Lessons from a Foreign

The Singapore Police Force's top-flight Computer Crime Unit benefits from training, funding and a management-level commitment to the squad.

by / October 31, 1998 0
Computer crime is not limited to the United States. I frequently hear about computer crime issues from faraway places like Europe, Asia and Australia. Technology-related crimes are a worldwide problem.

The Information Age has arrived and, of necessity, it has helped to bring international law enforcement agencies closer together. Because of the popularity and international recognition of the Internet, computer crimes recognize no boundaries. The Internet has changed the way the world does business, and crime usually follows the money.

As recently as five years ago, the Internet was used primarily for communications between universities, research facilities and technology firms. Today, the Internet plays an important role in international commerce, a role that becomes more important as each day passes. Expensive long-distance phone calls have been replaced by e-mail, and advertising has expanded from the pages of magazines at the newsstand to Web pages.

This transformation has taken place quickly, and keeping up has been difficult for law enforcement agencies. In years past, state and local law enforcement agencies' concerns were limited to crimes committed in their jurisdictions. When a crime crossed state lines or international borders, federal law enforcement officials were called in to assist. But it doesn't work that way anymore.

Today, state, county and municipal law enforcement agencies have to deal with crimes committed against their residents from locations throughout in the world. Financial frauds are committed daily over the Internet, and children are fair game for sexual predators in electronic chat rooms. The same individuals often exchange child pornography via e-mail and Internet news groups. Such crimes are more frequently than not investigated by local law enforcement agencies. As a result, when interstate or international boundaries are involved, cooperation between jurisdictions becomes vitally important.

Tools of the Bad Trade

In recent years, several new technologies have evolved into tools for criminals. In the old days, the crooks used computers to track their ill-gotten gains and to record their memoirs. A few brave hackers tried to crack the security on government computer networks. Now, state-of-the-art desktop publishing is one of the primary tools of counterfeiters. Stolen goods are fenced over the Internet. Computer records used in embezzlement are now destroyed when the crime gets close to discovery. Commercial software is pirated from manufacturers and sold as the genuine product in makeshift retail stores or from clandestine Web sites. Stolen or defective computer chips are also offered over the Internet.

Innovative new forensic software tools and methodologies are helping law enforcement agencies deal with online crime, but without the international cooperation of law enforcement agencies, technology-related crimes can be difficult or impossible to investigate.

International cooperation

I recently conducted a three-day training session for the Singapore Police Force. The topic was computer forensics, and after spending a week with its Computer Crime Unit (CCU), I quickly learned that the officers are dealing with the same types of problems we have in the United States. I also learned that cops are basically the same everywhere. The Singapore students were top-notch detectives who also knew a lot about computers and computer crime.

My training partner, Joe Enders, and I conducted the training session at the CCU office, where we found a number of similarities between computer crime units in the United States and in Singapore. However, in some ways, the Singapore police force is ahead of many U.S. law enforcement agencies, and could easily be used as a role model for the creation of a computer crime unit.

Singapore is small -- mostly just one city of 2 million residents. When the CCU is compared to U.S. law enforcement agencies of similar size, some interesting differences are noted. Obviously, differences exist between our laws and theirs, e.g., there are no privacy laws in Singapore. Its criminal-justice system does not involve the jury process. Criminal trials are decided by a judge, and the legal system is swift. Given this, you would think that the Singapore police would devote fewer resources to computer crime than U.S. departments. We were surprised to find the opposite to be true.

Management has devoted considerable resources to its computer crime unit, and considers computer skills and education when recruiting personnel for the unit. Though the unit is only a year old, I was impressed because it is staffed with several experienced investigators, and the unit already has some solid case experience.

Noticeable Differences

It has been my experience that many computer crime units in the United States were created without a management plan tied to technology issues. Some computer crime units got their start with minimal management support and funding. They were created out of necessity, as a reaction to the reporting of a technology crime in their jurisdiction. These units have typically been staffed with part-time personnel who have other primary duties. In this situation, training is usually not a priority, and it is difficult for computer specialists to stay current with advancing technologies.

This is not always the case. I know of some computer crime units in the United States that are cutting-edge, and they are properly staffed and funded. The Oregon State Police Computer Crime Unit is one that stands out.

The main point about the computer crime unit in Singapore is that it was formed as part of a master plan created by management, who made it a priority to adequately staff the unit with seasoned full-time investigators. We also found it interesting that the percentage of staffing in Singapore's CCU appeared to be almost double that of most computer crime units in the United States.

U.S. law enforcement management might want to take notes on creating a computer crime unit. The Singapore police management team visited several computer crime units and private firms throughout the world before making any final decisions. The management approach was smart, well-planned and adequately funded. I strongly recommend this team as a point of reference for any agency contemplating the creation of a computer crime unit. In exchange, we might be able to help them deal with computer crime issues of mutual interest.

Problems associated with computer crimes in Singapore are similar to those in the United States. They have a difficult time working undercover on the Internet. The reason for this is that crooks are aware of jurisdictional boundaries. They know that the odds of getting caught are higher if they deal over the Internet with people in their own country. International crimes committed over the Internet provide a greater level of safety. This situation makes it particularly difficult for law enforcement in Singapore, where there are very few Internet service providers, and all of them are easily identified as being Singapore-based. A smart crook will only communicate with parties in another country.

As a result, Singapore police often seek the assistance of law enforcement agencies in other parts of the world to follow up Internet leads. The same problem exists in Hawaii, because the few Hawaiian Internet providers are also easily recognized.

It will take time, but cooperation between law enforcement agencies on a worldwide basis is very important in dealing with computer-related crime.

Michael R. Anderson, who retired from the IRS's Criminal Investigation Division in 1996, is internationally recognized in the fields of forensic computer science and artificial intelligence. Anderson pioneered the development of federal and international training courses that have evolved into the standards used by law enforcement agencies worldwide in the processing of computer evidence.

He also aided law enforcement agencies in 16 countries to process evidence and to aid in the prevention of computer theft. He continues to provide software free of charge to law enforcement and the military. He is currently a consultant. P.O. Box 929 Gresham, OR 97030.

|
November Table of Contents