Questions for CCRC Director Asked and Answered
The Computer Crime Research Center (CCRC) is represented in the Internet by websites: http://www.crime-research.org/, http://www.crime-research.ru, http://www.crime-research.iatp.org.ua/, http://cybercrime.zp.ua/ and http://cybercrime.report.ru/ . These websites are well-known by public interested in problems of computer crimes.
Director of CCRC Dr. Vladimir A. Golubev is interviewed by V. Demchenko, a reporter of "R-Inf" news agency (Kiev, Ukraine).
V. Demchenko: Dr. Golubev, would you give us a brief summary on state of affairs with cybercrime in Ukraine and some facts on computer crime in Ukraine?
Dr. Golubev: On opinion of many experts, this phenomenon represents more serious danger for our state today, than it was 5 years ago. Despite of efforts of law enforcement aimed at fighting cybercrimes, their number, unfortunately, does not decrease^; on the contrary, it is constantly increasing.
According to official statistics of Economic Crime Unit of the Ministry of Internal Affairs of Ukraine (http://www.crime-research.ru/library/Koragin.html) for 4 months of 2001 year, 7 crimes have been revealed, in 2002 – 25, for 6 months of 2003 - 51 crime. It is necessary to note, that qualification of the revealed criminal acts in sphere of computer and Internet technologies, except actions provided for by Articles of Section 26 of the Criminal Code of Ukraine, is carried out also on the basis of Articles providing theft, causing of damage, illegal actions with documents of money transfer and other means of access to bank accounts, illegal actions concerning information with restricted access, etc. 24 criminal cases on 37 crimes committed with use of Internet technologies have been processed for the first six months of 2003. On the basis of analysis, it is possible to define groups of widespread crimes in Ukraine.
First group covers offences with ids (logins - passwords, PIN-codes) which are committed both by outsiders, and workers of communication and Internet services companies ("insiders"). Second group is for offences with information of restricted access with use of remote access technologies. It is possible to mark out the third group of crimes with computer accounts, access to which is provided remotely via network technologies. For example, illegal use of "client-bank" systems against enterprises (institutions), or for efficient control of electronic money funds of criminal character.
It is necessary to consider official statistics of cybercrime critically in view of high latency of this kind of crimes. In global practice, unfortunately, it makes only 12% of general number of cybercrimes that reach public and law enforcement. Say for example, what bank is interested in situation when everyone know about its hacked payment system, right next day all clients will close their accounts in this bank. In this view officials of the National Bank of Ukraine say there was no such official statistics (bank automated systems hacking) and would not be.
For clearness, I shall take an example of only one serious cybercrime (http://www.crime-research.ru/library/vinnica.htm). On October 23, 1998, a sum of 80.4 million UAH was stolen from reserve accounts of Vinnitza Regional Department of The National Bank of Ukraine after unauthorized penetration into bank computer networks. Officers of Central Organized Crime Unit of the Ministry of Internal Affairs of Ukraine arrested more than 30 persons, involved in this crime.
Increase in swindle with bank cards represents a serious threat both to domestic economy and each citizen. In Ukraine, level of such swindle is 4-5 times higher than average in other countries (the greatest number of swindlers falls at Kiev - 85%). Swindle in the Internet is increasing too, where counting upon simpleton, the same fraudulent pyramids, frequently faced by us in a real life too, are under construction.
As Vladimir Pristaiko, a chairman deputy of the Security Service of Ukraine, has declared this year in the Verhovna Rada that “level of loss caused by computer crimes in Ukraine now makes tens millions UAH. Crimes in sphere of computers repeatedly created real preconditions for occurrence of extreme situations in Ukraine, including situations at critical infrastructure units".
V. Demchenko: Dr. Golubev, what is the relative positioning of Ukrainian cyber criminality in the world?
Dr. Golubev: Similar trends are observed all over the world, and Ukraine is not unique. Distribution of computer viruses, swindle with plastic cards, theft of money resources from bank accounts, computer information theft and violation of service regulations of automated computer systems are even not all kinds of computer crimes. That is why the problem of counteraction to them is emerging both for Ukraine, and many other countries of the world. The main feature of such criminality as the integral part of the general criminality lies in fact that every year brings new tendencies of aggravation and it is getting a transnational (boundless) character. Such illegal actions already represent certain public danger which really threatens information safety, a compound of national safety. This month Ukrainian hackers have attacked computer payments system of The Royal Bank of Scotland Group (Great Britain). As a result the system of payments (WorldPay) has been put out of action. The Royal Bank of Scotland is taking measures now to renew the computer system of retail payments. By means of this system The Royal Bank served 27,000 clients by WorldPay and accepted payments on Visa, Mastercard, Diners and Eurocard in more than 27 countries all over the world. Maxim Kovalchuk, 25 years old resident of Ternopol, Ukraine, who, as known, has been arrested in Bangkok, was nominated as the "Best hacker" of October. As experts assert, he is one of the most dangerous hackers in the world and he has caused damage of 100 million USD to leading computer companies of the USA.
On our opinion, owing to use of the newest information technologies on the criminal purpose, today this phenomenon represents more serious danger, than 5 years ago and also increasing vulnerability of information infrastructure of our state. Despite of efforts of many countries aimed at fighting cybercrimes, their number does not decrease, and, on the contrary, is constantly increasing. And Ukraine is also involved in this negative process.
