International Cooperation in Cybercrime …OAS Regional Cyber Crime Workshop, April 2007 24 Other...

Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section

International International Cooperation inCooperation in

Cybercrime Cybercrime InvestigationsInvestigations

Albert Rees Albert Rees Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property SectionCriminal Division, U.S. Department of JusticeCriminal Division, U.S. Department of Justice

OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 2

A Criminal A Criminal Intrudes into Intrudes into

a Bank in a Bank in BangkokBangkok

Thai investigators discover attack came Thai investigators discover attack came from computer in Buenos Airesfrom computer in Buenos Aires

Argentinean Argentinean investigators investigators

discover attack discover attack came from came from BucharestBucharest

Romanian agents discover attack came Romanian agents discover attack came from Vancouverfrom Vancouver

Canadian Canadian agents agents make the make the arrestarrest

The Challenges ofThe Challenges of International Cybercrime International Cybercrime

InvestigationsInvestigations• Countries must:

– Enact laws to criminalize computer abusescriminalize computer abuses

– Commit adequate personnel and resourcespersonnel and resources

– Improve abilities to locate and identifylocate and identify criminals

– Improve abilities to collect and share evidence collect and share evidence internationallyinternationally

CHALLENGE:CHALLENGE:

Enacting Laws toEnacting Laws to Criminalize Computer AbusesCriminalize Computer Abuses

The Need to Make Attacks onThe Need to Make Attacks on Computer Networks a CrimeComputer Networks a Crime

• “Dual Criminality” usually necessary for two countries to cooperate on a particular criminal matter

• Dual Criminality forms the basis for:– Extradition treaties– Mutual Legal Assistance Treaties

Overcoming theOvercoming the Dual Criminality DivideDual Criminality Divide

• Countries must agree on what to criminalize – OAS Cybersecurity Strategy– UN General Assembly Resolution 55/63

• Effort to do so: Cybercrime Convention– A baseline for substantive law

• Countries must amend their laws to implement

Committing Adequate Personnel and Committing Adequate Personnel and ResourcesResources

Law Enforcement NeedsLaw Enforcement Needs

• Experts dedicated to high-tech crime• Experts available 24 hours a day• Continuous training• Continuously updated equipment

– no longer a “flashlight and a gun”

•• Each countryEach country needs this expertise

Solutions Are Not Always EasySolutions Are Not Always Easy

• Cyber security strategy must be formulated

• Difficult budget issues arise (even in the US)

• Requires commitment from senior officials

• Cooperation with the private sector can help

Improve Ability to Locate and Identify Improve Ability to Locate and Identify CriminalsCriminals

The Problem of Locating and The Problem of Locating and Identifying CriminalsIdentifying Criminals

• Primary investigative step is to locate source of the attack or communication

–– WhatWhat occurred may be relatively easy to discover–– IdentifyingIdentifying the person responsible is very difficult

• Applies to hacking crimes as well as other crimes facilitated by computer networks

Tracing a Communication Tracing a Communication

• Only 2 ways to trace a communication:

1. While it is actually occurring2. Using data stored by communications providers

Tracing a Communication Tracing a Communication

• Infrastructure must generate traffic data

• Carriers must keep sufficient data to allow tracing

• Laws and procedures must allow for timely access by law enforcement that does not alert customer

• Information must be shared quickly

Solving the Tracing Dilemma I: Solving the Tracing Dilemma I: Traffic DataTraffic Data

• Countries should encourage providers to generate and retain critical traffic data

• Law enforcement’s ability to identify criminals is enhanced by access to traffic data– Countries have taken different approaches to

balancing this need against other societal concerns – Industry will have views about appropriate retention

periods

Solving the Tracing Dilemma II: Solving the Tracing Dilemma II: Law Enforcement AccessLaw Enforcement Access

• Legal systems must give law enforcement authority to access traffic data– For example: access to stored log files and to traffic

information in real-time

•• Preservation of evidence by law enforcementPreservation of evidence by law enforcement– Critical because international legal assistance

procedures are slow– Must be possible without “dual criminality”– Convention on Cybercrime, Article 29

Solving the Tracing Dilemma III: Solving the Tracing Dilemma III: Sharing EvidenceSharing Evidence

