CANCUN, MEXICO — A panel of top law enforcement officers in charge of cyber criminal investigations reveals that the guys with the white hats face an uphill climb if they want to take down cyber criminal kingpins, with outdated laws and processes on the one hand, and an increasingly skeptical and privacy-conscious public on the other.
The advent of social media has made it easier than ever to find information about cyber criminals online, the cyber crime investigators said. But a lack of enforceable cross-border laws and procedures to obtain information about suspects and bring them to justice still makes it easy for cyber criminals to evade detection, the panelists agreed.
The gathering, at Kaspersky Lab’s annual Security Analyst Summit, featured senior officials and cyber investigators from Interpol, the Dutch High Tech Crime Unit, Germany’s Bundeskriminalamt (BKA), and the General Directorate for the Romanian Intelligence and Internal Protection (GDIIP).
Too many cyber criminal investigations suffer for a lack of effective international cooperation, or from legal tools that have failed to keep pace with the blistering pace of technological change, the participants agreed.
Detective Sergeant Michael Moran, the Acting Assistant Director of Cyber Security and Crime in Interpol’s Global Complex for Innovation (IGCI), cited the continued reliance, between law enforcement within Europe, on the Mutual Legal Assistance Treaty as a stumbling block.
“These are inquiries that can take months or even years to complete,” Moran said. That’s a problem when data retention policies at ISPs and firms offering online services may only hold onto potentially incriminating data for months at a time. “These are issues facing law enforcement on a daily basis, and there’s a great deal of frustration involved,” Moran said.
But the increased demand for cyber criminal investigative tools also comes with risks. The past year has seen controversy over the German government’s use of a Trojan horse program to monitor criminal suspects, a UK company’s work to enable the former Egyptian government of Hosnei Mubarak to spy on its citizens, and more recent questions about the FBI’s possible use of Trojans to monitor the communications of Megaupload chief Kim DotCom.
Audience members at the annual conference, many of whom were security researchers and IT professionals, raised questions about the ethics of using “hacker tools” as part of criminal investigations, and about the limits of both monitoring and international agreements to expedite cyber criminal investigations.
Panel members defended the practice, while also admitting that there need to be careful checks and balances to protect privacy and civil liberties. Frank Schleppi, a Detective Seargent Germany’s Bundeskriminalamt (BKA) said that German law applies different standards to different types of surveillance techniques, making some relatively easy to deploy as part of a criminal investigation, and others nearly impossible.
Peter Zinn, a Senior Cybercrime Advisor for the Dutch National High Tech Crime Unit, said the same was true for his agency, and said authorities would benefit from fewer barriers to sharing information with law enforcement in other countries.
Speaking of his agency’s success in shutting down global botnets such as Bredolab, Zinn defended that agency’s use of the captured botnet to inform victims and help them to disinfect their systems.
The growing use of social media by online criminals is also aiding investigations, Zinn said. As an example, he said that Dutch authorities were able to identify the operator of the Bredolab botnet after he allowed his girlfriend to post to her Facebook profile from his laptop. Authorities were then able to mine public information about him and his movements and finally apprehend the suspected botmaster, a 27 year old Armenian man identified as “Gregory A.” with the help of authorities in Armenia in October, 2010, Zinn said.
Social media tools such as Flickr and Google maps are also proving to be critical tools in pursuing formerly “victimless” crimes like child pornography, Zinn said. He said Dutch authorities had compiled an image database of 233,000 illicit images, many taken from underground Tor Network sites frequented by child pornographers. That image database can be mined for visual clues in images to help locate both perpetrators and victims of child sexual abuse, Zinn said.