AustLII Home | Databases | WorldLII | Search | Feedback

Australian Federal Police - Platypus Journal/Magazine

You are here:  AustLII >> Databases >> Australian Federal Police - Platypus Journal/Magazine >> 1998 >> [1998] AUFPPlatypus 13

Database Search | Name Search | Recent Articles | Noteup | LawCite | Author Info | Download | Help

Editors --- "Crime in Cyberspace: Trends in computer crime in Australia" [1998] AUFPPlatypus 13; (1998) 59 Platypus: Journal of the Australian Federal Police, Article 1


Crime in cyberspace

Trends in computer crime in Australia

The following paper addresses selected emerging trends in computer-related crime in Australia and is essentially an early warning call for Australian law enforcement and national security agencies.

It was prepared by Glenn Wahlert from a study he undertook for the Office of Strategic Crime Assessments where he was a senior analyst. Now the Manager of Corporate and Strategic Planning with the AFP, Mr Wahlert is also a member of the Law Enforcement Research Group on Electronic Commerce.

The paper was presented at an Australian Institute of Criminology conference titled ‘Internet Crime' held at the University of Melbourne earlier this year.

The increasing dependence of business on computer systems has made many more organisations vulnerable to the impact of computer crime. Indeed, more companies are worried about the risk of computer crime than they are about product liability, fraud and theft.

This is one of the conclusions of a recent survey of 2000 UK public and private organisations. Such a comment is supported by the findings of the Office of Strategic Crime Assessments' (OSCA) 1997 Computer Crime and Security Survey that showed a direct correlation between the growing dependence on computer technology and the level of vulnerability to abuse or misuse of these systems.

Without more effective mechanisms for controlling this abuse we can expect it to increase significantly with the rise in computer use over the next decade.

Rise in external attacks

Australian companies remain most vulnerable to computer misuse from their own employees, contractors, consultants, or anyone else with knowledge of and access to their computer systems.

Fifty-four per cent of respondents either had suffered from some form of unauthorised use or were unaware whether they had a problem. This is consistent with overseas trends — for example, the US figure for ‘Yes' is about 42 per cent.

Almost 90 per cent of those that had a problem were able to trace to people who had legitimate access to their systems. Sixty per cent identified the source as external to their organisation (meaning that there was a significant group who had experienced both internal and external attacks). These figures are also on par with similar surveys in the UK, the USA and Europe.

However, there is evidence to suggest that the external threat has increased substantially over the past five years and that it is likely to continue to do so in at least the medium term (three to five years).

This was the perception of respondents to the 1997 OSCA survey — hacking or systems intrusion was clearly identified as the main cause of concern to the sample group over the next five years.

That the level of external attacks is likely to continue to increase in absolute numbers and degree of sophistication is suggested by recent reporting by the Australian Computer Emergency Response Team (AustCert) and Australian law enforcement agencies.

Three factors are creating an environment in Australia that is supportive of such a trend:

• Firstly, the first generation of computer-literate citizens will reach adulthood shortly after the turn of the century and may open a new age in the annals of crime and crime fighting. In the future many more users will have skills far beyond those of today's hackers/crackers — a process which has been described as the democratisation of computer crime.

• Secondly, hackers are using the Internet chat rooms and discussion groups to share information on system vulnerabilities. Basically, the Internet has become one big laboratory where hackers share information, hone their skills and techniques and develop tools. Once perfected, they import their work into corporate networks and proprietary environments. After a successful penetration they document their techniques and package the tools for others to use. The Internet has proved an almost ideal learning environment for existing and future hackers.

• And finally, there is a growing concern that the benign ‘hacker' is being replaced by the menacing ‘cracker' — an individual or member of a group intent on using cyberspace for illegal profit. The 1997 Computer Crime and Security Survey highlighted financial gain as a principal motivator for external attacks.

For law enforcement the potential for a rise in external computer attacks, compared to insider abuse, is more worrying. One reason is the anonymous and borderless nature of crime in cyberspace and the associated intelligence, jurisdictional and evidentiary problems that this creates. Another key issue for law enforcement may be the further internationalisation and sophistication of criminal activity utilising powerful computer networks. Additionally, transnational criminal organisations may develop the capability to inflict damage on these systems and disrupt specific components of Australia's national information infrastructure, especially those that have a high level of technology dependence.

