Computer Crime Research Center

Trends & issues in crime and criminal justice

Date: December 13, 2004
Source: Australian Institute of Criminology
By: Russell G Smith

No. 285: Impediments to the successful investigation of transnational high tech crime

Russel G Smith ISBN 0 642 53848 4 ; ISSN 0817-8542 October 2004

Technology has both facilitated and impeded the investigation of crime, particularly high tech crime involving computing and communications technologies. On the one hand, computers have enabled vast amounts of data to be searched and analysed quickly, and have permitted documents and files to be scanned and transmitted across the globe in seconds. On the other hand, the sheer quantity of information creates considerable problems for investigators who sometimes have to examine gigabytes of data and break encryption codes before the material they are interested in can be discovered. This paper identifies a number of barriers to the effective investigation of high tech crime across borders, and offers some solutions that could be used to streamline future investigations in cyberspace.

Toni Makkai Director

Throughout the world more and more instances of high tech crime are being investigated by law enforcement agencies, often by specialist high tech crime units such as exist in the United Kingdom, the United States and Australia. Along with this increase in workload has come the realisation that crimes involving computers-either as the target of offending, or as one of a range of tools, or the principal tool used in the commission of offences-are technically difficult to investigate and raise many unresolved legal and practical problems (Smith, Grabosky &Urbas 2004; Sussmann 1999). Concerns often arise because of the transnational nature of the conduct involved. This necessitates a degree of cooperation rarely required of investigators in the past.

This paper reviews seven barriers to the successful investigation of cross-border high tech crimes, and identifies policy responses that may be appropriate to deal effectively with these emerging global crime problems.

Identifying suspects

One of the first impediments that investigators face is identifying suspects. Occasionally, this can lead to considerable problems when the wrong person is arrested (see Box 1). In cyberspace, identification problems are amplified. Digital technologies enable people to disguise their identity in a wide range of ways making it difficult to know for certain who was using the terminal from which an illegal communication came. This problem is more prevalent in business environments where multiple users may have access to a work station and where passwords are known or shared, than in private homes where circumstantial evidence can often be used to determine who was using the computer at a given time.

Online technologies make it relatively simple to disguise one's true identity, to misrepresent one's identity, or to make use of someone else's identity. For example 'remailing' services can be used to disguise one's identity when sending email. This is done by stripping messages of identifying information and allocating an anonymous identifier, or encrypting messages for added security. By using several remailing services, users can make their communications almost impossible to follow.

Box 1: Identifying suspects
In March 2003, the FBI was investigating a 72-year-old man in the United States in connection with an alleged telemarketing fraud involving millions of dollars. Since 1989, this man had allegedly been making use of the identity of a 72-year-old retired businessman from Bristol in the United Kingdom. The British man had never met the alleged fraudster, and had no connection with any of his alleged crimes. The FBI issued a warrant for the arrest of the suspect, naming the retired English businessman who was subsequently arrested by South African Police in Durban on 6 February 2003, while on holiday with his wife. The police relied on the fact that the warrant was in his name, he was the correct age, looked similar, and had the same passport number. He was held in custody at police headquarters in Durban, but was released on 26 February 2003 following the arrest of the real suspect in Las Vegas (BBC news 2003).

Anonymity can also be achieved in cyberspace using less technologically complex means. For example:

Even e-commerce technologies that make use of public key infrastructures and digital signatures can be easily manipulated by individuals presenting fabricated documents to support a false identity when obtaining a key pair from a registration authority for use in secure transactions. Although the subsequent transaction may be secure from hackers, the identity of the person holding the key may nonetheless be fictitious.

In a recent study of online anonymity, Forde and Armstrong (2002) argue that those internet services that provide the highest levels of anonymity are most likely to be used for criminal purposes. Encrypted email that provides a high level of anonymity was found to be preferred by those engaging in online paedophile activity and hacking, while the use of the world wide web and file transfer protocols which provide weaker levels of anonymity tended to be avoided by serious criminals.

Problems of identifying suspects are usually resolved by traditional investigative techniques. This might include the use of video surveillance, or gathering indirect circumstantial evidence to prove the accused was at a terminal at a particular time and day. However the use of intrusive surveillance is not always successful, and raises issues of human rights and legal privileges-problems which exist in both digital and non-digital environments.

Some investigators are beginning to use biometric means of identification. At present, few computers have biometric user authentication systems (for example, a fingerprint scanner for logging on). DNA samples may also be gathered from keyboards which have been used to identify an individual with a particular computer. When such techniques become more widespread, problems of identification may be reduced although, of course, once a person has logged on, this does not prevent someone else from using that terminal without the person's knowledge if they are absent. A further problem concerns the need to link the time at which a suspect was using a computer (as disclosed in computer forensic evidence) with biometric evidence of the whereabouts of the suspect at a given point in time, because DNA or fingerprints, for example, cannot be time-stamped.

Criminal law and securing extradition

Where an accused person is resident in a country other than the one in which criminal proceedings are to be taken, it is possible for that person to be extradited to stand trial. However, the procedures involved in extradition are complex and difficult, making applications costly and slow. As the Commonwealth Director of Public Prosecutions (2003: 46) notes:

there have been cases where an extradition request has been withdrawn because the delay has been so long that criminal charges can no longer proceed, and cases where a person has died of natural causes while contesting extradition.

Extradition requires not only that an appropriate treaty exist between the two countries concerned, but also that the conduct in question be criminalised in both the referring and receiving country. In the case of computer crime, this is often not the case.

For example, a survey of cybercrime laws in 52 countries in 2000 found that 33 of these countries had not yet updated their laws to address any type of computer crime (McConnell International 2000). Of the remaining countries, nine had enacted legislation to address five or fewer types of computer crime, and 10 had updated their laws to prosecute six or more of the 10 types of computer crime identified. An example of the kind of difficulties that can arise is shown in Box 2.

Box 2: Extradition
In May 2000, a student in the Philippines was alleged to have sent out the so-called 'Love Bug' virus. This virus infected Microsoft Windows operating systems by sending email attachments which, when opened, damaged files in the computer and then replicated itself by sending similar messages to all the addresses in the infected computer's address book. The estimated damage caused was between US$6.7 billion and US$15.3 billion globally. The virus was traced to an Internet service provider in the Philippines who cooperated with police to locate the residence in question. The student was arrested, but the creation and release of a computer virus was not proscribed by Philippines law at the time. Because the conduct was not illegal in the Philippines, the principle of dual criminality precluded extradition to the United States where such activity was a crime (Bell 2002).

Choosing an appropriate jurisdiction

One of the foremost problems facing high tech crime investigators is determining the jurisdiction in which proceedings should be taken. Where offences are committed in various countries, or where the offender and victim are located in different places, questions arise as to which court should deal with the matter. If charges can be laid in the country in which the offender is located, then problems of extradition will be avoided....




Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo