HI-TECH CRIMINALS VS. "LO-TECH" LAW ENFORCEMENT

The legendary bank robber Willie Sutton was asked why he robbed banks. His answer, "That's where the money is." So, when one might ask a hi-tech "entrepreneur" who is making millions by using his technology to steal, defraud, spy otherwise cause loss, anger, and embarrassment, why he does what he does. And the answer would be the same. In the 21^st century, that's where the money is. Global criminal activities operated and engineered by people well versed in the latest technological products and services are outwitting much of law enforcement because they have specialized knowledge and therefore are steps ahead of law enforcement, not experienced in technology and without the necessary funds in many cases to upgrade to match the perpetrators. Not only the police and government agencies, but also the prosecution and the courts are not completely equipped to deal successfully with hi-tech crimes and criminals. Recognizing such crimes is one thing. Preventing them and seizing the perpetrators is something else.

First, an examination of the most frequent cyber crimes within the U.S.: There are so many examples to select from that only a few representative examples of different sorts of "attacks" will be listed. However, what is important to realize is this warning: "anything that is computer based can be hacked. If it is on-line, it is easier to hack from anywhere and furthermore, if the system is wireless, the exposure is greater still' (McCrie, 2008, p. 3). That is the basis for the success of hi-tech crime and criminals. Of the various cyber crimes, identity theft seems to be the most comon- and, in a way, the most "succersdsful" for the criminals: "According to the Federal Trade Commission, a 2003 study placed the annual tally of identity theft victims at 10 million. The annual cost to business was pegged at $48 billion, with victims' out-of-pocket costs estimated to be $5 billion." (Kollars, n.d., para. 35).

Stock manipulation is rather easy, as many recent and current prosecutions have deteacted. Not only the famous case of dseception by exe utives of WorldCom and Enron among others, but more recent examples of back-dating stock options to benefit company executives is easily accomplished online and, unless a law enfoprcement agency gets a tip, is seldom discovered and prosecuted.

Another growing cyber crime is getting personal and business information from key executives: "Recently, a very highly targeted phishing attack against CEOs used the pretext of a federal grand-jury subpoena to lure executives to a site hosting malware" (Antonopolous, 2008, p. 17). The cyber crime here is not merely the ingenious use of miusleading data, but that the criminal(s) are thinking outside the box. In other words, the clever cyber-criminal anticipates and avo8ids protection of the "norma" kind. As Antonopolousm (2008) explains "Companies have to predict all types of attack correctly, while attackers have to invent only one attack that is 'unexpected.' It takes enormous effort and expense to define an area broad enough to cover even most of the known threats" (p. 17). This, in essence, is an example of industrial espionage. Of course, industrial espionage is making news because of Chinese and Russian efforts to gain access to American business secrets. China is offering big bucks. One result: "A former software engineer for a telecommunications company based in suburban Chicago was indicted for allegedly stealing business trade secrets and attempting to take the documents with her to China" ("Suburban," 2008, para. 1). China is obviously not interested in buying assembly plans for Legos, but hi-tech products. They intensify their search for weak links in the U.S. who are ready to sell out their employers and country. Another example: "U.S. authorities have charged a Chinese engineer with stealing trade secrets from a Silicon Valley company, which makes military training software, and trying to sell the secrets to Asian governments" ("Chinese Engineer," 2008, para. 1). In fact, a recent article states that government agencies now claim that there is rising alarm about hi-tech espionage conducted against the U.S. by China and other countries. "The U.S.-China Economic and Security Review Commission (USCC) called Chinese espionage 'the single greatest risk to the security of American technologies'" ("Two Arrests Made," 2008, para. 8).

While there seems to be no explicit proof, there is concern that the Chinese satellites now circling the earth may very well be using some hi-tech telemetry to get information. Surelym, the U.S. "weather satellites" and other orbiting technology is doing the same thing for the U.S.

China, however, seems to be the greatest perpetrator of "hacking" computer systems in the U.S., as this report states: In 2007, the Department of Defense, other U.S. Government agencies and departments, and defense-related think tanks and contractors experienced multiple computer network intrusions, many of which appeared to originate in the PRC.

Espionage for technology is a big business now. Sometimes it is a "patriotic" effort, according to several American citizens caught in trying to take hi-tech information and give it to the Israelis. In other instances, it was a for-profit enterprise, when the leading physicist in Pakistan provided nuclear information to foreign nations, including North Korea and, probably, Iran. Russia, in commercial and political turmoil, is also active in espionage. Not only is this occurring from within Russia, but the emerging Russian "Mafya" in this country is providing more than just extortion muscle for the motherland.