Potential vulnerability of the Australian banking and finance sector

While the Australian financial industry has, in the main, a very responsible and realistic attitude to protecting its electronic transaction systems and financial data, it is not immune from attacks. Internationally, attacks on financial institutions are not only increasing but are also becoming more sophisticated.

The 1997 Computer Crime and Security Survey highlighted some concern regarding the vulnerability of our banking and finance sector — this group was:

• the most regularly and frequently attacked by both insiders and external antagonists;

• it was subjected to a wider variety of attack types; and

• for a more diverse range of reasons.

However, it is accepted that it is also difficult to assume that a particular industry sector is more vulnerable than another. As stated in the body of the survey report, our banks and finance companies may have more effective mechanisms for identifying computer-related problems. Nevertheless, it does highlight the need for continued vigilance, especially considering that the banking and finance industries are a critical element of Australia's national information infrastructure.

While the banks topped the list of the most frequently attacked, at the moment they have only limited connectivity to the outside world. This, however, is set to change in the next few years. All of Australia's banks have either moved to accommodate Internet banking services, digital cash, smart cards and digital signature verification techniques or are planning to do so in the short to medium term. This will, of necessity, make the banks more electronically accessible to the public. What increased level of vulnerability, if any, this may cause is yet to be assessed.

Reporting

The potential vulnerability of our banks to computer misuse raises the important issue of reporting. There is a veil of secrecy surrounding computer crime that is difficult to lift, especially by law enforcement.

This is a key issue not only for law enforcement but also for national security agencies and Australian industry. Without a reliable threat assessment or accurate data on which to base such an assessment, neither law enforcement nor industry can conduct meaningful risk management, nor can we structure a coherent national response. Reporting these attacks is an essential first step to overcoming the growing problem of computer attacks on business systems.

A related issue is to what extent industry can detect computer-related crime. Australian computer crime investigators believe that the level of computer crime in Australia is much higher than reported.

Two reasons are commonly given for this.

• Most computer-related crimes probably go undetected. A 1994 UN report estimated that the number of reported incidents might represent only five per cent of the total number of offences committed. This is consistent with reports from Australian law enforcement agencies. For example, during investigations into unlawful intrusion to computer and communications systems, the AFP determined that at least 80 per cent of computer crime victims were completely unaware that an offence involving their system had been committed.

• Few crimes that are detected are made public because many companies are loath to admit that their security systems are fallible. The 1997 OSCA survey showed that fewer than 20 per cent of those companies that had admitted to suffering some form of computer misuse reported the incidents to law enforcement. Some respondents were quite candid in their comments, indicating that their organisations had no mechanisms for determining whether or not computer misuse had or was occurring. Such a blas or indifferent approach to computer security is worrying to law enforcement, as it is in this environment that computer crime can thrive undetected.

Counterfeiting

Computer technology has created a revolution in counterfeiting. New technologies have not only broadened the scope of counterfeiting operations but have also made it increasingly difficult for law enforcement to detect. Trends identified by Australian law enforcement agencies, which are expected to become more common and sophisticated over the next five years, include the counterfeiting of the following:

Identities

Australian law enforcement agencies have reported a significant increase in the use of counterfeit documents designed to provide convincing certificates of identification, ownership and origin. These documents are used to support a variety of fraud-and deception-related activities, such as the opening of bank accounts (for money laundering, tax evasion and fraud), obtaining personal loans (identified by the Australian Bankers' Association as a "particularly worrying trend"), securing hire purchase agreements, and supporting documentation for stolen cars and other property. Documents commonly counterfeited include drivers licences, birth certificates, council rate notices and foreign passports. Technology is expected to continue to facilitate a widening variety of such fraud and deception scams for at least the next few years.

Currency

Traditional paper currency in Australia had long been subjected to an increasing level and sophistication of counterfeiting (especially of $100 and $50 notes). The introduction of polymer technology has substantially reduced the incidence of both casual and professional counterfeiting. However, recent cases have suggested that criminal enterprises adapt quickly to new challenges. Good quality copies of polymer notes have been detected in Australia that reflect a high level of skill, the use of sophisticated equipment and a degree of organisation.

One particular concern of both law enforcement and the Reserve Bank of Australia is the trend towards a reducing level of human interaction in the currency chain. Counterfeit currency has been typically detected at the point of sale or transfer of ownership. However, machines are gradually replacing tellers and change booths at clubs and casinos in Australia. Currency counterfeiting is not expected to disappear with the replacement of our paper notes with polymer film. It will, however, reduce the level of casual counterfeiting to the lower end of the copy quality spectrum, but is unlikely to eliminate the determined and professional counterfeiter with access to advanced technology.