• Countries must improve their ability to share data quicklyquickly

• If not done quickly, the electronic “trail” will disappear– Most cooperation mechanisms take months (or

years!), not minutes– Convention on Cybercrime, Article 30: expedited

disclosure of traffic data

Solving the Tracing Dilemma III: Solving the Tracing Dilemma III: Sharing EvidenceSharing Evidence

• When law enforcement gets a request, it should be able to:

1. Preserve all domestic traffic data2. Notify the requesting country if the trace leads

back to a third country3. Provide sufficient data to the requesting country to

allow it to request assistance from the third country

• Countries must be able to do this for each other quickly, and on a 24/7 basis

GG--8 24/7 High Tech Crime Network8 24/7 High Tech Crime Network

Improve Abilities to Collect and Share Improve Abilities to Collect and Share Evidence InternationallyEvidence Internationally

Collecting and Sharing EvidenceCollecting and Sharing Evidence

• Will evidence collected in one country be admissible in another country’s courts?

• Potential for evidentiary problems– Collection of digital evidence– Tracing electronic communications across the globe– Computer forensics

• Current mutual legal assistance treaties may not accommodate electronic evidence

Solutions for Collecting and Solutions for Collecting and Sharing Evidence Sharing Evidence

• Convention on Cybercrime – Acts as a Mutual Legal Assistance Treaty where

countries do not have one– Parties agree to provide assistance to other

countries to obtain and disclose electronic evidence

• Developing international technical standards– International Organization for Computer Evidence

Unilateral Evidence Collection Unilateral Evidence Collection

• Publicly available information

• Obtaining electronic evidence with consent of owner– G-8 and Council of Europe acceptance

Informal Cooperative MeasuresInformal Cooperative Measures

• Investigator to investigator

• Advantage: fast

• Disadvantages: – Frequent domestic legal restrictions on

providing assistance– May be difficult to locate an investigator who

can and will provide assistance

Other Cooperative MeasuresOther Cooperative Measures

• Joint investigation

• Some US points of contact in your country– FBI Legal Attaché (LEGATT), an FBI agent– Department of Justice Legal Attaché, a prosecutor– Immigration & Customs Enforcement (ICE)– Secret Service (USSS)

• INTERPOL and similar organizations

FOR MORE INFORMATIONFOR MORE INFORMATION

Albert Rees

+1 (202) 514-1026

albert.rees@usdoj.gov

International Cooperation in Cybercrime …OAS Regional Cyber Crime Workshop, April 2007 24 Other...

Documents

Transcript of International Cooperation in Cybercrime …OAS Regional Cyber Crime Workshop, April 2007 24 Other...

White-Collar Cybercrime: White-Collar Crime, Cybercrime ...sites.wp.odu.edu/.../sites/14757/2019/05/white-collar-cybercrime.pdf · White-Collar Cybercrime: White-Collar Crime, Cybercrime,

Cybercrime Booklet

Cybercrime Fighting cybercrime...Cybercrime Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 12 Fighting cybercrime Measuring cybercrime The cost

OAS - 2015

cybercrime law.pdf

Negresti Oas

Oas Instructions

Cybercrime - SpPL

Cybercrime - Grant Thornton Ireland · PDF file2 Types and characteristics of cybercrime Definition of cybercrime In assessing the current state of cybercrime, we need to consider

The Business of Cybercrime A Complex Business Modella.trendmicro.com/media/wp/cybercrime-business-whitepaper-en.pdf · The Growth of Cybercrime Unfortunately for consumers, cybercrime

OAS Development Cooperation Fund SEDI/DCF OAS/DCF.

Cybercrime 3

International Telecommunication Union Cybercrime ...€¦ · International Telecommunication Union Cybercrime Legislation Resources ITU TOOLKIT FOR CYBERCRIME LEGISLATION ... This

Corruption - OAS

Fighting Russian Cybercrime Mobsters - Black Hat is Online Cybercrime? Russian Justice System ... What is Online Cybercrime? Progression of Russian Cybercrime ... • Rise of Nationalism.

Using OAS

4598 cybercrime

Cybercrime ppt

2020 OAS-MIU Scholarship Opportunity · 2020 OAS-MIU Scholarship Opportunity ABOUT THE PARTNER INSTITUTIONS The OAS General Secretariat (GS/OAS) is the central and permanent organ

OASRetirement and Pension Fund Association of Retirees of the OAS (AROAS) Department of Human Resources of the OAS OAS Staff Association OAS Staff Federal.