So far, law enforcement is falling behind cyber-criminals. For one thing, there are so many opportunities that law enforcement simply cannot cover them all. As one report about the danger to businesses states: "Corporations are woefully unprepared to counter attempts at corporate espionage, say experts who perform vulnerability assessments designed to uncover security weaknesses. U.S. corporations lose as much as $300 billion a year to hacking, cracking, physical security breaches and other criminal activity" (Brandel, 2008, p. 36).

Just now the FBI is taking some action: "The FBI's Counterintelligence (CI) DOMAIN program under the leadership of Section Chief Tom Mahlik aims to close that gap and help America defeat illegal technology acquisitions and win the modern war of economics in which people are engaged" (McCourt 2008 16). But, gtovernment agencies are still in a trial and error stage. Even though, as describerd above, some perpetrators have been caught, there is no evidence how much hi-tech crime continues withooutr anyone in law enforcement able to prevent it.

It is interesting to note that some hi-tech surveillance- American satellites may well be prevented from assisting law enforcement. Here is one such report: "The use of data collected by military spy satellites for law enforcement, homeland security, and other civilian purposes is limited and closely controlled to protect the privacy and civil liberties interests of individuals, Homeland Security Department officials told a House oversight panel" ("Spy Satellite Use," 2007, p. 666).

The sad fact is that when one uses the phrase "hi-tech" for most law-enforcement organizations, it may mean surveillance cameras or in Miami drone planes for smuggling activities. There are computer programs for crime analysis, to be sure. But, the real ability to surveille and prevent cyber crimes still lies beyond the financial resources and the peresonal education and training of most law enforcement agencies in the United States. Law enforcement has not yet realized that it needs to enlist not "cops" or "detectives" but engineers and cyber-savvy experts who are knowledgeable about emerging technologies that are used for all sorts of crimes. Trapping a few spies here and there may make for good headlines, but the large number of cyber crimes continues. And since it is rather easy to proceed, cyber criminals are increasing faster than law enforcement's ability to find and arrest them.

The fact that Congress has passed a number of bills concerning computer fraud, and also the so-called "Patriot Act" giving the government more authority about invading what once was considered "privacy" have not really done much to prevent cyber-criminals from plying their trade.

Law enforcement agencies throughout the U.S. are strapped for their budgets. Especially with the economic downturn, budgets are cut, manpower is reduced, even recruiting is difficult because of restrictions. And, since hi-tech crime-fighting and prevention tools are expensive, they are not a priority in metropolitan areas where homicides and "low-tech" crimes make the headlines. It is the fact that local law enforcement agencies are not equipped to deal with hi-tech crimes, not only because they do not have the weponry, but because such criminal activities are not "local" but genrlly nationwide, even global.

However, in some areas in the U.S. attentioon is being paid toi training. Here is one recent example: "In collaboration with Mississippi State University's renowned Center for Computer Security Research, the Texas Cyber Security Research and Training Institute will provide data security and technology-based emergency preparedness training to law enforcement personnel" ("Texas Attorney General," 2008, para. 2).

Nevertheless, if one browses the various internet information sources and checks library stacks, one can see that Britain, for one, is far ahead in creating hi-tech task forces that actually get results, well beyond just solving identity-theft and money laundering schemes.

If law enforcement believes there are sufficient laws and knowledgeable judges to hand out guilty verdicts, they may well be misguided. The problem is that there are a number of federal and state laws for computer fraud, identity theft, music piracy and money laundering. Not that these are not serious crimes, but they pale in comparison with what cyber criminals are now up to. And, the idea of "guilty beyond a reasonable doubt" is often in the hands of a jury whose understanding of cyber crimes and the internet and high technology is limited. So, the prosecution must work doubly hard to find a means of assuring reasonable doubt and beyond in order to find some of the cyber-criminals guilty.

What is disturbing is that the government's recent budget focuses on homeland security and the so-called "war on terror" and immigration, and not on boosting the budgets of law enforcement: "State and local law-enforcement groups complain that the proposed budget cuts their funding by 75 percent" (Shapiro, 2008, para 1). The continuing worries about terrorists assembling for another attack similar to 9/11 seem to be taking the greater part of planning and budget. Terrorist are those who blow up buildings and themselves. The subjects therefore are not the sophisticated cyber criminals who have hardware similar to what the James Bond spy movies tend to show. And, as has been shown, it doesn't even take enormous expertise to break into computer networks or steal trade secrets or even national secrets.

