Businesses wanting to protect their customers need to forge a strong relationship with law enforcement, in spite of its shortcomings.
This is according to Paul Louw, deputy director, public prosecutions at the National Prosecuting Authority, speaking at ITWeb's fifth annual Security Summit that kicked off in Sandton this morning.
His message to law enforcement was: change your approach drastically when tackling cyber crime. “Don't sit around waiting for cases to come in; don't investigate along with other cases. Make more use of intelligent, driven, proactive investigations.”
Louw said SA needs more undercover agents, to seek out those already engaged in cyber crime, and record in real-time what they're doing. “If we hope to fight cyber crime in SA, the arrest and prosecution of individuals is not the beginning of the end. We must disrupt criminal activity, seize their assets, and use this information as an investigative tool.”
Cyber crime is a serious economic offence with staggering losses, he added. However, several types of attack have yet to be seen in SA. “For example, SA has never been the victim of a denial-of-service attack, and I'm not sure if we're ready for that. We need to form a dedicated task team, permanently available, that specialises in these crimes so we can prepare for such an event and react in real-time.”
Looking at the US, Louw noted that in 2009, president Barack Obama started a 60-day clean slate review of legislation. “This was aimed at discovering how effective current legislation was, and looked at counter-measures to protect the country's digital assets. Questions posed included whether legislation leads to more bureocracy as a result of compliance issues, or does it assist law enforcement?”
This resulted in the president appointing a cyber tsar in the White House. “Where do we stand in SA? Are we really able to catch and prosecute cyber criminals?” he asked.
Internet fraud in SA, he explained, has all the characteristics of international organised crime. “People are sitting in other countries and accessing accounts of unsuspecting SA users. Since 2005 there has been a definite onslaught against SA banks by trans-national organised crime.”
Louw commented that one of his main objectives is to arrest criminals overseas with the assistance of foreign law enforcement, and that SA law enforcement is slowly building relationships with their overseas equivalents. “International cooperation against cyber crime is essential.”
Another important lesson, he said, is criminals constantly counteract the extensive security measures that are in place. It's a catch up game. “Cyber criminals employ sophisticated techniques, and it's both difficult and time-consuming to understand the threat. We need expertise and specialisation in different areas. Unfortunately, in this game, expertise becomes outdated in a very short time.
“In addition, reactive historical investigations are ineffective, cyber cases become ancient history in a week. Opportunities are quickly lost.”
The composition and approach of investigation teams is of paramount importance, he pointed out. “The FBI, for example, has cyber action teams, a computer crimes taskforce and an Internet crime complaint centre.
“Something else to bear in mind is that the approach of following the money is not always a guarantee of success. From a compromised account, the money could go in various scenarios.”
Louw said suspicious transactions should be used as an investigative tool. “There is also a new focus on bulk cash smuggling. Money mules are used to smuggle cash out the country.”
It is difficult to identify and prosecute cyber crooks, he noted. “It is easy to find and prosecute the recruiter of e-mules, but hard to identify the main criminal and arrest him behind his computer. Sting operations can easily go wrong, and often even if you arrest a criminal behind his PC, the case is based on circumstantial evidence.”
Criminals also assume various identities, posing the question of how effective border control is. Louw sees biometrics as the answer.
Another struggle that law enforcement faces, he added, is the collection of, and testifying to, digital evidence. “Digital evidence will, in future, form part of most crime scenes yet there is a widespread ignorance among law enforcement as to the correct gathering of digital evidence. There is a need for more trained experts to collect and testify on digital evidence, as it is easily compromised by poor handling. Mistakes jeopardise the case, and locally, preservation of evidence should follow international guidelines.
“Ultimately, SA law enforcement needs to establish good practices, work closely with its international counterparts, and make sure there are consequences for criminal cyber actions. They need to know there is no free ride,” he concluded.
Share
