International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime...
Transcript of International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime...
![Page 1: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/1.jpg)
International Cooperation inCybercrime Investigations
Joel SchwarzComputer Crime & Intellectual Property SectionCriminal Division, US Department of Justice
![Page 2: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/2.jpg)
2
The Challenges of Globalization of Crim
inal Investigations
Challenges from a LE perspective : Enact sufficient laws
to criminalize
computer abuses;
Commit adequate personnel and resources;
Improve abilities to locate and identify
criminals;
Improve abilities to collect and share evidence internationally
to bring
criminals to justice.
![Page 3: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/3.jpg)
3
Where Country A
criminalizes certain conduct & Country B
does not, a bridge for
cooperation may not exist -
“dual
criminality”Extradition treaties
Mutual Legal Assistance Treaties
Convention on CybercrimeActs as a Mutual Legal Assistance Treaty where countries do not have an MLAT
Model to ensure act is criminalized in each country
Laws don’t need to have same name, or same verbiage
just similar elements
Criminalize Attacks on Com
puter Networks
![Page 4: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/4.jpg)
4
Law Enforcement Needs
Experts dedicated to High-tech Crime
Experts available 24 hours a day (home & beeper)
Continuous training
Continuously updated equipment
Each country
needs this expertise
![Page 5: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/5.jpg)
5
Solutions Are Not Always Easy
Difficult budget issues arise (even in the U.S.)
Requires the commitment of the most senior officials
Often close cooperation with the private sector can help
Disparity of resources: Criminal: crossing border is a trivial action
LE: cooperating across those same borders is very difficult for investigators
![Page 6: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/6.jpg)
6
A Criminal Intrudes into a Bank in Manila
Philippine investigators discover attack came from computer in Namibia
Namibian investigators discover attack came from Seoul
Korean agents
discover attack
came from Vancouver
Canadian agents make the arrest
![Page 7: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/7.jpg)
7
Primary investigative step is to locate source of the attack or communication
Very often what occurred is relatively easy to discover, but identifying the person responsible is very difficult
Applies to hacking crimes as well as other crimes facilitated by computer networks
Locating and Identifying Crim
nals
![Page 8: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/8.jpg)
8
Only 2 ways to trace a communication:
1.
While it is actually occurring
2.
Using data stored by communications providers
Tracing Comm
unications
![Page 9: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/9.jpg)
9
Infrastructure must generate traffic data in the first place
Carriers must have kept sufficient data to allow tracing
Certain legal regimes require destruction of data
The legal regime must allow for timely access by law enforcement that does not alert customer
The information must be shared quickly
Preservation of evidence by law enforcementCritical given the speed of international legal assistance procedures
Must be possible without “dual criminality”
Convention on Cybercrime, Article 29
Tracing Comm
unications
![Page 10: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/10.jpg)
10
Solution: Sharing Evidence
Countries must improve their ability to share data quickly
If not done quickly, the electronic “trail”
will disappear
Yet most cooperation mechanisms take months (or years!), not minutes
![Page 11: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/11.jpg)
11
Solutions for Collecting and Sharing Evidence
Convention on Cybercrime Parties agree to provide assistance to other countries to obtain and disclose electronic evidence
Convention on Cybercrime, Article 30: expedited disclosure of traffic data1.Preserve all domestic traffic data2.Notify requesting country if trace leads
to a third country3.Provide sufficient data to allow
requester to request assistance from the third country
![Page 12: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/12.jpg)
12
24/7 High Tech Crime
Network 1
LE Problem: MLA on computer/internet cases
Solution: 24/7 emergency contact networkKnowledgeable LE point of contact –
tech & law
Data preservation, advice, ISP contacts, start mutual legal assistance process
Available 24/7
ParticipationAbout 50 countries –
open to all, not exclusive club
South Africa, Namibia, Mauritius, Korea, Taiwan, etc.
![Page 13: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/13.jpg)
13Law Enforcement 24/7 Network (November 2007)
![Page 14: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/14.jpg)
14
24/7 High Tech Crime
Network 2
Requirements: person on call Technical knowledgeKnow domestic laws and proceduresNo big office or fancy command center neededNo promise of assistance –
just immediate availabilityDoesn’t supplant ordinary mechanisms –--
it enhances and fills a gapContact CCIPS if interested...
All countries need advice (large and small)Borrow each other’s expertise, help with policyExpect another training for 24/7 countries in 2008
It works! South American kidnapping case...
![Page 15: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/15.jpg)
15
Ongoing International Efforts
APEC leaders committed to:Modernize legal frameworksDevelop cybercrime investigative units and 24/7 response capabilityEstablish threat and vulnerability information sharing
OAS: providing assistance to member states
Regional workshops1st
series: Policy and legislative development2nd
series: Computer investigations and forensics, international cooperation3rd
series: Being developedOECD: “Culture of Security”Africa –
what’s going on locally?
![Page 16: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/16.jpg)
16
• June 2006 -- 2 training workshops (1 week each)• 20 sub-Saharan African nations attended• Results of workshops:
• 2 additional African countries join 24/7 Network• CCIPS asked for legislative draft assistance
• Currently finalizing planning and funding for next African-region workshops – likely in West Africa in 2008
• looking for regional partners and hosts
• African-focused ListServ: [email protected]
• share insights, seek help and guidance from others, update each other on in-country/region developments
African Region CC Initiatives
![Page 17: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/17.jpg)
17
Conclusion
Every country relies on the others for assistance in responding to the threat of cybercrimeEach country needs to:
Enact adequate substantive and procedural lawsEmpower its law enforcement authorities to collect evidence for other countriesWork to enhance the rapid collection and international sharing of electronic evidence
![Page 18: International Cooperation in Cybercrime Investigations · International Cooperation in Cybercrime Investigations Joel Schwarz. Computer Crime & Intellectual . Property Section. Criminal](https://reader036.fdocuments.us/reader036/viewer/2022062402/5f02fb8c7e708231d406f639/html5/thumbnails/18.jpg)
18
Questions?