Collaborating in the Fight Against Cyber Crime

The crimes themselves range from minor nuisance of junk mail, through to the deliberate theft of identity and criminal activities supporting terrorists groups.  So whether you be my 84 year old mother, disabled, living alone in a small village in Wiltshire for whom the internet provides a window on the world, or whether you be a major banking corporation, there are genuine shared interests in how we should address the fight against these new criminals.

Whist intellectually we can separate spamming from virus dissemination, phishing scams and extortion, the boundaries between them are very blurred and frankly I see little merit in separating them, as I believe there needs to be a structured campaign that helps us address the whole spectrum of these issues.  The solutions are not simply changing legislation, or education, or advancing technologies, or international protocols, or better law enforcement.  The solution incorporates all of these.

We know from operation Or, how law enforcement agencies have co-operated in addressing one aspect of the problem, namely child pornography, but in the absence of a much more integrated approach, we will see similar disgraceful sites popping up again and again. 

At this point Mr Miller described to the expert audience a potential cyber crime.

On the subject of spam alone, the OECD task force which the UK hold the vice chairmanship of, are aiming to produce a tool kit for best practice, including technical solutions.  There was recently a workshop in Korea that was aimed at reaching out to Asian countries. We have now entered into a memorandum of understanding with Australia, a European wide database is proposed of ‘dodgy sources’.  There are talks going on today on cross border protocols.  An international action plan to communicate and co-operate on enforcement action to tackle spam was agreed on Monday of this week by 19 bodies from 15 countries attending the London international spam enforcement workshop organised by the OFT and the US Federal Trade Commission. 

 The London Action Plan aims to develop international links to address spam and spam-related problems. Participating government bodies have made commitments to actions including:

• encouraging communication and coordination between agencies to achieve efficient and effective enforcement
• regular conference calls to discuss: cases, legislative developments, investigative techniques, ways to address obstacles to enforcement, consumer and business education projects
• encouraging dialogue between government agencies and private sector representatives to promote ways to support government agencies in bringing spam cases and pursue their own initiatives to fight spam.

But more is needed.  In particular, I would like to highlight the need to put pressure on Russia; I think the G8 provides the ideal vehicle for this, but it is patently obvious that significant cash flows are moving towards Russian organised crime, as a result of some of the particular exploitative techniques that start from spamming.

Debates on spam often develop into a rather sterile argument about ‘opt in’ or ‘opt out’; similar to discussions around telephone direct marketing.  Let me counsel against this division between Europe and the United States, as we can’t change the First Amendment to the US constitution sitting here in London; neither could we do so in five years if we were sitting in Washington.  But of course it is obvious that the authors of the US constitution did not anticipate illicit attempts to sell Viagra to my mother, by a bunch of nerds operating out of Boca Ratan!  We need in my view to focus on the areas of criminality where there is cross border agreement.  Broadly speaking this includes the illicit sale of prescription medicines, extreme forms of pornography, fraud and extortion.  If we could start to get to grips with some of these issues, bringing down the volume of traffic of unwanted materials, we would release enormous resources for a combination of both industry and state players, to focus on the real targets.

The second area to look at is the whole question of malicious attempts to destroy computer systems.  In the year 2000 there was hardly any virus release that didn’t take about 150 days plus, to sweep through our systems. Now we are talking about time of less than 6 days and indeed, I have heard the FBI talk about 45 minutes.  Such is the potency of some of the parasites released into the world.  Clearly education and awareness are critical here and whilst most companies have adopted affective firewall solutions and learn to recognise hoaxes and scams, there are a huge number of businesses particularly in the small and medium sized sector, who are vulnerable.  Having said that, there are some encouraging trends according to Symantec and others involved in the global war.

I don’t suppose there’s anyone of us who have not recently been spoofed in some form or another.  On the 5^th October an email was sent to me by a company advising me that the ‘shocking document’, that I’d had sent them had been blocked by their fire wall.  Some of you might regard some of the political content of my emails as being shocking but I assure you that there was nothing sent by me to anyone, that could fall foul of the fire wall, on that date or any other date and I had never even heard of the company from whom the email arrived.  In other words somebody pretending to be me is out there in the big wide world. Not particularly dangerous on the face of it but think of the character assassination and blackmail that could be undertaken through this technique.

At this point Mr Miller described to the expert audience a second potential cyber crime.

Where there is crime in the physical world I can point you to a parallel in the cyber world.  And just as for example in the fight against drugs one cannot separate the issues of education from tracking the small time seller, all the way through to the campaign against the cartels, the exact same argument applies in the new field of cyber criminology.

My headlines for action would be to encourage groups like yours today Dame Pauline to improve understanding of the threats that businesses face. I would want governments to be prepared to co-operate on a cross border basis and I want to see maximum co-operation between the industry players.  But most of all I want to see action on the single issue that inevitably is of most interest to law enforcement agencies and that is to strengthen the capacity to track the money.  If you can track the money you can find the criminal and it is my contention that a significant degree of progress could be made if we could all enforce international protocols involving the plastic card companies.  If a mechanism can be found to track money transfers to stop my model business, you can from that starve a significant number of illegal operations from continuing to operate in the cyber world.

I hope you can see my point that we cannot simply pick out bits of the spectrum of criminal activity as they are all interlinked.  We need a systematic approach and you are in the strongest position to help develop that and make it happen.