Natalia Akhtyrskaja , Ph.D.
Secret Search in Fighting Cybercrime
Establishing the fact of committed crime is the main problem of investigating crimes in bank computer systems.
Especially, in order to assert with good reason that computer crime has been committed it is necessary to prove:
- the fact, that computer information to which unauthorized access was performed, is protected by laws of Ukraine^;
- the fact, that the malefactor performed certain illegal actions^;
- the fact, that unauthorized actions outraged rights of information owner^;
- the fact of unauthorized access to computers or attempt of obtaining such access^;
- the fact of using money resources obtained by malefactor as a result of illegal actions. For example, it is necessary to prove, that access was unauthorized with a view of committing a crime. Then such facts are to be established and proved:
- unauthorized operations, for example with software, were really performed^;
- these operations were illegal^;
- a person that has performed them knowingly and with criminal intent.
Complex of urgent investigatory actions, obligatory for an initial stage of investigation, should include^:
1. Carrying out a search in the office, at a workplace of suspect with a view of detection and withdrawal of physical carriers of computer information and other documents concerning, or probably concerning, unauthorized relation of software, or carrying other traces of preparation for money theft.
2. Examination of:
- log files for breakdown situations, computer operating time, and rotation of operators^;
- security and control facilities of bank computer systems, that log users, time of system initiation (activation), time of users connection^;
- logs of evening work, a copy of operators actions, printed on a paper during evening information processing, which is performed after each trading day^;
- check numbers of files^;
- chips of permanent memory devices, microprocessors and their circuit research.
3. Examination and analysis of technical instructions on processing daily accounting information with a list of outgoing forms.
4. Interrogation of programmers engaged in software development and its support, experts responsible for information security, experts engaged in service of computer facilities.
5. Assignment of complex judicial-accounting examination engaging experts of law enforcement bodies, experts in computers, document circulation, accounting and reporting organization, information security in computer systems.
During judicial-accounting examination, experts should establish, if infringements of document circulation regulations of representing basic documents in accounting had happened, and fixed on the information carrier, if reasons (committing a crime with intent, abusing or mistaking) and responsible for these infringements persons are established.
Results of technical expert examination should be drawn up as an expert opinion. Thus, it could be considered as evidence in court. Nowadays with the help of such examinations the following tasks may be solved:
1. Reproduction and listing of all parts of information contained on physical carriers, including information contained in other than text form.
2. Restoration of information that had been contained on physical carriers before, and was erased or changed for various reasons afterwards.
3. Establishing time of input, change, deletion or copying of information.
4. Decoding encrypted information, picking out passwords and disclosing security systems.
5. Establishing authorship, place, means, background and ways of documents manufacturing (files, programs).
6. Finding-out possible channels of information outflow from a computer network and premises.
7. Finding-out technical conditions, accuracy of hardware-software system, opportunities of their adaptation for the specific user.
8. Establishing professional training standard of separate persons engaged in programming.
The problem of information security maintenance in Ukraine yet has not involved attention of media and public. It does not bother common people and it seems rather exotic against background of continued economic, ecological and spiritual crisis, nonpayment, and decrease in a standard of living, extended increase in crime. And, nevertheless, it is the problem that has already gradually affected interests of everyone. It is becoming a serious barrier for successful activity of legal entities, funds, and public authorities. In future prospect, it will define a realization opportunity of economic prospects.
It is a question of information field - a field of information manufacture, search, reception, transfer and distribution as well inland, and abroad. It includes also a sphere of intellectual activity of people, their information interaction, cultural heritage preservation and augmentation, management of public life, economic activities of public authorities.
There are some distinctive features of mankind development nowadays. They are: essential increase in technological progress, its influence on people and society, cost increase of new knowledge. And as a result, we have new powerful means of intellectual work support, increase of person's ability to originate new knowledge and to use it efficiently.
There is some not of less important features of lasting period. The problem of increasing integration of people, their growing dependence from each other, integration of a global science, economy, culture, armed forces, states.
Rising need for information interaction between people is after-effect of these factors. Satisfaction quality of this need substantially defines opportunities of people for effective solving of arising professional and private problems. It acts as one of determining factors of successful activity of commercial, industrial and public organizations, and also economic development of countries and regions.
The development of property relations legal securing in information field is proceeding intensively. There is a general tendency for measures toughening of organizational and economic character, criminal prosecution of property offences in information field. In particular, it concerns unauthorized disclosure of state secret and commercial classified information, creation of preconditions to a possibility of such disclosure. Struggle for observance of copyright, industrial samples, intellectual property rights is becoming tougher.
Present-day information technologies (IT) and information play leading role in maintaining further progress of mankind. A significant recognition of this role in advanced countries lies in declaring it to be of a national priority. So the White House carries out initiative of President's Administration in information field that was defined in the Memorandum “Use of Information Technology to Improve Our Society”. According to this document technology in the USA should be developed in a new direction in order to strengthen economic power and to promote economic growth. One of ultimate goals of this initiative is to win a global leadership in abstract science, mathematics and engineering technology. It answers the purpose to strengthen position of US as a superstate that is capable to organize independently new world order under present-day conditions.
