International
Cooperation in
Cybercrime
Investigations
Albert Rees
Computer Crime & Intellectual Property Section
Criminal Division, U.S. Department of Justice
Computer Crime & Intellectual Property Section
Romanian agents discover attack came from Vancouver
Canadian agents make the arrest Argentinean investigators discover attack came from
Bucharest
A Criminal
Intrudes into a Bank in
Bangkok
Thai investigators discover attack came from computer in Buenos Aires
OAS Regional Cyber Crime Workshop, April 2007
2
Computer Crime & Intellectual Property Section
The Challenges of
International Cybercrime
Investigations
• Countries must:
– Enact laws to criminalize computer abuses
– Commit adequate personnel and resources
– Improve abilities to locate and identify criminals
– Improve abilities to collect and share evidence internationally OAS Regional Cyber Crime Workshop, April 2007
3
Computer Crime & Intellectual Property Section
CHALLENGE:
Enacting Laws to
Criminalize Computer Abuses
OAS Regional Cyber Crime Workshop, April 2007
4
Computer Crime & Intellectual Property Section
The Need to Make Attacks on
Computer Networks a Crime
• “Dual Criminality” usually necessary for two countries to cooperate on a particular criminal matter
• Dual Criminality forms the basis for:
– Extradition treaties
– Mutual Legal Assistance Treaties
OAS Regional Cyber Crime Workshop, April 2007
5
Computer Crime & Intellectual Property Section
Overcoming the
Dual Criminality Divide
• Countries must agree on what to criminalize
– OAS Cybersecurity Strategy
– UN General Assembly Resolution 55/63
• Effort to do so: Cybercrime Convention
– A baseline for substantive law
• Countries must amend their laws to implement
OAS Regional Cyber Crime Workshop, April 2007
6
Computer Crime & Intellectual Property Section
CHALLENGE:
Committing Adequate Personnel and
Resources
OAS Regional Cyber Crime Workshop, April 2007
7
Computer Crime & Intellectual Property Section
Law Enforcement Needs
•
•
•
•
Experts dedicated to high-tech crime
Experts available 24 hours a day
Continuous training
Continuously updated equipment
– no longer a “flashlight and a gun”
• Each country needs this expertise
OAS Regional Cyber Crime Workshop, April 2007
8
Computer Crime & Intellectual Property Section
Solutions Are Not Always Easy
• Cyber security strategy must be formulated
• Difficult budget issues arise (even in the US)
• Requires commitment from senior officials
• Cooperation with the private sector can help
OAS Regional Cyber Crime Workshop, April 2007
9
Computer Crime & Intellectual Property Section
CHALLENGE:
Improve Ability to Locate and Identify
Criminals
OAS Regional Cyber Crime Workshop, April 2007
10
Computer Crime & Intellectual Property Section
The Problem of Locating and
Identifying Criminals
• Primary investigative step is to locate source of the attack or communication
– What occurred may be relatively easy to discover
– Identifying the person responsible is very difficult
• Applies to hacking crimes as well as other crimes facilitated by computer networks
OAS Regional Cyber Crime Workshop, April 2007
11
Computer Crime & Intellectual Property Section
Tracing a Communication
•
Only 2 ways to trace a communication:
1. While it is actually occurring
2. Using data stored by communications providers
OAS Regional Cyber Crime Workshop, April 2007
12
Computer Crime & Intellectual Property Section
Tracing a Communication
• Infrastructure must generate traffic data
• Carriers must keep sufficient data to allow tracing
• Laws and procedures must allow for timely access by law enforcement that does not alert customer • Information must be shared quickly
OAS Regional Cyber Crime Workshop, April 2007
13
Computer Crime & Intellectual Property Section
Solving the Tracing Dilemma I:
Traffic Data
• Countries should encourage providers to generate and retain critical traffic
