Articles

Cyber-Crime: Law Enforcement Must Keep Pace With Tech-Savvy Criminals

"Today computer or computer-related crime makes up perhaps a quarter of all crimes we see," says Southern California High Technology Task Force leader.

by / January 27, 2009 0
Crime 2.0

When Henry Ford brought affordable automobiles to the average U.S. citizen in 1908, he also improved the fortunes of criminals by ushering in Crime 1.0 - technology-assisted crime.

Suddenly bank robbers and other undesirables were harder to catch, speeding away from the horse-mounted posse in their Model Ts.

It wasn't long, however, before the law caught on and equipped itself accordingly: police cars - and lots of them - which they learned to drive as well if not better than any crook.

Fast forward a century: Enter the computer and with it, Crime 2.0 - high technology- assisted crime.
The computer is the 21st-century equivalent of last century's car.

Computers and the Internet have made the criminal a better criminal, and while the law, again, is catching up, police don't have nearly enough resources and expertise to catch crooks to any meaningful extent.

 

Cyber-Crime Stats

According to the 2007 Internet Crime Complaint Center (IC3) report, 206,884 complaints were filed online for an estimated $239 million loss. However, keep in mind that experts (for once) agree that only 1 in 7 cyber-crimes are reported to the authorities or to sites such as IC3. The accurate cyber-crime figures, then, are roughly seven times higher.

Taking into account the broader impact as reported by the U.S. Government Accountability Office (GAO), various studies and expert opinions estimate the direct economic impact from cyber-crime to be billions of dollars annually. In fact, according to a 2005 FBI survey, the annual loss due to computer crime was estimated at $67 billion for U.S. organizations alone.

Yet cyber-crime is an offense that most experts agree has just begun stirring - criminals are getting smarter and better equipped, which forecasts even gloomier days to come.

 

The Cyber-Crime Challenge

How do you prepare for computer crime? How do you face this challenge?

The GAO cyber-crime report GAO-07-075 identified four major challenges in combating this epidemic:

  • ensuring cyber-crime is reported;
  • ensuring adequate analytical and technical capabilities for law enforcement;
  • working in a borderless environment with laws of multiple jurisdictions; and
  • implementing information security practices and raising awareness.

Of these four challenges, the most urgent is ensuring adequate analytical and technical capabilities for law enforcement. The other three areas are being addressed, but even if their progress lagged, they could be remedied. But without technical resources and expertise for law enforcement - without the Crime 2.0 car and skilled drivers - the remaining points scarcely matter.

 

Law Enforcement Resources

To investigate and prosecute cyber-crime, law enforcement agencies need skilled investigators, up-to-date computer forensic examiners and prosecutors with cyber-crime familiarity.

According to federal and state law enforcement officials, the pool of qualified candidates is limited because those investigating or examining cyber-crime must be highly trained specialists, requiring detective and technical skills, including knowledge of various IT hardware and software, and forensic tools.

The problem assumes its true proportion with another factor added in: Once an investigator or examiner decides to specialize in cyber-crime, it can take up to 12 months for him or her to become proficient enough to fully manage investigations, as reported by Defense Cyber Crime Center officials.

Robert Moore, author of Cybercrime: Investigating High-Technology Computer Crime, echoes this theme in his introduction: "Unfortunately while those who would abuse this new technology have been honing their techniques and improving their knowledge of how computers operate, many in the criminal justice community have been unable to keep pace.

"Few departments are staffed with individuals who are either capable of or willing to handle investigations that involve computers and highly advanced forms of technology. Even departments that are able to

find willing investigators must struggle with the never-ending battle facing most law enforcement agencies - funding."

 

Runaway Growth

Asked what percentage of crimes will be computer-related or computer-assisted 10 years from now, Lt. Amanda Simmons of the South Carolina Computer Crime Center - a well versed expert on the topic - replied that "as today's technologically savvy children and teenagers grow older, I believe there is a possibility that nearly every crime will eventually involve some high-tech piece of evidence."

Lt. Rocky Costa, who heads the Southern California High Technology Task Force and is equally experienced, concurs: "Today computer or computer-related crime makes up perhaps a quarter of all crimes we see - a percentage that is bound to increase.

"This leaves the gumshoe no choice but to move up and into the 21st century. The old-timer may arrive here kicking and screaming, but he or she has no choice but to arrive because the criminal has, and unless we do too, we will be powerless to combat this epidemic."

 

The Task Force Model

Due to limited resources and the lack of a sufficiently broad recognition of cyber-crime as a rapidly growing problem, how does law enforcement approach it?

California - which has been reasonably quick to respond to this threat - has adopted what appears to be the most logical approach: the multiagency, high-technology task force.

Costa, who is also part of the Los Angeles County Sheriff's Department, leads one of five such California task forces. "Since these task forces are partially funded by a grant that specifies we must be multiagency, you'll find members from state and local agencies, as well as from federal agencies, such as the Secret Service and the FBI," he said.

The same holds true for the South Carolina Computer Crime Center, where Simmons said her center was originally established as a partnership between the South Carolina Law Enforcement Division, Secret Service and FBI.

Apart from sharing expertise between agencies, both of them report that the multiagency approach also solves many jurisdictional issues.

 

Staffing Issues

Until local agencies have augmented staffing and come up to speed on Crime 2.0 - and can keep pace with it - the regional task force appears to be the only viable approach.

How do you add staff? What do you look for in a potential member? First and foremost: interest. If the interest is there, he or she can be trained. Competency is also mandatory, according to Costa. "They must have demonstrated good investigatory skills. They need to be technically proficient as well as a good detective in this job," he said.

More often than not, however, there's simply no one to choose from, interested or not. "The biggest challenge in working to regionalize is having the resources, the manpower. Period," Costa said. "Many agencies right now are at or just below their staffing levels, so when you ask them to commit a person to a task force, often they simply cannot spare anyone although they recognize the benefits of participation.

"Still, they must, one way or another, convince their city council or their mayor, or whoever signs the checks that they can no longer properly serve their constituents without an officer trained to handle computer crimes."
Simmons encounters the same problem in South Carolina and has taken a spread-out training approach. "We have found one way around the personnel shortage by utilizing the [National White Collar Crime Center] training programs. At this point we have scheduled them to come here early next spring to deliver four, one-week classes - one per month - which will allow the smaller agencies to get at least one detective up to speed without depleting their resources in the process."

 

Call for Action

The important point is that cyber-criminals aren't sitting still; they're probably increasing the distance between themselves and the law - beyond the yonder mountain range already. Law enforcement has no option but to catch up. And that means broad recognition of the problem, and staffing and training to meet this challenge - no matter what the budget situation.

As Robert Moore puts it in Cybercrime, "If there is to be any chance for the criminal justice field to keep pace with those who are using computers and technology to commit criminal acts, then now is the time to begin implementing adequate response plans."