Preserving the digital crime scene poses one of the biggest challenges in the global fight against cybercrime, said participants this week at a major international conference on fighting Internet-based crime.
The two-day conference, organized by the Council of Europe and held in Strasbourg, France, was meant to encourage more countries to sign the Council's convention on cybercrime, which aims to strengthen international cooperation in combating computer-based crime and to harmonize national legislation. The conference drew more than 200 participants from government and the private sector.
Law enforcement officials attending the conference stressed the importance of rapid cross-border cooperation between agencies to bring cybercriminals to justice.
"Communications networks between law enforcement agencies have to be strong and rapid," said Andy Leatherby, of the U.K.'s National Hi-Tech Crime Unit (NHTCU) in a telephone interview.
Getting evidence before the tracks vanish is a major issue, he said. Dealing with computer-based crime requires officers to trace back IPs (Internet Protocols) over the Internet, but very few countries have legislation requiring ISPs (Internet service providers) to retain data and some even have laws preventing ISPs from preserving connection records, he said.
Nevertheless, this is precisely the information investigators need, he argued. Normally, investigators are only interested in traffic data, not in information about content accessed, so there should be less concern about privacy protection, he said.
His view is shared by Bernhard Otupal of Interpol. Greater understanding of investigators' needs would make cooperation easier, he said, also speaking by telephone.
"Data protection would not be a big problem if people knew what law enforcement actually does with it. The huge problem is identifying people by IP or telephone number," he said.
There shouldn't necessarily be a clash between effective enforcement and data protection, said Christopher Painter, deputy chief, of computer crime at the U.S. Department of Justice.
"There's an issue of security versus privacy but if we're doing our job properly we're protecting privacy by stopping personal information getting into the hands of people who will misuse it," he said.
The Convention made a major contribution to this process by asking signatories to provide a round-the-clock point of access where other agencies can request data needed in an investigation, law enforcement officials said.
"It requires each country to set up a 24/7 point of contact so in case of an incident, a law enforcement office can phone a contact point in another country and preserve the digital crime scene," Leatherby said. There are currently 89 countries in the 24-hour network worldwide.
Participants stressed the need for as many countries as possible to sign up, emphasizing that in fighting cybercrime it is important to avoid the mistakes made in the battle against money-laundering and to prevent the creation of places where criminals operate beyond the reach of the law. "We don't want countries to have safe havens because it is easy for a hacker to route communication through third countries," Painter said.
While the business community is taking the problem more and more seriously because of the cost implications of failing to protect their systems, some participants said there is still work to be done raising awareness of the threat from cybercrime.
According to the NHTCU, cybercriminals caused more than £195 million (US$350 million) in financial impact on companies that said in a survey they were affected by such crimes last year, while an estimated 83 percent of U.K. businesses are reported to have been victims of computer-based attacks.
"In terms of security implications, (businesses) still don't understand the potential for attacks," Leatherby said. His agency is "looking at closer working relationships with industry so law enforcement can learn from them and they can learn from us so that they can build crime prevention into their methodology."
While public awareness of the problem is growing, there is the need for greater sensitivity by users to security issues, speakers agreed.
"You have to move away from a trusting society where you can be duped into going to a fake Web site to one where individuals exercise their responsibilities. You can put hundreds of locks on a door, but if you leave it open it's not secure," Leatherby said.
The Convention agreement, which took effect July 1, requires signatories to criminalize four types of offenses: those against the confidentiality, integrity and availability of computer data and systems; computer-related offenses, including forgery and fraud; content-related offenses, including child pornography and racist and xenophobic material; and offenses related to copyright infringements.