Inter-jurisdictional Cooperation:
A Case Study on Cyber Crime
By Eric Green
MARK BEAVER, a 48-year-old resident of Salt Lake City, Utah, concocted what he thought was the perfect scheme to make some easy money: he offered, on the Internet, non-existent tickets to the 2003 U.S. college national championship football game between Ohio State University and the University of Miami in Florida.
As reported by the Salt Lake Tribune, Beaver used the Internet auction site eBay to charge buyers half the ticket price in advance. The buyers were told they could retrieve their tickets in person at a business site outside Phoenix, Arizona, where the game was being played. But when the buyers-some of whom paid more than $4,000-arrived at the business site to pick up the tickets, no one was there.
Eventually, law enforcement authorities in Utah finally caught up with Beaver. The Salt Lake Tribune reported that he now faces three second-degree felony counts of communications fraud and, if convicted, he could spend up to 15 years in jail on each count. According to the Tribune, the case involved more than 90 victims who paid a total of $202,300 for the tickets.
Unluckily for Beaver, his scam captured the attention of one of the new units being formed in the United States that specifically target crimes committed on the Internet. Under the direction of State Attorney General Mark Shurtleff, Utah has created a cyber crime task force which works in partnership with federal, state and local law enforcement agencies to crack down on crime in cyberspace, a fast-growing worldwide threat with ramifications that extend to global terrorism.
|
Attorney General Shurtleff quotes the U.S. General Accounting Office as estimating about 750,000 Internet fraud complaints nationally in 2002, at a loss of over $1 thousand-million. That number contrasts with 31,000 Internet fraud complaints in 2000. In Utah alone, Shurtleff's cyber crime unit received about 1,000 complaints last year, which amounted to $3.5 million in losses. From January-May 2003, 617 complaints already had been received. On a global scale, the research firm Gartner, Inc., reports that 7 million people experienced some type of identity fraud in 2002.
Shurtleff acknowledges that even one person with evil intent can cause untold millions of dollars in damages. Such was the case with the British citizen who in 2002 broke into 92 U.S. government computer systems, resulting in a $900 million loss. One of the most notorious instances of this illegal practice known as "hacking" was the spread of the so-called "Love Bug" virus, which occurred when students in the Philippines broke into computer systems worldwide in 2000 and caused $8.7 thousand-million in clean-up costs. This case demonstrated the need for international cooperation against cyberspace crime because the Philippines has no laws against such practices, Shurtleff adds.
Three other cases have also proved costly. The recent "Blaster Worm" which is not a virus, but a "worm," enters computers from the Internet, attacking recent versions of Microsoft Windows operating systems. The worm does not destroy files but reprograms a computer to spread the worm to other users, and shuts down operating systems automatically. According to the Washington Post, "Blaster" cost businesses "as much as $329 million worldwide" in just a single day. It also brought businesses to their knees. The Motor Vehicle Administration in the state of Maryland, which is responsible for issuing drivers' licenses, had to shut all their offices for almost two days. In 2001, the "Code Red Worm" cost $1.1 thousand-million, while the "Melissa virus" in 1999 cost $80 million in clean-up expenses, Shurtleff noted.
Fighting Cyberspace Crime in the U.S.
When he assumed his present office several years ago, Shurtleff said one of his top priorities would be to fight cyberspace crime. "We didn't feel enough was being done on the state level to combat what we knew to be one of the fastest-growing types of crime in the world today," Shurtleff says. In response, his office created the Utah Cybercrime Task Force (UCTF), which works in partnership at the national level with several U.S. government agencies, including the Department of Defense and the Federal Bureau of Investigation (FBI), the Salt Lake City Police Department, and other state and local agencies.
The FBI has created-in partnership with the National White Collar Crime Center-the Internet Fraud Complaint Center (IFCC), to address fraud committed over the Internet. Begun in 2000, the IFCC provides a central repository for complaints related to Internet fraud, works to quantify fraud patterns and provides statistical data of current fraud trends.
The IFCC's 2002 Internet Fraud Report announced that its web site received more than 75,000 complaints in that year alone. These complaints included auction fraud, debit/credit card fraud, computer intrusions, unsolicited e-mail known as "spam" and child pornography. The total dollar loss from all these referred cases of fraud was $54 million in 2002, up from $17 million in 2001, with a median dollar loss of $299 per complaint. The IFCC has stated that among all perpetrators, nearly four in five were male and half resided in five U.S. states-California, New York, Florida, Texas and Illinois. While most perpetrators were from the United States, they also came from such countries as Nigeria, Canada, South Africa and Romania.
Another jurisdiction which has launched a cyber crime unit is the attorney general's office in Washington state. That office has formed a partnership with federal and state authorities known as the Computer Law Enforcement of Washington (CLEW).
Washington state Attorney General Christine Gregoire, who was a co-founder of the unit, says that the Internet, "which holds so much promise for e-commerce, entertainment and research, also has a dark side inhabited by child molesters, con men and hate-mongers." Gregoire also says the CLEW partnership seeks to expand law enforcement's ability to investigate and prosecute online crime, since it often cuts across geographic boundaries, making the crimes difficult to track. The Internet "does not recognize state or even national political boundaries, so cooperation between law enforcement is imperative," she adds. "It is our goal to make this state an unsafe place to commit crime over the Internet."
Michigan is another state with a specialized cyber crime division, established in May 1999 under the state attorney general's office. According to an official from the state's six- person "High-Tech Crime Unit," Michigan investigates any crime involving computers, including fraud and child pornography. He also says that Internet fraud is a "large enough problem in Michigan where it's gotten the attorney general's notice, obviously." The official cited identity theft as a particular problem in his state, which involves the cyber criminal taking over a victim's identification in order to make purchases over the Internet through bogus credit cards or through a credit card number.
In other cases, cyber criminals will trade information about a consumer and take on the "persona" of the victim to purchase items over the Internet. The High-Tech Crime Unit official recalled the especially egregious case of a Michigan college student who sold credit card information to anyone who wanted to buy it.
Meanwhile, Shurtleff, the Utah attorney general, says cyber crime has become a big problem because of the "large number of computers throughout the world, involving 100 million people or more." America Online (AOL), by itself, has more than 60 million subscribers, he adds. The great growth in commerce on the Internet gives criminals a large pool of potential victims, "and there is a big victim-pool out there."
Senior citizens are especially vulnerable to exploitation by cyber criminals, Shurtleff explains. Many seniors are just learning how to use the Internet, which they find convenient for shopping at auction houses such as eBay. However, their lack of experience on the Internet makes them vulnerable and "criminals know that," he says. When he visits senior citizen centers where computer labs have been built, Shurtleff says he makes a special effort to teach elderly people how to safely use the Internet.
Ensuring International Cyberspace Security
Recently, Shurtleff was appointed by the National Association of Attorneys General to be its representative to the International Association of Prosecutors. His goal in working with the international group is to establish contacts with prosecutors worldwide on cyber crime.
The international group of prosecutors held an August 10-14 conference on terrorism in Washington, D.C., which included a special session on investigating and prosecuting cases of terrorism involving use of the Internet.
That meeting followed on the heels of a July 28-29 conference in Buenos Aires, Argentina, where the United States joined its fellow members of the Organization of American States (OAS) to begin developing a unified Western Hemisphere strategy for ensuring security on the Internet.
The Buenos Aires conference featured discussion of a resolution introduced by the United States and approved by the OAS for building an inter-American strategy against threats to computer information systems and networks. The U.S. resolution called cyber security an "emerging terrorist threat." OAS Secretary General Cesar Gaviria said that given the international scope of the problem, "mutual judicial cooperation and assistance are vital to prevent, pursue and punish" Internet-based crime.
"A computer keyboard can be a very useful tool for the progress of humanity," Gaviria said. But he added that the Internet can also become a dangerous weapon capable of producing enormous economic damages" to governments and businesses, "and even against the integrity and the life of human beings."
Shurtleff recently visited his counterpart in Israel, where the issue of cyber crime is of particular concern. In addition, Shurtleff has hosted a number of law enforcement officials from Brazil who said they intend to make combatting cyber crime a national priority. Through U.S. State Department auspices, he has participated in a digital video conference to Brazil, advising that country's law authorities on how to address cyber crime and on measures the United States is taking to stop it. He says he anticipates traveling to Brazil in the near future under the State Department's U.S. Speakers/ Specialist program, so he can consult with his Brazilian counterparts on cyber crime. At this early stage in fighting cyber crime, law enforcement officials can only hope to keep "their head above water" against Internet criminals, Shurtleff adds.
International Cooperation
"The way-the only way-we can succeed in making a dent" in fighting the cyber crime problem is through cooperation between federal, state and local authorities, and working with other nations around the world, Shurtleff says. He adds that the Love Bug case emanating from the Philippines demonstrates convincingly the need for international cooperation. Shurtleff emphasizes that countries need to adopt cyber crime laws and extradition agreements that would allow Internet criminals to be prosecuted wherever their actions have led to damage or destruction of computer systems.
The U.S. State Department, he says, has a unique role to play in assisting and encouraging nations worldwide to pass their own laws to stop computer crime. The Department, he says, also could help countries to adopt laws permitting extradition or to strengthen existing laws on extradition in order to track down Internet outlaws.
Tom Ridge, who as director of the U.S. Department of Homeland Security oversees President Bush's National Strategy to Secure Cyberspace, has said that to disrupt, destroy or shut down America's computer systems would mean shutting down America "as we know it." The task is an enormously difficult technological one, Ridge says, "because we must always remain one step ahead of the hackers."
Richard Clarke, formerly President Bush's special advisor for cyber security, says the U.S. government must work in partnership with private industry, which owns and operates most cyberspace systems. A public-private partnership is required, he says, to guard against possible threats from hackers, criminals, terrorist groups, and hostile foreign nations, "which might use cyber war against us in the future."
Eric Green, a writer for the Bureau of International Information Programs of the U.S. Department of State, interviewed Utah Attorney General Mark Shurtleff and others for this article.