All these trends evidence about appearing preconditions for organization of open global information community. On one hand this community is promising an unprecedented opportunity for intellectual development of each person, further acceleration of technological progress. On the other hand, this new community brings a danger of new global scale.
Prepared by UNDP Ukraine in cooperation with the State Committee on Communication and Information, the report "E-Readiness Assessment of Ukraine" http://www.un.kiev.ua/en/undp/publications.php is based on the Harvard Readiness for the Networked World http://cyber.law.harvard.edu/people/seedsofchangemay02.pdf guide. And still, e-readiness of Ukraine is rated at 2.5 degree out of 4 possible. National and international experts analyzed 40 ICT (information and communications technology) indicators, and a series of discussions organized by UNDP brought together scientific, business and civil society groups with parliamentarians and government officials to examine issues. Although Ukraine reportedly ranks fourth in the world http://www.brainbench.com/pdf/globalitiq.pdf in number of highly qualified computer specialists, development of its ITC sector is lagging. 
Development of IT in any country is defined by information-technological policy. This policy does not only efficiently assist this process, but also lags it. Such situation had happened in the former Soviet Union in 70th of the last century, when an agreement about development of computer facilities means of the fourth generation together with firms of England, France and Italy has been prepared. Interest of top computer firms of the Western Europe in such agreement accounted for their mutual desire to get rid of monopoly for computer facilities manufacture of American firms, first of all IBM. Having understood arising serious threat of production sales in Europe, American party undertook emergency counter-measures. System IBM 360 was advertised as the best in the world. Myth about backwardness of Soviet computer facilities and hopeless expectation about planned cooperation of the USSR with European countries simultaneously appeared. Such political mistake has struck the USSR off the list of leaders in IT field.
The total amount of software sales all over the world tends to 15 billion dollars per year. Main part of this sum is received by USA, India, Russia. An intellectual resource of Ukraine is 50 thousand highly skilled programmers.
Speaking about the field of national security maintenance, it is necessary to note that main trends of information provision of law enforcement bodies' activity. On one hand today, it is necessary to start with those new opportunities of present-day computers, particularly, multimedia, ICT and special equipment facilities. On the other hand, we should take into account those negative processes in a society related to emerging criminal situations, development of organized crime, corruption, terrorism, shadow economy.
It is necessary to consider one of essential circumstances for first of all. It is an application of IT, practically, in all areas of a life. It also includes consistent "informatization" of various spheres of criminal activity. Several years ago question was about some exotic computer crimes. Today it is obvious, that society is facing a problem of high technologies application both for preparation and committing crimes, and for ducking out, and first of all, for resistance to law enforcement bodies.
Ideas of criminal environment presence and necessity of intelligence and preventive actions were rather progressive at the beginning of forming a conception about organized crime. However nowadays, penetration of organized crime in all spheres of social, economic and political life of a society is becoming more and more obvious. An extremely high danger to a society and “new problems” to law enforcement brings increasing criminal control of global computer networks, communications, radio, media etc.
Situation becomes more acute by reason of growing use of certain activities of organized crime, such as system intrusion and destruction.
System intrusion crimes. If “traditional criminality” has extrusive system character, i.e. it is being extruded, squeezed out by system of social and legal relations from public life. It is creating, however, its own relations and organized communities, developing traditions and generating a criminal subculture. An intrusion system criminality, is being intruded, penetrated and built in. It starts to play an essential role in system of social, legal, financial, economic relations.
Criminal intent and character of concrete acts that makes a basis of intrusion system criminal activity are extremely hard to prove within a shape of current criminal legislation and practice of application of legal regulations.
Destruction system criminality. Other feature of modern organized crime is related to its destructive character. While "traditional" organized crime has constructive character, i.e. it develops the forbidden types of activity. It establishes criminal control over illegal economy or develops various spheres of shadow economy, using hired labor, creating new workplaces. Destruction system criminality takes incomes due to destruction of a concrete field of economy, due to property and material assets redistribution. First of all, it withdraws financial assets from manufacture, from budgets of local, regional and national levels.
The higher forms of destruction system criminality are: criminal terrorism, mass kidnapping on purpose of profit, unleashing local military conflicts by reason of ethnic collisions and separative movements, i.e. extraction of incomes from destruction of social relations, from undermining of State system, from redistribution of "spheres of influence".
Among new features of the organized crime it is necessary to emphasize growing «social security» both of criminal leaders, and active members of large criminal formations. At the same time, cases of "social incompetence" of law enforcement become more frequent.
Some circumstances, i.e. penetration of organized crime into various spheres of social life, increasing character of system intrusion and destruction of present-day criminality, «social security» and, at last, extending application of IT in criminal activity, demand adequate response from law enforcement, development of new directions of IT counteraction and new "non-traditional" approaches in fighting organized crime .
IT impetuous development leads to situation when many social phenomena find reflection in so-called "virtual worlds", i.e. in those information means as carriers of global computer networks and systems, mass media. Because of fact that organized crime now affects different parts of a social, economic and political life of society, fight against it should provide application of all possible means and methods which have been earlier applied against special services and armies of other countries. This fight naturally should cover "information spheres" which include first of all mass media, and also means of communications, global computer networks, industry of various information services.
