Deputy Director of the LLM inInformation Technology and Intellectual Propertyat Hong Kong Faculty of Law. She teachesAdvanced Legal Research. Her current researchis focused on technical, ethical, and legal dimensionsof computer malware building on pastresearch projects on the impact of surveillancetechnologies on free expression and privacy.She is a partner investigator in the RegulatingMalware research project.Peter Guttman – Security Researcher,The University of Auckland, New ZealandPeter Gutmann, Ph.D., is a researcher withthe Department of Computer Science at theUniversity of Auckland, specializing in thedesign and analysis of cryptographic securityarchitectures. He helped write the popular PGPencryption package and, more recently, createdthe Cryptlib Security Toolkit, an OS-independentopen-source security and encryption toolkit thatoffers high-speed encryption, key exchange,digital signatures, key and certificate management,smart card support, S/MIME and PGPemail encryption, SSL and ssh session encryption,timestamping, CA management andvarious other features. Cryptlib, internationallyused and recognized, is the only New Zealandproduct to have received a FIPS 140 securitycertification from the US government.Andrew Adams – Lecturer in Systems Engineering,Reading University, Visiting Professor at MeijiUniversity, JapanAndrew Adams is a lecturer in the School ofSystems Engineering at the University of Reading,where he is a member of the InformaticsResearch Group, the Informatics Research Centre,and the Computer Science and InformaticsSubject group. He is the chair of the InformaticsResearch Group and Programme Director for theInformation Technology Degrees.He has given seminars at University of CambridgeComputer Laboratory, Oxford Internet Institute,University of Bath Computer Science Departmentand the University of Southampton Law Schoolin the UK based on his work on privacy in Japan,funded by the Royal Academy of Engineeringunder their Global Research Awards scheme,and carried out in collaboration with Prof K.Murata of Meiji University and Dr Y. Orito ofEhime University.McAfee, Inc.3965 Freedom CircleSanta Clara, CA 95054888.847.8766www.mcafee.comMcAfee, Inc., headquartered in Santa Clara, California, is theworld’s largest dedicated security technology company. It deliversproactive and proven solutions and services that secure systemsand networks around the world, allowing users to browse andshop the Web securely. With its unmatched security expertise andcommitment to innovation, McAfee empowers home users, businesses,the public sector and service providers by enabling them tocomply with regulations, protect data, prevent disruptions, identifyvulnerabilities and continuously monitor and improve their security.http://mcafee.comMcAfee and/or other noted McAfee related products containedherein are registered trademarks or trademarks of McAfee, Inc.,and/or its affiliates in the US and/or other countries. McAfee Redin connection with security is distinctive of McAfee brand products.Any non-McAfee related products, registered and/or unregisteredtrademarks contained herein are only by reference and are the soleproperty of their respective owners.30The information in this document is provided only for educationalpurposes and for the convenience of McAfee’s customers. Weendeavor to ensure that the information contained in the McAfeeVirtual Criminology Report is correct; however, due to the everchanging state in cybersecurity the information contained herein issubject to change without notice, and is provided “AS IS” withoutguarantee or warranty as to the accuracy or applicability of theinformation to any specific situation or circumstance.

32 33