Plastic payment cards

The counterfeiting of plastic payment cards is an organised criminal enterprise that crosses national boundaries and is having an increasing impact on card issuers and manufacturers, merchants and users in Australia. Both of the major credit card consortiums in Australia, Visa and MasterCard, report a trend towards a growth in the incidents of use and level of sophistication of counterfeit payment cards in Australia. This is a major motivator for card issuers and manufacturers to move to chip card technology. The high quality of copying also makes detection extremely difficult at the point of sale. The author of a recent report on plastic card fraud in Australia has predicted that sophisticated counterfeiting operations based in Asia will have an increasing impact on Australia over the next five years. By the end of this period chip cards are expected to have achieved a level of market penetration in Australia and to be replacing the older magnetic strip technology. This transition to chip card technology may create a new set of challenges for law enforcement.

Intellectual property

Counterfeiting, once limited to illegal copies of brand-name consumer goods, now occurs in such products as pharmaceuticals, agrichemicals and aircraft parts. In Australia the trafficking in pirated products has increased over the past five years and there are indications that Australian counterfeiters are becoming more organised and sophisticated in the production, transportation and distribution of counterfeit products. There have also been a number of investigations by Commonwealth law enforcement agencies that have either identified or suggested a connection between intellectual property offences and other crimes. The numbers of intellectual property-related (IPR) counterfeiting offences reported to Australian law enforcement agencies are likely to continue to escalate over the next five years. This may coincide with an increasing reluctance by state and territory police forces to deal with the issue. Consequently, Commonwealth law enforcement agencies may be required to devote more resources to IPR protection.

Sexually related commerce

Without exception all state/territory computer crime squads reported a large increase in the investigation of complaints concerning pornography, especially child pornography, over networks (such as the Internet) in the past year. Some units described this trend as their major problem area and representing the fastest growing single area of computer-related crime. In part, the increasing visibility by law enforcement of pornography over networks relates to media reporting and a vocal element of the public perceiving the Net as a medium for ‘terrorists and pornographers'.

It also, however, may suggest a trend towards the emergence of new criminal enterprises that consist largely of ‘intelligent, young entrepreneurs who are familiar with the capabilities and potential of computers as a tool for sexual commerce'. The jurisdictional, identification and detection problems experienced by law enforcement in investigating these offences means that they are usually resource intensive and protracted enquires. Sexually related commerce over networks is likely to increase significantly in the medium term. While this is primarily an issue for state authorities, the use of Australia's telecommunications infrastructure for the transmission of offensive and/or illegal material provides Commonwealth law enforcement agencies with jurisdiction.

Gambling

The Internet and globalisation have combined to facilitate the proliferation of new forms of transnational gaming. There are hundreds of sites on the Net providing a wide range of gaming and betting opportunities. Many of the technical and security issues surrounding on-line gaming have been overcome, although the graphic-intensive home pages tend to be frustratingly slow. Australia can expect a rush of new sites. Some will be legal and an integral part of cable TV packages. Others will remain more sinister and operate out of offshore tax haven countries such as Antigua in the West Indies.

On-line gambling raises a number of issues for regulators. Some of these issues are legal, such as who has jurisdiction for Australians playing games offshore? Another problem is one of poor regulation leading to fraud; not all Internet gaming operators are honest merchants. The most vexing problem for the regulators, however, especially at a state level, will be how to prevent on-line gambling from eroding existing government revenues from legal gaming.

There are two clear implications for law enforcement from the emerging on-line gaming environment. Firstly, there are no specific laws in Australia covering offshore gambling: we will likely have to rely on existing telecommunications and consumer protection laws, as well as laws governing frauds. And secondly, the difficulties already experienced in investigating any cyber-based criminal activities (those of jurisdiction, evidence collection, intelligence gathering, etc.) will apply equally to these illicit ventures.

Gathering of tactical intelligence

The impact of a number of the emerging telecommunications and computing technologies on crime is at its early stages. However, there is a growing concern among law enforcement and national security agencies that one unintended consequence of the widespread adoption of these technologies will be the further erosion of our tactical intelligence gathering abilities. These concerns include the following technologies.

