Crime on the Internet began as a solitary activity, according to Bill Bogart, a vice-president of global law enforcement programs for Electronic Data Systems (EDS) Corp.
But in short time cyber crime has grown from a collection – loose at best – of lone wolves flexing their skills by hacking into corporate Web sites, to include tightly-knit groups of organized criminals exploiting the Internet to carry out highly profitable activities like money laundering and human smuggling.
Organized crime has begun exploiting the Internet – the mob couldn’t have survived this long without the ability to adapt – and now the cops are racing to keep up.
This weekend, Washington, D.C.-based Bogart will be in Saskatoon meeting with chiefs of police from across the country to discuss the growth of cyber crime in general, and in particular, organized crime on the Net. Bogart spoke to Technology in Government Friday about the growth of cyber crime and how organized criminals are spinning a new Web online.
How is the Internet changing the role of law enforcement?
There no sheriffs on the Internet. The bad guys on the information superhighway are nameless and faceless and you don’t know where they’re from. You could have a hacker in Romania using an ISP in New York and he’s scamming credit cards in Toronto. And there’s all kinds of issues in that: who has jurisdiction? How do you coordinate information? How do you bring in a prosecution? There’s no new boundaries. Two hundred years ago we had oceans as boundaries. Now, you’re boundary is your firewall or your router.
Are established crime organizations involved?
I think it’s very much the old-style crime gang. They’re using the Internet as their new means of management. Whether it’s shakedowns, illegal betting, how you launder that money and manage that business, technology is making that very easy today. Organized cyber crime is going to be the area that’s the most difficult for us.
What kinds of organized crime activities are most prominent online?
A year ago, we would have been talking about global if someone was in another country. Now, it’s global and being organized. ‘I’m not necessarily just scamming credit cards. I’d love to get into your land registry systems here and change ownership of natural mineral rights.’ That’s a true transfer of wealth . . . (Still) the biggest crime going on is the scamming of credit cards. If there is an intrusion, you can have thousands of credit card numbers and we have seen that . . . (Also) if you’re in the illegal drug trade, or illegal human transfer, you have to have a pretty large network. Those people are paying a lot of cash, you probably do it by boat, that boat has to traverse several countries, even an ocean, they’ve got to get fuel and some amount of food and they’ve got to have contacts so once they land they can move through the system. That takes a network and the Internet is always a good way for the network to operate. You can get the Internet from the Arctic to the Seven Seas and you can be very cryptic, or better yet, encrypt your message.
What about money laundering?
Money laundering is a big area (on the Internet). If you’re illegal activity generates cash, one of the biggest problems is getting that cash back into your local currency, and in fact, getting it. With today’s Internet, once you get the money in the system, you can move it. You’re not writing paper cheques and signing your name anymore.
How profitable an activity is cyber crime?
There’s some figures coming out that last year cyber crime was somewhere in the $300 to $500 million dollar (range). I think that’s kind of low because of how much you don’t hear about or don’t see.
What new cyber crimes should we be looking out for?
Probably the most difficult issue coming up is what I call cyber- extortion. It’s this terrible game of chicken. ‘I’ve scammed from you 2,000 credit card numbers and I want to put them on the Web. But, if hire me as a consultant, I can take care of all those problems you have.’ You’re finding corporations who are targets have to decide what is the value of the damage versus the liability. What is the public embarrassment versus the trust the public has in you?
What challenges face law enforcement in trying to tackle cyber crime?
The sad part is, cyber crime is on top of all the other crime law enforcement agencies are having to deal with. We still have people stealing cars, and now we have cyber crime. The second issue is it’s a very technological business. Law enforcement departments need computer forensics. The courts and the police know how to have an absolute audit trail on cocaine or guns, but when you start talking about PCs and high-speed faxes and printers and routers, it’s a whole new focus. I feel for the police forces. If you have a search warrant, do you take the PC, the monitor, the fax? Fax machines hold a hundred pages and you can get a report of all the numbers it dialed and how long it was on. It’s a huge amount of information worthy in a prosecution if you understand the technology, if you know how to maintain the audit trail so it will stand up in court.
Do the cops need security help from outside?
There’s significant interest in the law enforcement community to train their officers to be able to handle the cyber crime issues. The difficult part is that cyber crime is coming on so fast. We have not in the law enforcement community been able to keep up as well as we want. In some cases, the private sector is supporting law enforcement in these technology areas, and I think that support has been done very well. It’s the Ciscos and the AOLs that can help you start trapping those IP addresses.
What kind of success is being made in terms of stopping cyber crime and organized crime?
What’s being done that is very successful is the recognition of what this problem this is and the whole issue of being prepared – training, processes, legislation. Those issues are being addresses and being dramatically improved. (Also), the sharing of information. I look at this global issue as a giant puzzle. There’s about 1,000 pieces and what’s going to happen is that half-a-dozen of those pieces are going to be put together in Romania and half-a-dozen in New York and the rest, here. Once you’ve got that puzzle put together, you’ve made a significant entreé, but it takes a lot of cooperation.
Is that what this weekend is Saskatoon is about?
One of the major topics I’ll be talking about is the need for this cooperation and trust and just this issue of recognition. I like to use this analogy of a puzzle. You just hope that the people in some other jurisdiction, it may be an international jurisdiction, they can do the upper-right hand quadrant.