Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
International International Cooperation inCooperation in
Cybercrime Cybercrime InvestigationsInvestigations
Albert Rees Albert Rees Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property SectionCriminal Division, U.S. Department of JusticeCriminal Division, U.S. Department of Justice
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 2
A Criminal A Criminal Intrudes into Intrudes into
a Bank in a Bank in BangkokBangkok
Thai investigators discover attack came Thai investigators discover attack came from computer in Buenos Airesfrom computer in Buenos Aires
Argentinean Argentinean investigators investigators
discover attack discover attack came from came from BucharestBucharest
Romanian agents discover attack came Romanian agents discover attack came from Vancouverfrom Vancouver
Canadian Canadian agents agents make the make the arrestarrest
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 3
The Challenges ofThe Challenges of International Cybercrime International Cybercrime
InvestigationsInvestigations• Countries must:
– Enact laws to criminalize computer abusescriminalize computer abuses
– Commit adequate personnel and resourcespersonnel and resources
– Improve abilities to locate and identifylocate and identify criminals
– Improve abilities to collect and share evidence collect and share evidence internationallyinternationally
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 4
CHALLENGE:CHALLENGE:
Enacting Laws toEnacting Laws to Criminalize Computer AbusesCriminalize Computer Abuses
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 5
The Need to Make Attacks onThe Need to Make Attacks on Computer Networks a CrimeComputer Networks a Crime
• “Dual Criminality” usually necessary for two countries to cooperate on a particular criminal matter
• Dual Criminality forms the basis for:– Extradition treaties– Mutual Legal Assistance Treaties
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 6
Overcoming theOvercoming the Dual Criminality DivideDual Criminality Divide
• Countries must agree on what to criminalize – OAS Cybersecurity Strategy– UN General Assembly Resolution 55/63
• Effort to do so: Cybercrime Convention– A baseline for substantive law
• Countries must amend their laws to implement
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 7
CHALLENGE:CHALLENGE:
Committing Adequate Personnel and Committing Adequate Personnel and ResourcesResources
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 8
Law Enforcement NeedsLaw Enforcement Needs
• Experts dedicated to high-tech crime• Experts available 24 hours a day• Continuous training• Continuously updated equipment
– no longer a “flashlight and a gun”
•• Each countryEach country needs this expertise
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 9
Solutions Are Not Always EasySolutions Are Not Always Easy
• Cyber security strategy must be formulated
• Difficult budget issues arise (even in the US)
• Requires commitment from senior officials
• Cooperation with the private sector can help
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 10
CHALLENGE:CHALLENGE:
Improve Ability to Locate and Identify Improve Ability to Locate and Identify CriminalsCriminals
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 11
The Problem of Locating and The Problem of Locating and Identifying CriminalsIdentifying Criminals
• Primary investigative step is to locate source of the attack or communication
–– WhatWhat occurred may be relatively easy to discover–– IdentifyingIdentifying the person responsible is very difficult
• Applies to hacking crimes as well as other crimes facilitated by computer networks
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 12
Tracing a Communication Tracing a Communication
• Only 2 ways to trace a communication:
1. While it is actually occurring2. Using data stored by communications providers
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 13
Tracing a Communication Tracing a Communication
• Infrastructure must generate traffic data
• Carriers must keep sufficient data to allow tracing
• Laws and procedures must allow for timely access by law enforcement that does not alert customer
• Information must be shared quickly
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 14
Solving the Tracing Dilemma I: Solving the Tracing Dilemma I: Traffic DataTraffic Data
• Countries should encourage providers to generate and retain critical traffic data
• Law enforcement’s ability to identify criminals is enhanced by access to traffic data– Countries have taken different approaches to
balancing this need against other societal concerns – Industry will have views about appropriate retention
periods
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 15
Solving the Tracing Dilemma II: Solving the Tracing Dilemma II: Law Enforcement AccessLaw Enforcement Access
• Legal systems must give law enforcement authority to access traffic data– For example: access to stored log files and to traffic
information in real-time
•• Preservation of evidence by law enforcementPreservation of evidence by law enforcement– Critical because international legal assistance
procedures are slow– Must be possible without “dual criminality”– Convention on Cybercrime, Article 29
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 16
Solving the Tracing Dilemma III: Solving the Tracing Dilemma III: Sharing EvidenceSharing Evidence
• Countries must improve their ability to share data quicklyquickly
• If not done quickly, the electronic “trail” will disappear– Most cooperation mechanisms take months (or
years!), not minutes– Convention on Cybercrime, Article 30: expedited
disclosure of traffic data
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 17
Solving the Tracing Dilemma III: Solving the Tracing Dilemma III: Sharing EvidenceSharing Evidence
• When law enforcement gets a request, it should be able to:
1. Preserve all domestic traffic data2. Notify the requesting country if the trace leads
back to a third country3. Provide sufficient data to the requesting country to
allow it to request assistance from the third country
• Countries must be able to do this for each other quickly, and on a 24/7 basis
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 18
GG--8 24/7 High Tech Crime Network8 24/7 High Tech Crime Network
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 19
CHALLENGE:CHALLENGE:
Improve Abilities to Collect and Share Improve Abilities to Collect and Share Evidence InternationallyEvidence Internationally
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 20
Collecting and Sharing EvidenceCollecting and Sharing Evidence
• Will evidence collected in one country be admissible in another country’s courts?
• Potential for evidentiary problems– Collection of digital evidence– Tracing electronic communications across the globe– Computer forensics
• Current mutual legal assistance treaties may not accommodate electronic evidence
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 21
Solutions for Collecting and Solutions for Collecting and Sharing Evidence Sharing Evidence
• Convention on Cybercrime – Acts as a Mutual Legal Assistance Treaty where
countries do not have one– Parties agree to provide assistance to other
countries to obtain and disclose electronic evidence
• Developing international technical standards– International Organization for Computer Evidence
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 22
Unilateral Evidence Collection Unilateral Evidence Collection
• Publicly available information
• Obtaining electronic evidence with consent of owner– G-8 and Council of Europe acceptance
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 23
Informal Cooperative MeasuresInformal Cooperative Measures
• Investigator to investigator
• Advantage: fast
• Disadvantages: – Frequent domestic legal restrictions on
providing assistance– May be difficult to locate an investigator who
can and will provide assistance
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 24
Other Cooperative MeasuresOther Cooperative Measures
• Joint investigation
• Some US points of contact in your country– FBI Legal Attaché (LEGATT), an FBI agent– Department of Justice Legal Attaché, a prosecutor– Immigration & Customs Enforcement (ICE)– Secret Service (USSS)
• INTERPOL and similar organizations
Computer Crime & Intellectual Property SectionComputer Crime & Intellectual Property Section
OAS Regional Cyber Crime Workshop, April 2007OAS Regional Cyber Crime Workshop, April 2007 25
FOR MORE INFORMATIONFOR MORE INFORMATION
Albert Rees
+1 (202) 514-1026
Top Related