Computer Crime Research Center


International cooperation in fighting cybercrime

Date: April 16, 2005
Source: Computer Crime Research Center
By: Vladimir Golubev

The global world network, which united millions of computers located in different countries and opened broad opportunities to obtain and exchange information, is used with criminal purposes more and more often. The introduction of electronic money and virtual banks, exchanges and shops became one of the factors of the appearance of a new kind of a crime – transnational computer crimes. Today law enforcement face tasks of counteraction and investigation of crimes in the sphere of computer technologies – cybercrimes.

Still the definition of cybercrime remains unclear to law enforcement, though criminal actions on the Internet pose great social danger. Transnational character of these crimes gives the grounds to say that development of a mutual policy to regulate main problems should be a part of every strategy to fight cybercrime.

Undoubtedly, cybercrimes pose great threat to people as any illicit actions. However the extent of this threat, in our opinion, has not been yet understood completely by the society.

Anonymity and absence of frontiers makes the Internet an efficient weapon in hands of criminals. Investigation and prevention of computer crimes turns into a "headache" of law enforcement officers. In the virtual space criminals usually act from sites in other countries. In such cases it is necessary to cooperate with foreign law enforcement agencies, and that is possible not always.

Taking into consideration the globalization of such crime, it is more and more obvious that no state is able to cope with such threats independently.

During investigation of transnational cyber crimes law enforcement of a concrete state, authorities of which extend only on its territory exclusively, should cooperate with each other in accordance with international legal documents accepted by these countries. Depending on relations between interested countries and corresponding information or other facts, a necessity to develop additional authorities and procedures on investigating of such crimes may appear.

One of the most serious steps taken to regulate this problem was the adoption of Cybercrime Convention by European Council on 23 November 2001, the first international agreement on juridical and procedural aspects of investigating and prosecuting cybercrimes . It specifies efforts coordinated at the national and international level and directed at preventing illegal intervention into the work of computer systems. The Convention stipulates actions targeted at national and inter-governmental level, directed to prevent unlawful infringement of computer system functions. The Convention divides cybercrimes into four main kinds: hacking of computer systems, fraud, forbidden content (racist websites and child porn content) and breaking copyright laws.

By ways and mechanisms these crimes are specific, have high latency and low exposure levels. There is another descriptive feature of these crimes: these crimes are mostly committed only with the purpose to commit other more gravy crimes, for example theft of money from bank accounts, getting restricted information, counterfeit of money or securities, extortion, illicit production of audio and video materials, espionage.

Considering organization-legal aspects of struggle with cyber-crime, it is possible to give some tentative estimation of this document and his international importance for the decision of the problem. Conscious of the profound changes brought about by the digitalization, convergence and continuing globalization of computer Internet network, the effective fight against cyber-crime requires increased, rapid and well-functioning international co-operation in criminal matters. One by of the main conclusions, which is possible to make at the analysis of "Draft" it that, a common understanding has developed about which behaviour in relation to computer systems and networks should be criminalized.
First this providing for the criminalisation of such conduct, as described in this Convention, and the adoption of powers sufficient for effectively combating such criminal offences, by facilitating the detection, investigation and prosecution of such criminal offences at both the domestic and international level.
Secondly adoption Article 14 - "Search and Seizure of Stored Computer Data" enable one party to achieve conservation of the important information necessary for investigation of a crime, which is found in jurisdiction of other party. As far as know Internet service providers usually have traffic date from past communications, generated by equipment that records details including the time, duration and date of any communications, the parties involved and type of service or activity. Such data are generally kept for a limited period of time, depending of the commercial needs of the provider and legal or commercial requirements for privacy protection. Many national Laws allow law enforcement authorities or judicial authorities to order the collection of traffic data of future communications. In cases where traffic data is part of the communications, such as the "header information" of e-mail messages, however, the collection of such traffic data may be considered an interception of the communications itself and subject to legal restrictions on that basis.
Important the provision of "Draft" which enables shall take such legislative and other measures as may be necessary to empower its competent authorities to seize or similarly secure computer data, which are available at Internet service providers and are necessary for criminal investigation. The provisions of Article 16 – "Expedited preservation of data stored in a computer system" and Article 17 – "Expedited preservation and disclosure of traffic data" enables the law-enforcement agencies, for the purpose of criminal investigations or proceedings, the expeditious preservation of data that is stored by means of a computer system, at least where there are grounds to believe that the data is subject to a short period of retention or is otherwise particularly vulnerable to loss or modification.
Undoubtedly from the legal point of view the large importance have also common principles, concerning international cooperating defined in the Chapter III – "International Co-operation". This questions of extradition cyber criminals, and basis in order to ensure the provision of immediate assistance for the purpose of the investigation of criminal offenses related to the use of computer systems and data, or for the collection of electronic evidence of any criminal offense.
To sum it up it should be emphasized, that with the extension of electronic networks, it is becoming less likely that all elements of a cyber crime will be restricted to a single national territory state. In investigations, law-enforcement authorities of different states will need to cooperate, both formally, mutual legal assistance in the frameworks of structures such as Interpol, and informally, by providing potentially useful information directly to the authorities of another State. Additional problems may arise with respect to legal assistance in the investigation international cyber crime. If a party has not provided specific powers to search for evidences in electronic environments under domestic law, it may not be able to respond to request for assistance. For this reason the harmonization of coercive powers is an important condition for international cooperation.
In spite the variety of issues, related to different aspects prevention of transnational computer crimes, on our opinion, the following basic problems could be defined, which should be immediately addressed within the framework of international cooperation:
1. Imperfection of the legislation in the sphere of combating transnational computer crime.
Criminal sanctions on national and international level do not ensure good protection from computer crime, because of absence of precise clarification of computer crime in the laws or because difficulty of interpretation and application of these laws restricts the law enforcement activity. Therefore, policy and law makers should perform consequent activity on development of the new legal norms and relevant sanctions, creating necessary mechanism for law enforcement, judge and prosecution activity, which could prosecute and punish the guilty in computer crime.
2. Weak specialized professional training for officers of law enforcement agencies, related to prevention and investigation of transnational computer crime.
Conducting the investigation measures, related to search, seizure and arresting the computer machinery has certain peculiarities.
First, specially trained personnel able to duly conduct these actions is required.
Second, upon the arrest of information the possibility of its modification and termination should be excluded. These actions should be conducted within minimum period of time, taking into account the speed of receiving the information. Third, careful analysis of the records about connections to Internet of the computer system should be made prior to arrest of this system. This is necessary for full procedure of conducting the measures on arrest and seizure of evidences. Therefore, conducting investigation and operative – search measures upon investigation of computer crime has certain range of peculiarities and requires special background.
3. There are no specialized response teams similar to CERT on the territory of Ukraine.
The creation of special response teams on the territory of Ukraine is a most important task. If it is not solved in the nearest future, both informational networks of Ukraine and other countries may suffer.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo