Organized Crime and Cybercrime: Synergies, Trends, and Responses

[Scully@cipherwar.com]

http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile/latest&f=01081304.glt&t=/products/washfile/newsitem.shtml

Byliner: Internet Is Likely New Target of Crime, Expert Warns
(Criminal Organizations find new opportunities in cyberspace) (2850)

(The following originally appeared in the Global Issues Aug. 8
Electronic Journal "Arresting Transnational Crime.")

Organized Crime and Cybercrime: Synergies, Trends, and Responses
By Phil Williams

(Professor of International Security Studies, University of Pittsburgh
and
2001-2002 Visiting Scientist at CERT/CC, a center of Internet security
expertise at Carnegie Mellon University. Williams is also the editor
of the journal "Transnational Organized Crime" at
http://www.pitt.edu/~rcss/toc.html)

The capabilities and opportunities provided by the Internet have
transformed many legitimate business activities, augmenting the speed,
ease, and range with which transactions can be conducted while also
lowering many of the costs. Criminals have also discovered that the
Internet can provide new opportunities and multiplier benefits for
illicit business. The dark side of the Internet involves not only
fraud and theft, pervasive pornography, and pedophile rings, but also
drug trafficking and criminal organizations that are more intent upon
exploitation than the disruption that is the focus of the hacking
community.

In the virtual world, as in the real world, most criminal activities
are initiated by individuals or small groups and can best be
understood as "disorganized crime." Yet there is growing evidence that
organized crime groups are exploiting the new opportunities offered by
the Internet. Organized crime and cybercrime will never be synonymous.
Most organized crime will continue to operate in the real world rather
than the cyberworld and most cybercrime will be perpetrated by
individuals rather than criminal organizations per se. Nevertheless,
the degree of overlap between the two phenomena is likely to increase
considerably in the next few years.

Organized Crime and Cybercrime

Organized crime is primarily about the pursuit of profit and can be
understood in Clausewitzian (1) terms as a continuation of business by
criminal means. Consequently, just as brick-and-mortar companies move
their enterprises on to the Worldwide Web seeking new opportunities
for profits, criminal enterprises are doing the same thing. Criminal
organizations are not the only players in illicit markets, but they
are often the most important, not least because of the added
"competitiveness" that is provided by the threat of organized
violence. Moreover, criminal organizations tend to be exceptionally
good at identifying and seizing opportunities for new illegal
enterprises and activities. In this context, the Internet and the
continuing growth of electronic commerce offer enormous new prospects
for illicit profits.

In recent years, there has been a significant increase in the
sophistication of organized crime and drug trafficking groups.
Colombian drug trafficking organizations, for example, have followed
standard business practices for market and product diversification,
exploiting new markets in Western Europe and the former Soviet Union.
Criminal organizations and drug traffickers have increasingly hired
financial specialists to conduct their money laundering transactions.
This adds an extra layer of insulation while utilizing legal and
financial experts knowledgeable about financial transactions and the
availability of safe havens in offshore financial jurisdictions.
Similarly, organized crime does not need to develop technical
expertise about the Internet. It can hire those in the hacking
community who do have the expertise, ensuring through a mixture of
rewards and threats that they carry out their assigned tasks
effectively and efficiently.

Organized crime groups typically have a home base in weak states that
provide safe havens from which they conduct their transnational
operations. In effect, this provides an added degree of protection
against law enforcement and allows them to operate with minimal risk.
The inherently transnational nature of the Internet fits perfectly
into this model of activity and the effort to maximize profits within
an acceptable degree of risk. In the virtual world, there are no
borders, a characteristic that makes it very attractive for criminal
activity. When authorities attempt to police this virtual world,
however, borders and national jurisdictions loom large -- making
extensive investigation slow and tedious, at best, and impossible, at
worst.

The Internet itself provides opportunities for various kinds of theft,
whether from online banks or of intellectual property. But it also
offers new means of committing old crimes such as fraud, and offers
new vulnerabilities relating to communications and data that provide
attractive targets for extortion, a crime that has always been a
staple of mafia organizations.

The anonymity of the Internet also makes it an ideal channel and
instrument for many organized crime activities. The notion of a
criminal underworld connotes a murkiness or lack of transparency.
Secrecy is usually a key part of organized crime strategy and the
Internet offers excellent opportunities for its maintenance. Actions
can be hidden behind a veil of anonymity that can range from the use
of ubiquitous cybercafes to sophisticated efforts to cover Internet
routing.

Organized crime has always selected particular industries as targets
for infiltration and the exercise of illicit influence. In the past,
these have included the New York City garbage hauling and construction
industries, the construction and toxic waste disposal industries in
Italy, and the banking and aluminum industries in Russia. From an
organized crime perspective, the Internet and the growth of e-commerce
present a new set of targets for infiltration and the exercise of
influence -- a prospect that suggests that Internet technology and
service firms should be particularly careful about prospective
partners and financial supporters.

In sum, the synergy between organized crime and the Internet is not
only very natural but also one that is likely to flourish and develop
even further in the future. The Internet provides both channels and
targets for crime and enables them to be exploited for considerable
gain with a very low level of risk. For organized crime it is
difficult to ask for more. It is critical, therefore, to identify some
of the ways in which organized crime is already overlapping with
cybercrime.

Major Trends in Organized Crime and CyberCrime

Organized crime groups are using the Internet for major fraud and
theft activities. Perhaps the most notable example of this -- albeit
an unsuccessful one -- occurred in October 2000 and concerned the Bank
of Sicily. A group of about 20 people, some of whom were connected to
mafia families, working with an insider, created a digital clone of
the bank's online component. The group then planned to use this to
divert about $400 million allocated by the European Union to regional
projects in Sicily. The money was to be laundered through various
financial institutions, including the Vatican bank and banks in
Switzerland and Portugal. The scheme was foiled when one member of the
group informed the authorities. Nevertheless, it revealed very clearly
that organized crime sees enormous opportunities for profit stemming
from the growth of electronic banking and electronic commerce.

Indeed, organized crime diversification into various forms of Internet
crime is closely related to a second discernible trend -- organized
crime involvement in what was once categorized as white-collar crime.
The activities of the U.S. mob and Russian criminal organizations on
Wall Street fall into this category. During the late 1990s there were
numerous cases of criminal organizations manipulating microcap stocks
using classic "pump and dump" techniques. While much of this was done
through coercion or control of brokerage houses, the Internet was also
used to distribute information that artificially inflated the price of
the stocks. Among those involved were members of the Bonnano,
Genovese, and Colombo crime families as well as Russian immigrant
members of the Bor organized crime group. As criminal organizations
move away from their more traditional "strong arm" activities and
increasingly focus on opportunities for white-collar or financial
crime, then Internet-based activities will become even more prevalent.
Since Internet-related stock fraud results in a
$10,000-million-per-year loss to investors, it offers a particularly
lucrative area for organized crime involvement.

This is not to suggest that organized crime will change its character.
Its inherent willingness to use force and intimidation is well suited
to the development of sophisticated cyberextortion schemes that
threaten to disrupt information and communication systems and destroy
data. The growth of cyberextortion is a third significant trend.
Extortion schemes are sometimes bungled, but they can be conducted
anonymously and incur only modest risks, while still yielding high
pay-offs. Indeed, this might already be a form of crime that is
significantly under-reported. Yet it is also one that we can expect to
see expand considerably as organized crime moves enthusiastically to
exploit the new vulnerabilities that come with increased reliance on
networked systems.

A fourth trend is the use of what were initially nuisance tools for
more overtly criminal activities. Perhaps the most notable example of
this occurred in late 2000 when a variation of a virus known as the
Love Bug was used in an effort to gain access to account passwords in
the Union Bank of Switzerland and at least two banks in the United
States. Although this episode received little attention -- and it is
not entirely clear who the perpetrators were -- it gives added
credence to the theory that organized crime is developing
relationships with technically skilled hackers.

A fifth trend that we can expect to see is what might be termed
jurisdictional arbitrage. Cybercrimes -- certainly when they are
linked to organized crime -- will increasingly be initiated from
jurisdictions that have few if any laws directed against cybercrime
and/or little capacity to enforce laws against cybercrime. This was
one of the lessons of the Love Bug virus. Although the virus spread
worldwide and cost business thousands of millions of dollars, when FBI
agents succeeded in identifying the perpetrator, a student in the
Philippines, they also found that there were no laws under which he
could be prosecuted. The Philippines acted soon thereafter to pass
prohibitions on cybercrimes, and other countries have followed. Still,
jurisdictional voids remain, allowing criminals and hackers to operate
with impunity. Indeed, it is possible that some jurisdictions will
increasingly seek to exploit a permissive attitude to attract
business, creating information safe havens (paralleling offshore tax
havens and bank secrecy jurisdictions) that make it difficult for law
enforcement to follow information trails, and offering insulated
cyber-business operations from which illicit businesses can operate
with a minimum of interference.

A sixth trend is that the Internet is increasingly likely to be used
for money laundering. As the Internet becomes the medium through which
more and more international trade takes place, the opportunities for
laundering money through over-invoicing and under-invoicing are likely
to grow. Online auctions offer similar opportunities to move money
through apparently legitimate purchases, but paying much more than
goods are worth. Online gambling also makes it possible to move money
-- especially to offshore financial centers in the Caribbean.
Moreover, as e-money and electronic banking become more widespread the
opportunities to conceal the movement of the proceeds of crime in an
increasing pool of illegal transactions are also likely to grow.

A seventh trend involves growing network connections between hackers
or small-time criminals and organized crime. In September 1999, for
example, two members of a U.S.-based group known as the "Phonemasters"
were convicted and jailed for their penetration of the computer
systems of the telecommunications companies MCI, Sprint, AT&T, and
Equifax. One of those convicted, Calvin Cantrell, had downloaded
thousands of Sprint calling card numbers. They were sold to a
Canadian, passed back through the United States, resold to another
individual in Switzerland, and finally the calling cards ended up in
the hands of organized crime groups in Italy. Network connections
between the two kinds of groups are likely to deepen and widen.