V. Demchenko: what are the necessary measures on preventive maintenance and control of cyber criminality in Ukraine, on your opinion?
Dr. Golubev: In view of the previous answers to your questions, it is necessary to think about preventive measures of computer criminality in Ukraine today, tomorrow it will be too late. The analysis of domestic laws regulating public information relations allows to assert that our state takes necessary actions aimed at preventive measures and counteraction to computer criminality. As an example we can cite "Information Policy" presidential decree dated July 31, 2000, and also Section 16 “Crimes in sphere of computers, systems and computer networks" of the recently adopted Criminal Code of Ukraine. On April 3, 2003 at session of the Verhovna Rada of Ukraine a draft "Modifications in the Criminal Code of Ukraine" according to which, opportunities of Security Service of Ukraine will be extended in investigating of infringements in work of automated systems, has been assumed as basis.
As is known, Leonid Kuchma, the President of Ukraine, passed modifications of The Concept (fundamentals of state policy) of the National Security of Ukraine have been approved earlier by the Verhovna Rada. The corresponding law on fundamentals of national safety of Ukraine has been adopted by the Verhovna Rada on June 19, 2003. The law inures from the date of its publication.
I believe, that acceptance of The Concept (fundamentals of state policy) of the National Security of Ukraine in which computer criminality and computer terrorism are among priority threats. This Concept undoubtedly will promote counteraction to this evil at national level and activation of the international cooperation of law enforcements.
Especially i would like to emphasize, that the problem of preventive measures and counteraction to cyber criminality is a complex problem in Ukraine. Present laws should meet the requirements of modern level of technologies development. A priority direction covers also interaction and coordination of efforts for law enforcement bodies, special services, court system, maintenance of their necessary material and technical base. Any state today is not capable to resist this harm independently. Necessity of activation of the international cooperation in this sphere is essential.
V. Demchenko: what is the role for CCRC in this process?
Dr. Golubev: The role of the Center in this process follows from overall objective of its foundation - conducting researches, organization of information exchange and search of effective methods on fighting criminality in sphere of computer technologies. For the management of such research work and information exchange on issues of fighting computer criminality with the countries of CIS, Europe and the USA, we created five websites: http://www.crime-research.org/, http://www.crime-research.ru, http://www.crime-research.iatp.org.ua/ , http://cybercrime.zp.ua/ , and http://cybercrime.report.ru. Our researches are conducted in close interaction with our scientific partners from the Transnational Crime and Corruption Center (TraCCC) at the American University and volunteer researchers from Ukraine, Russia, republic of Belarus, republic of Moldova and other countries. We have wide scientific exchange with foreign partners: from exchange of scientific articles and news up to organization and holding of the international conferences and seminars (http://www.crime-research.ru/events.html ).
In our activity we highlight training of students and experts on questions of the prevention and investigation of offences in sphere of the intellectual property and high technologies. We have prepared a special course "methods of computer crimes investigation" which I lecture in Law Faculties in two Zaporozhye universities. You will find a unique textbook for cyber police "Problems of Fighting Computer Crimes" which has been issued in 2002 in library of our Center. It is recommended by the Ministry of Education and Sciences of Ukraine as the manual for students of higher educational institutions (http://www.crime-research.ru/books.html and http://www.crime-research.ru/library/book13.html).
For 2 years of work we have created unique and accessible to millions of users Internet e-library in Ukrainian, Russian and English languages which counts more than 500 scientific articles devoted to questions of computer criminality (http://www.crime-research.ru/articles.html).
I think, that it is better to see once than to hear hundred times, therefore I invite all of you who are not indifferent to the given problems to visit our site at http://www.crime-research.ru/.
V. Demchenko: could you draw a psychological portrait of Ukrainian cyber criminal?
Dr. Golubev: In the view of psychological portrait, cyber criminal as a rule, is a creative person, professional, capable to face technical challenge and risk. Hackers-amateurs are the most numerous, and the least dangerous. 80% of all computer attacks fall to their share. This category is interested not in certain purpose, and process of attack, they feel pleasure from overcoming systems of protection. More often their actions are prevented easily as hackers-amateurs prefer not to risk and break the law.
Questioning carried out by our Center (http://www.crime-research.ru/library/Golubev0104.html ) has shown that the age of computer offenders varies in range from 14 till 45 years.
The age of 33% of swindlers at the moment of committing a crime did not exceed 20 years, 54% of them were from 20 to 40 years, 13% - older than 40 years old. That is to say, research disproves the existing opinion that hackers are mainly 13-20 years old. The number of computer crimes committed by men is 5 times greater. 53,7% of swindlers have higher or incomplete higher technical education, and 19,2% of them have other higher or incomplete higher education. Lately, the number of women engaged in these crimes is increasing.
The most dangerous group is made up by professional computer criminals with evident mercenary purpose. 79% of all crimes fall to their share, these crimes are related to frauds with bank accounts. It is possible to characterize this group as highly skilled experts. They know perfectly details of information technologies, but also have several programming languages at their disposal, they are really good in breaking protection systems and they do not leave any traces generally. This category of cyber criminals is the most dangerous.
^macro[showdigestcomments;^uri;Questions for CCRC Director Asked and Answered]