|
|
TECHNOLOGY and CRIME
Highlights
Organized Crime and Technology
Technology is a fact of life in both the legitimate and the criminal
worlds and there is no question that organized crime groups use computers,
wireless phones and the Internet to communicate and to do business. Of
concern is the scope and sophistication of their use of technology and
their knowledge of law enforcement interception, surveillance and other
capabilities.
Hackers
High profile cases such as the Mafia boy investigation demonstrate the ability of hackers to manipulate web sites and to gain unauthorized access to secure computer systems and information. Hackers are increasingly well organized and highly skilled.
Hackers discuss techniques and trade software in closed chat rooms. Chat room communication gives amateur “script kiddies” or “cookbook hackers” access to powerful hacking software designed by knowledgeable hacker/programmers. In turn, this software gives them the ability to effect as much damage as sophisticated hackers.
There are indications that organized crime groups are reaching out to
individuals with specific technological skills and exploring the myriad
possibilities of new technology, including Internet-based schemes for profit
like online gambling and securities fraud.
Malicious Software Programs
Hundreds of malicious software programs are available on the Internet.
They allow individuals to control another person’s computer remotely via
the Internet if the victim can be duped into executing the program. These
tools are used by hackers to access information such as Internet account
passwords. They can then use the accounts to tunnel through the Internet
and hide their electronic trail, making it difficult for investigators
or computer security personnel to trace them. Malicious programs are extremely
dynamic and are continually being rewritten to make them ever more powerful
and insidious.
Jurisdiction
Investigators of technology-based crimes and the online sexual exploitation of children have a number of fundamental requirements in order to maintain an evidentiary trail that often crosses international boundaries. In Canada, the ISP industry is largely unregulated and no standards exist to ensure that the fundamental police requirements can be met.
Both the G-8 and the Council of Europe are addressing this issue internationally.
The Council of Europe has prepared a Draft Convention on Cyber-Crime
which is open for public consultation until December 2000. Canada participates
in both fora. Furthermore, the Canadian police and law enforcement community
and the Canadian Association of Internet providers have renewed their relationship
in order to address this and other issues of concern related to the ISP
industry.
Payment Card Fraud
Credit card fraud continues to increase at an alarming rate. In 1999, $226 million in credit card fraud was reported by Visa, Master Card and American Express in Canada. Over $123 million was due to forged credit card activity, compared with $72 million in forgery losses in 1998.
In the early 1990s, credit card forgery was largely the preserve of Asian-based criminal groups. Since then, a number of other criminal organizations, including East European-based groups, have become involved. While this is largely a function of profit, forging techniques have become simpler due to advances in technology and the forged credit cards themselves provide anonymity to users purchasing goods and services.
Desktop publishing equipment and programs continue to be used to forge credit cards and currency. Skimming is the preferred technique used to glean information from credit card magnetic strips. It involves the use of skimmers manufactured expressly for criminal purposes, which first surfaced in Canada in 1998.
Until 1999, shoulder surfing and pinhole cameras were the primary methods used to capture the personal identification numbers (PINs) necessary to exploit the debit payment card system. Last year, an East European-based organized crime group may have manipulated PIN pad devices, bypassing the encryption function and capturing cardholders’ PINs. Debit card numbers were captured, encoded onto the magnetic strips of plastic cards and matched with the correct PIN.
Since the beginning of 2000, several cases have demonstrated the vulnerability of credit card information stored on non-secure electronic commerce sites. In the US-led CD Universe case, a person hacked into the company’s web site, downloaded private customer information including credit card numbers, and threatened to release the information on the Internet unless the company paid the hacker $100,000. The hacker was reportedly traced to Eastern Europe. The media has reported Canadian links in this investigation. This case demonstrates the vulnerabilities of personal information in the largely non-regulated electronic commerce industry and the need for strong security to promote and enhance trust in electronic commerce and electronic service delivery.
Outlook