In addition, of course, organized crime groups use the Internet for
communications (usually encrypted) and for any other purposes when
they see it as useful and profitable. Indeed, organized crime is
proving as flexible and adaptable in its exploitation of
cyberopportunities as it is in any other opportunities for illegal
activity. The implications are far-reaching and require a response
from government that is strategic, multi-level, multilateral, and
transnational in nature.

Responses to the Organized Crime-CyberCrime Synergy

The response to the growing overlap between organized crime and
cybercrime requires a truly comprehensive strategy. There are
precedents and models for this that can be particularly helpful, even
allowing for the need to balance law enforcement and national security
concerns against such considerations as personal privacy. The key
principles that have guided the international community's responses to
transnational organized crime and money laundering can serve as one
good model.

The Financial Action Task Force (FATF), a body set up by the G-7, has
attempted to create norms and standards for governments and financial
institutions to follow in the development of laws, regulations, and
enforcement mechanisms at the national level. Although criticisms can
be made of the FATF, in 2000 it launched an effective "name and shame"
campaign that identified 15 "non-cooperative" jurisdictions whose
efforts to combat money laundering were grossly inadequate. In some
cases, the results were remarkable, leading to much more stringent
anti-money laundering programs and far greater transparency of
financial activities. While the FATF's campaign was the culmination of
a 10-year effort, it nevertheless provides an approach that could
usefully be emulated by the international community as it moves to
combat cybercrime. The Council of Europe Convention on Cybercrime,
largely supported by the United States, is the first major step in
this direction and can be understood as the beginning of the process
of setting norms and standards that national governments ultimately
will be expected to meet in their legislative, regulatory, and
enforcement efforts.

Underlying the convention approach is a fundamental recognition of the
need to harmonize national laws. In recent years, international
cooperation in law enforcement has been achieved through a series of
extradition and mutual legal assistance treaties (MLATs) that allow
governments to share information and evidence with each other. For
MLATs and extradition treaties to go into effect, however, there is
usually a requirement of dual criminality (i.e. the crime involved
must be designated as a crime in both jurisdictions). In other words,
international cooperation is enormously facilitated by convergence of
what is criminalized in national jurisdictions. Furthermore, as
pointed out by Ernesto Savona, head of the Transcrime Research Center
in Trento, Italy, the imposition of similar laws in various countries
both spreads the risks that criminal organizations have to confront
and goes some way towards equalizing the risks across jurisdictions.
In effect, the more widespread the laws, the fewer the safe havens
from which organized crime-controlled hackers (or indeed individual
hackers) can operate with impunity

Harmonization is necessary for both substantive and procedural laws.
All countries have to reappraise and revise rules of evidence, search
and seizure, electronic eavesdropping, and the like to cover digitized
information, modern computer and communication systems, and the global
nature of the Internet. Greater coordination of procedural laws,
therefore, would facilitate cooperation in investigations that cover
multiple jurisdictions.

In addition to appropriate laws, it is also important that governments
and law enforcement agencies develop the capacity for implementation
of these laws. This requires the development of expertise in the area
of cybercrime as well as effective information sharing across agencies
within a country and across national borders. Moreover, this sharing
has to go beyond traditional law enforcement bodies to include
national security and intelligence agencies. It is also essential to
create specialized law enforcement units to deal with cybercrime
issues at the national level. Such units can also provide a basis for
both formal international cooperation and informal cooperation based
on transnational networks of trust among law enforcement agents. Ad
hoc cooperation and multinational task forces can both prove
particularly useful -- and there are already cases where international
cooperation has been very effective. Indeed, successful cooperation
can breed emulation and further success.

The other important component of a strategy to combat cybercrime is
partnership between governments and industry, especially the
information technology sector. Once again, there are precedents. In
recent years, the major oil companies, although very competitive with
one another, established information sharing arrangements and worked
very closely with law enforcement to minimize infiltration by
organized crime figures and criminal companies. Government-private
sector cooperation of this kind is not always easy but it is clear
that a degree of mutual trust can make a difference. For cooperation
to be extended, law enforcement agencies have to exercise considerable
care and discretion not to expose company vulnerabilities, while the
companies themselves have to be willing to report any criminal
activities directed against their information and communication
systems.

Even if considerable progress is made in all these areas, organized
crime and cybercrime will continue to flourish. If steps are made in
these directions, however, then there is at least some chance that
cybercrime can be contained within acceptable bounds, that it will not
undermine confidence in electronic commerce, that it will not so
enrich organized crime groups that they can further corrupt and
threaten governments, and that the big winner from the growth of the
Internet will not be organized crime.

(1) Refers to the German philosopher Karl Von Clausewitz, well-known
for the maxim "war is the continuation of policy by other means."

(The Washington File is a product of the Office of International
Information Programs, U.S. Department of State. Web site:
usinfo.state.gov)




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------


----- End forwarded message -----