Cybercrime almost impossible to control or eradicate - Troels Oerting
- Cargo Archive Stories Issue #218
- Wednesday, 03 October 2012
“There is no absolute security, that is a myth,” said Oerting, who from January will run the European Cybecrime Centre (ECC) - an offshoot of the EU’s joint police body Europol.
There already are some 3.4 billion possible Internet Protocol (IP) addresses which assign numerical labels to computers and devices connected online and that number is set to increase exponentially.
“We will soon have 4.2 billion billion billion billion billion billion billion billion addresses. And the police need to find the owners of these [if there is an investigation],” Oerting said.
He added that more than 200 billion spam emails are being sent every day and that 46 new malicious codes aimed to steal online data are being created every second.
Some (mainly Asian and Russian area) intelligence services are on the list of culprits that increasingly use the Internet to steal data to gain inside advantages on trade. Activists, hackers and organised crime also are becoming more active.
Unlike conventional crimes such as cocaine smuggling, police are often unable to trace online crimes which are committed easily, quickly and invisibly. It can be hard to distinguish between a cyber attack by a “clever” teenager and one committed by a criminal or state organisation.
The way forward, said Oerting, is to create better legal norms and public awareness and to ensure that what is illegal in the “offline world” is also illegal in the online one.
He said his new centre will combat intrusion, fraud, intellectual property theft and child sexual exploitation.
Oerting said one country he had visited has a two-year backlog of child sexpoitation cases.
The centre hopes to co-ordinate with member state authorities and other EU agencies to ensure they do not overlap on investigations.
It will post liaison officers to the European Commission and the European External Action Service as well as to EU agencies.
Oerting noted that funding remains a problem in some of the smaller EU member states where there is no budget to investigate online cross-border crimes.
“I hate to say it, but when we invite [people] to meetings about Europol investigations, half of the most critical countries don’t come. They haven’t the money to fund travel,” he said.
Meanwhile, some Internet Service Providers (ISPs), even when faced with a court order, are now asking law enforcement agencies for EUR25 for each IP address they provide.
Oerting said child sexual abuse cases can entail thousands of IP addresses. “One country couldn’t afford it, so we [Europol] paid it,” he explained.
Hiekle Hijmans, an official from the European Data Protection Supervisor (EDPS), a Brussels-based EU agency, said authorities must ensure data protection rights are respected while tackling the problem.
“The fight against cyber crime often takes place in a pro-active preventive manner by trying to link individuals who are not yet suspected of crime,” he said on the scattergun methods used by some police forces.
He pointed out that ISPs cannot be asked to carry out general monitoring of the personal information they store: “Systemic monitoring of content by the providers is highly intrusive.”
Some member states, like France, allow police to use a “legalised Trojan horse” to spy on potential cyber criminals, Myriam Quemener, a French magistrate and cyber crime expert, said.She noted that French police officers attempt to reach out online anonymously to make contact with criminals.