Let's pay attention to that fact, that essential increase in efficiency of fighting against up-to-date criminality can be achieved by wide use of modern IT opportunities and special facilities of intelligence services. Again, it demands creation and development of new directions of IT provision of operative search and investigatory activity.
Until recently, informatization of law enforcement activity has lied only in purchasing new computers and accounting automation. At the best, they may have implemented network technologies, information exchange, but with no conceptual framework. Moreover, such new categories of operative search and investigatory activity as: analytical, computer, information intelligence, information security assurance, information psychological influence, yet have not found sufficient coverage in special scientific and educational literature, and also in work of operative search and investigatory departments of law enforcement bodies.
Necessity of such directions as analytical, computer, information intelligence, provoked both criticism concerned with incomplete understanding of a problem by experts. They many years were engaged in a problem of informatization, in particular of law enforcement bodies, and criticism of officials who came to law enforcement bodies from special services and they were engaged in intelligence and secret services activity.
Criticism of the first lied in concept "computer intelligence". This action is not mentioned, in particular, among given in Secret Search Law secret search actions. According to criticism, such term never has existed and should not ever be. When we speak about new directions of secret search, it is enough to use only secret technical actions.
When a legal substantiation of new directions of IT application in secret search actions was defined (such as computer, analytical intelligence), there were reasons for still more criticism. It was that intelligence is legal when it lies in a legal field, and actions which are carried out, say, by sanction of a judge are not intelligence actions. And generally, an opinion has been expressed, that concept "intelligence" is immeasurably more wide and scaled, than concept "secret search activity".
Actually, several years ago concept "intelligence" was not related with a complex of actions directed on fighting against criminality, and was in certain sense tabooed. In works on information analytical provision of secret search activity the term “secret analytical search”  has been defined.
However, it was marked in these works, that it is necessary to retain and enhance all secret tactical opportunities of traditional department of law enforcement. Also it is important to do it while getting any information from any sources about organized crime special service focused on deep intelligence of criminal environment. It is significant to examine phenomena and facts, which make it up or testify about it.
For many years, there is a concept "strategic intelligence" in activity of law enforcement in US, Germany and other countries. It includes reception, accumulation, systematization and the analysis of numerous and rather various data on suspected persons involved in organized crime, including even such data which, at first sight, have no direct attitude to criminal activity. Unlike strategic intelligence, a primary task of "tactical investigation" is assistance in planning concrete police operations and in establishing sources of proofs reception, which would allow to put suspect under arrest and to establish his guilt.
Speaking about age-old dispute on breadth of concepts "secret search activity" and "intelligence", it is necessary to recognize that secret search includes the broadest complex of both public and private actions, the majority of which carries an intelligence character.
Certainly, "intelligence" in broad sense is extremely capacious concept, which has absorbed vast variety of activity of both secret and open reception of diverse information. It also includes an application of various means and methods (radio, space intelligence). Moreover, it will be literally to say, that concept "intelligence", in a certain degree, reflects centuries-old experience of fighting for information, which has been lasting during all history of mankind.
However, with reference to problems of fight against criminality, prevailing position is, that concept "secret search activity" is wider, than concept "intelligence", and naturally, includes all complex of intelligence actions, in particular both analytical and computer intelligence. Also it covers actions, which can be defined as criminal intelligence (carried out in criminal environment), and as information intelligence (investigation in information field).
Priority of secret search, in this case, is related to value of information received as a result of those or other secret search intelligence actions. It is substantially defined by a degree of its legal status, i.e. if it has evidental character and can be used in further investigatory actions and directly in legal process. This factor distinguishes secret search actions from other kinds of intelligence. It demands substantiation according to laws in force, corresponding legal registration and documentation of received intelligence data.
Present-day organized crime is a powerful transnational, social and economic, and fairly, political phenomenon. It is worth to fight against it by all available methods and means, including all complex of intelligence actions and influences based on IT.
It is necessary to remember, what intelligence assumes an estimation of those threats, which organized crime bears in itself. While actions, carried out within the framework of secret search, are aimed at crime prevention and investigation, intelligence assumes revealing threats, which can be outside of a criminal legal field. In particular, search actions in information systems, global computer network, Internet can be carried out within the framework of intelligence activity. At last, intelligence assumes also diverse ways for application of the received information (not only within the framework of criminal legal activity). It is extremely important for the development of non-traditional approaches in fighting against the organized crime.
Organization of practical work will be substantially defined by the way how new directions of IT provision of fighting against criminality are integrated with existing methods and techniques of secret search activity.
 S. Bespalova "E-readiness of Ukraine: New Opportunities of Old Ideas" // "Mirror of the week". - ¹36 (461), 2003. - p.14.
 S. Ovchinskiy "Secret Search Information" // Moscow "INFRA-M", 2000. - p.311.
 "Fighting Against Organized Crime: Basics" // Moscow "INFRA-M", 1996.
^macro[showdigestcomments;^uri;Secret Search in Fighting Cybercrime]