International cyber crime police work is being hampered by data sovereignty laws, according to Australian Federal Police’s national manager of high tech crime operations, Tim Morris.
Speaking at CeBIT in Sydney this week, assistant commissioner Morris said the old idea of where soil is attached to a server “is not going to serve us well into the future”, as it slows down the process of obtaining information during investigations.
For example, he said that because a cloud server, which could contain data from overseas countries, is “attached to a bit of soil in California” this officially means that the data is held in the United States.
“For law enforcers, this means a long and convoluted process of what we call mutual legal assistance requests. These take months to process and there is no way they can keep up with a contemporary investigation that we face today,” said Morris.
Another challenge facing the AFP is what Morris called attribution. Without attribution back to an online source, he said that cyber crime investigations can’t be successful because the AFP and other agencies need to prove the source of the crime to build a successful prosecution case.
“That’s why [police] agencies talk about the importance of metadata,” he said. Metadata is 'data about data' such as the non-image-related information stored when people snap a photo on a digital camera.
“Without metadata, successful investigations can never be conducted. In our inter-connected world, if it is a rape, kidnapping or online child exploitation, without attribution back to a source it is almost impossible to get a conviction,” he said.
Morris conceded that this is a “controversial area” because of people’s concerns about privacy. “All I can offer is the policeman’s realistic perspective and that is that many investigations won’t be worth taking on.”
Cracking down on crime before it manifests
Morris said the digital economy in Australia is under threat from cyber criminals so the AFP and state police need to act now before the Internet turns into “chaos”.
Morris said the financial services and retail industry in Australia was being actively targeted by criminals, most of whom were based in Romania and Russia.
“With the Internet, you can be a victim to a criminal who is sitting on the other side of the globe who you will never meet,” he told delegates.
“As more people come online and Africa gets hooked up to the Internet, that is only going to expand. Keeping public confidence in the digital economy is vital,” Morris said.
How to present cyber security issues to the board
“In 20 years when I am long retired, who knows what the Internet will look like? It could be an orderly place or it could be chaos. It’s essential that when we look back, we can say that we had the opportunity to bring order to the Internet.”
Morris said law enforcement agencies must be an “active competitor” and “exploit technological advances” to identify offenders and arrest them.
Operation Lino
An example of where the AFP, together with international counterparts, has been an active competitor against cyber crime was Operation Lino.
This exercise involved police from 13 different countries and eventually led to 7 professional wrestlers being arrested in Romania in October 2012.
According to Morris, the Romanian wrestlers purchased malware from underground Internet forums in 2011. By using targeted attacks, they gained access to up to 500,000 Australian credit cards by defeating the security at just five retail outlets in Australia.
Approximately 30,000 of those credit cards were used for fraudulent transactions amounting to more than $30 million.
“We identified two main attacks,” said Morris. “The first was targeted port scanning of Australian Internet protocol [IP] ranges and the second was direct targeted attacks on Point of Sale [POS] locations to related support companies to obtain remote access credentials to client systems housing EFTPOS environments.”
The stolen credit card data was then used to create false credit cards enabling counterfeit transactions to be carried out in the Australia, United States, Europe and Hong Kong.
“Instead of approaching this like a traditional crime where you identify the offenders and try to assemble the evidence back in Australia, we sent the data and the evidence to the Romanian police cyber crime unit. They were able to identify the group and lock them up,” said Morris.
“This is where there is hope, ladies and gentleman, because this group was a bunch of professional wrestlers. Police investigating wrestlers, I think we can do it,” he joked.
Reporting cyber crime in Australia
To help Australians report cyber crime, Morris announced that later in 2014 AFP will be launching a national online reporting portal called Acorn.
“This will be aimed at citizens who think they have been the victim of a cyber crime and would like to report that online. Hopefully one of the by-products of Acorn will be a better look at the rates of cyber crime around Australia.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia