Features

net.wars: eCrimes of the century

Aha! We have a slogan! "It's cheaper to be defrauded on the Internet!"

It is an Internet truth universally acknowledged, that a law enforcement agent or a politician with a desire to regulate the Net must be in want of the Four Horsemen of the Infocalypse (so dubbed by Tim May). The Four Horsemen are now and ever have been: terrorists, organised crime, drug dealers, and paedophiles.

The delegate to the e-crime Congress held in London this week bounded eagerly up to the platform to receive his door prize in between speeches about the rising tide of Internet crime: extortion, fraud, and copyright infringement. The congress, sponsored by the National Hi-Tech Crime Unit brought together some 500 delegates concerned about high-tech crime from law enforcement and business. A lot of them want the same thing for the future: similar units to be set up in more countries, and an international high-tech crime unit to bind them all and help them share information that would function along the same lines as Interpol does now. You might ask: why can't they just use Interpol? And I'd agree with you: as time goes on, the physical and virtual worlds will be increasingly inextricable from each other, and it's very likely a mistake to lay the ground now for turf wars later.

At this week's e-crime Congress, all Four Horsemen were on 24-hour call. For a rarity, justifiably so. It is, after all, their job to worry about the real dangers posed by the Four on our behalf. It is just unfortunate that in the history of computing and the Internet, law enforcement has invoked the Four so often in the interests of pursuing an agenda which is contrary to our tradition of civil liberties. Balance is hard to find, particularly in the era since September 11, 2001.

The first question is what the term "e-crime" means. Do you, as one speaker asked, mean new types of crime that have been created by the technology? Or do you mean traditional types of crime that have moved online? The temptation is to apply a version of what the Telegraph's Connected section used to call the "telephone test". Under that rule, any story that wouldn't be a story if it involved the telephone instead of the Internet didn't get commissioned. So you could say: any crime that could be carried out over the telephone (or in the physical world) isn't really a high-tech crime. And in fact, many Internet crimes are exactly like that. Robbing banks, extortion, consumer fraud: these are not new crimes.

But what the Internet changes, of course, is scope and scale.

Repeatedly in the last afternoon, when the conference was considering the future of hi-tech crime, speakers such as Joe Triano, director of ecrime and financial intelligence at Citigroup, came back to the mismatch between national police forces and global threats and between emergent crime and traditional investigative structures. Citigroup has, for example 240 investigative staff, 399 security staff, and four ecrime labs intended to handle regional needs in London, Singapore, New York, and Mexico City. Among the barriers to effective investigation listed by Triano: privacy laws.

"Are they," he asked, "becoming a bastion for criminals to hide behind? Is there a balance that needs to be struck?"

Triano lives in the US, where there are effectively no privacy laws. What privacy practices there are, are under threat from the increased, often irrational, demands for identification and surveillance. Europe, including the UK, is following the same trend. Most civil libertarians, therefore, would argue that the balance has tipped heavily in the anti-privacy direction already.

Still, the crime figures are depressing enough. In a recent NHTCU survey 83 percent of medium and large enterprises admitted to being the victims of some form of high-tech crime in 2003; Of these, 77 percent were virus attacks, 20 percent denial-of-service attacks, 17 percent were financial fraud, and 15 percent were spoofed corporate Web sites. The losses were estimated at £195 million, of which just three financial institutions accounted for £60 million. Only 24 percent contacted law enforcement. In the US, the Federal Trade Commission fielded 516,000 complaints in 2003, of which 55 percent were related to Internet fraud and 42 percent were related to identity theft. The median fraud loss was $228; the median Internet loss $195. (Aha! We have a slogan! "It's cheaper to be defrauded on the Internet!")

But what was really depressing at the conference was the apparently low level of the discussion (and can we offer any better example of lack of understanding of the Net than the NHTCU's own Flash-awful Web site?).

The workshops, which were closed to the press, may have gone into more detail. But in the presentation aimed at encouraging people to become proactive in understanding the technology and getting ahead of the criminals in cleverness, the most futuristic technologies mentioned were Web services, grid computing and pervasive wireless devices.

Supposing, asked Colin Upstill from Southampton University, supposing someone could hack into the remote system you use to unlock your front door and enter your house? Bad enough. But net.folk speculate about worse and more futuristic every day. Still, at least they weren't all frothing at the mouth to prosecute file-traders.

Probably a good thing, too. That door prize was a region-free DVD player that also plays DIVXs. DIVXs are currently primarily used to trade illegal copies of TV shows and movies - the mp3s of video.