Encryption

Notwithstanding the efforts of the USA to slow the development of commercial encryption systems, powerful algorithm-based programs are widely available to Internet users. Additionally, companies outside of the USA are already moving to fill the void — several European and North Asian software developers are marketing strong encryption products.

One specific concern of law enforcement and intelligence agencies is that the proliferation and use of robust digital encryption technologies will undermine legitimate attempts by government agencies to gain intelligence vital to criminal investigations. ‘Encryption can also delay investigations, increase their costs, and necessitate the use of investigative methods which are dangerous or invasive of privacy.' The use of encryption by criminals in Australia is increasing, albeit of a low base.

Encryption systems will be increasingly exploited by criminals to defeat law enforcement interception and decrypting capabilities. Such use will parallel the adoption of encryption within the wider Australian community, although there will be cases of the better informed and more technologically sophisticated criminal becoming an early adopter of such technologies.

Anonymous digital cash

A variety of digital cash schemes are either under development or actually operating in Australia today. These schemes relate to both smart card and software-based systems such as Mondex, DigiCash, QuickLink, Transcard and Visa Cash. Some schemes allow financial transactions to be made with complete anonymity; others allow traceability under exigent circumstances, for example, a court order.

A concern of police agencies is that total anonymity would afford criminals the ability to launder money and engage in other illegal activity in ways that could circumvent law enforcement. Digital cash is expected to achieve wide market penetration and consumer acceptance within five years.

Anonymous remailers

Using an electronic remailer, a message can be sent without the receiver ever knowing the sender's identity although the recipient is usually able to reply to and correspond with the sender of such a message. Some remailers also provide encryption services. Anonymous remailers allow people to engage in criminal activity while concealing their identities. To date, few criminal cases in Australia have involved the use of these remailers. However, law enforcement can expect remailers to be used increasingly in the future for the conduct of illegal activities over the Net.

Cyber scams

The Internet is replacing more traditional means of committing fraud because of its speed and anonymity. For example, traditional financial crimes, such as multi-level marketing frauds, pyramid schemes, investment frauds, stock manipulation, credit card frauds and copyright violations have found a new medium on the Internet. The Net provides an ideal environment for swindlers: it is easy to appear legitimate; it is much easier to disguise intent and present your scheme in a positive light; some use Internet addresses that make them appear to be a real organisation; and its sheer size makes monitoring, and therefore detection, a nightmare. The number of users flocking online in recent years has also provided scammers with a greater reach for a lot less effort. Operating a fraud on the World Wide Web is also cheap and gains from a certain technological mystique. A slick, well-produced Web page can win the trust of an unwary consumer. And Australian consumers and investors are proving no exception.

The Australian Securities Commission (ASC) and the Australian Competition and Consumer Commission (ACCC) report increasing levels of deceptive practices via the Internet. These have mainly been restricted to attempts at stock price manipulation, pyramid selling schemes and other more general activities designed to mislead and deceive. Currently the level of these activities is low — with approximately only 12 incidents being reported to these agencies in the past year. However, both the ASC and the ACCC anticipate cyber scams being an area of increasing concern for regulators in the near future.

Most of the scams on the Internet are the same fraudulent schemes that existed before the advent of the World Wide Web. The difference now is the instantaneous global reach of the technology and the growing pool of prospective victims. For example, recently the European Union Bank, a bank that existed only in cyberspace, closed its virtual doors and its two Russian principals have disappeared with the bank's estimated US$10 million of share capital. This incident prompted the Bank of England to offer a warning to depositors to be wary of fraud schemes over the Internet.

Deterrence is a key issue for Australian regulators attempting to control these cyber scams. The early detection of these unsavoury business ventures on the Internet is absolutely necessary. This has certainly been the experience of the Federal Trade Commission in the USA, which regularly conducts joint web surfing days with other regulators to detect suspicious or overt scam operations.

Information warfare

The military call it the ‘fifth dimension of warfare' and define it as ‘actions to deny, exploit, corrupt and destroy enemy information systems while protecting our own information and systems'. If, however, you insert ‘competitor' for ‘enemy' you can see the application of information operations in the corporate world.

In the 1997 Computer Crime and Security Survey, Australian industry groups identified espionage, an important element of information warfare, as the second most important motivation for breaches of their electronic systems. Specific concern was expressed regarding both the existing and emerging threat from spying by domestic or foreign competitors, or foreign governments, and from electronic extortion. Additionally, confidential corporate data was one of the two most frequently attacked information types.

As more and more proprietary information is stored on networked systems, the availability, integrity and confidentiality of this information is increasingly at risk, and the difference between competitive intelligence, economic espionage and information warfare becomes simply a matter of degree. Law enforcement agencies are not immune from information warfare and must ensure the integrity and security of their records. Overseas police forces have already been subjected to information warfare attacks that have highlighted the potential risks to evidence and case intelligence.

Investigation of offences

Evidence collection is probably one of the most challenging issues facing criminal computer prosecution. All computer crimes cause special problems due to the nature of the files themselves. Computer files are easily erased, moved, or tampered with, and that makes using them as evidence very difficult. Computer forensics is a rapidly expanding field, with all Australian police computer crime units reporting this aspect of their business growing at a dramatic rate. However, it has also proved a steadily growing impediment to the prosecution of even the simplest of criminal cases. ‘Largely inexpert investigators find the complex technology and operational difficulties of obtaining computer records as evidence a complicated and convoluted subject; and equally inexpert courts find the presentation of such evidence fraught with potential challenges to its verity.'

This is already evident in financial investigations. High-speed, world-wide computer funds transfers are a facet of emerging cyberpayment technologies that add complexity to law enforcement's ability to trace criminal activity and recover illicit proceeds. Additionally, computer hackers use program code to instruct the software they use to erase itself after an illegal transfer of funds has been effected, eliminating any evidence of the transfer. The use of such programming code makes it almost impossible for law enforcement to track money moved electronically. The Australian Securities Commission has identified the main problem for them in investigating allegations of stock manipulation and fraud over the Internet as evidentiary — "getting useable and meaningful evidence".

Investigators admit that they are only catching ‘the bottom of the food chain' in relation to computer crime: the well funded, structured, informed and experienced attacker is likely to go undetected and, therefore, operates with impunity. Part of the reason for this is the absence of a ‘smoking gun' in computer investigations. The professional computer attacker leaves no traces – ‘audit records are removed or altered, access times on files modified, no damage performed against the data itself; no traces, and therefore no evidence of a crime'.

Court challenges concerning the integrity and authenticity of electronic evidence have increased noticeably in the past two years. This may be the result of people charged being more computer literate or possessing technical skills; counsel for accused people having gained computer expertise; more legal precedents having been established; and the laws not having kept pace with technological developments.

At the Second International Law Enforcement Conference on Computer Evidence, the point was made that it will be incumbent on law enforcement agencies to devise generally accepted practices, procedures, and principles for the collection and presentation of computer evidence. Our failure to develop standards could result in the courts imposing their own rules that may not prove popular among investigators.

Conclusion

Cyberspace is still in the early stages of its development but it is already transforming our world. Over the next decade, the emerging telecommunications, computing and media enabling technologies will affect almost every aspect of our lives. Crime will be no exception. Crime in cyberspace is likely to become more prevalent over the next five years. This is because of:

• a lack of general understanding as to the value of security safeguards;

• a lack of knowledge as to how to cope with the continual emergence of new security ‘holes';

• the absence of reliable quantitative data to illustrate the nature and extent of crime in cyberspace;

• the increasing commercialisation of cyberspace; and

• differences in national policies, laws and practices regarding security resulting in difficulties for law enforcement at an international level.

It is also possible that cyberspace attacks will result in a blurring of responsibilities between law enforcement, national security and defence interests, necessitating an enhanced level of liaison and cooperation.

The increasing level of use of, and reliance on computers and computer networks is clearly creating new challenges for Australian law enforcement agencies. It is a mistake, however, to believe that these problems are insurmountable. Through a process of education and coordination — at both the domestic and international levels — and through regular reviews and updates of our laws and police procedures, law enforcement can keep pace with technological advances. The key is in accepting that these new technologies are drivers of change. Only by the adoption of a strategic approach to change management in law enforcement, and preparing for the future, will we all be able to enjoy the benefits of living in the information age without leaving us unnecessarily vulnerable to high-tech criminals.

References

• Financial Times, United Kingdom, 1 April 1997.

• Dorothy Denning, Encryption and Evolving Technologies (draft), National Strategy Information Center's US Working Group on Organised Crime (WGOC), May 97, p.2.

• Neil Barrett, Digital Crime: Policing the Cybernation, Kogan Page, London, 1997, p.10.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/AUFPPlatypus/1998/13.html