The tens of millions lost by citizens to identity theft, the millions more lost by the theft of intellectual property and the even more millions lost by piracy of movies and music all add up to significant numbers. However, the mindset of the current administration seems to be that cyber-criminals are only stealing money and ideas; they are not killing people or threatening catastrophes. So, law enforcement agencies cannot get the anti-hi-tech protection and the devices that might help them catch cyber-criminals because there is no decent budget. If and when this war on terror ends, even then the enormous U.S. debt must be paid down. So chances for a generous budget increase for the Department of Justice and even local law enforcement agencies is slim.

The research for this essay requires some personal observations. It seems obvious that cyber criminals continue to be at least one step--often more--ahead of law enforcement. It also seems obvious that European law enforcement agencies are ahead of the U.S. in catching and prosecuting cyber criminals. They are not preventing hi tech crime, but have more modern equipment to trace and eventually nab the perpetrators. Therefore, some proposals are in order:

1) While the FBI is overly involved in the war on terror, and is now cooperating with the CIA and Interpol in that endeavor, they still have some task forces assigned to cyber crimes. However, there seems to have been far too little success. One reason, based on my research, is that there are not enough highly trained agents. Local, state and regional law enforcement agencies are similarly hamstrung because their priorities are to prepare for terrorist emergencies, in addition to the felonious activities not including cyber crimes.

2) It is obvious that more training to counter hi-tech crimes is necessary. That involves (a) recruiting, and (b) training and (c) commitment of sufficient budgets. How can these three priorities be solved?

--- More training centers need to be created similar to the one in Texas mentioned above.

--- Greater recruiting efforts need to be made, not to enlist "cops" per se, but to find skilled technicians interested in problem and crime solving in areas the average policeman does not comprehend.

--- With tax dollars at a premium, one might suggest that the leading computer giants- Microsoft, Dell, HP, among others, lead the way in funding the training centers. Other major corporations at risk for hacking and, to some degree already victimized also should cough up some dollars (tax deductible) to help train and then staff new centers for cyber-crime solutions.

3) More publicity needs to be addressed to not merely warn and alert the general public but to provide some guidance to people and corporations at risk for hackers. As shown earlier the government has already admitted to some serious hacking, and in some cases, have caught and prosecuted individuals who were engaged in both industrial and other forms of espionage.

4) More R & D by the major computer corporations is needed to find more firewalls and other protective devices. When teen-agers in Australia and San Diego have finally been caught after doing some serious hacking, it must not be difficult enough even for technology-savvy young people to get in to special areas where government and business secrets and intellectual property are stored.

Today, cyberspace is where them money is. That is why so many people are finding the expertise to steal, defraud, spy on and cause problems with computer networks. The U.S. is lagging sadly behind ending, or even easing cyber-crime.

References

Antonopolous, A. (2008, April 21). Attackers are thinking outside the box. Network World,25(16), 17.

Brandel, M. (2008, April 14). How to spot a spy: Con artists make it their job to extract sensitive corporate intelligence from unsuspecting employees. Here's how to stop them. Computerworld, 42(16), 36-37.

Suburban Chicago woman indicted for allegedly stealing employer's trade secrets bound for China. (2008). Retrieved May 7, 200, from http://chicago.fbi.gov/dojpressrel/pressrel08/apr02_08.htm

Kollars, D. (n.d.). Identity crisis: Theft of private data grows. Sacramento Bee. Retrieved May 10, 2008, from http://www.sachitechcops.org/news061205.htm

McCourt, M. (2008, March): "Keeping Up With New threats: Security

Vol. 45, Iss. 3; pg. 16-18

McCrie, R. (2008, Mar. 17): "IT Security: 'If it's computer based,

It's Hackable': Risky Pacemakers?" New York:

Security Letter Vol. 38, Iss. 6; Part 1. pg. 3

Shapiro, A. (2008, May 8)) "The Justice Department" Bush Budget

analysis NPR Radio, accessed May 8, 2008 on

www.npr.org/templates/story/story.php?storyId=7207847

"Chinese engineer charged with stealing U.S. military trade

secrets" International Herald Tribune, Dec. 15, 2006

accessed May 7, 2008 at

www.iht.com/articles/2006/12/15/business/secrets.php

"Two Arrests Made In Separate Chinese Espionage: A Department

of Defense analyst and former Boeing employee have links

to the espionage case of a former defense contractor at

Power Paragon.(United States. Department of Justice)."

InformationWeek (Feb 12, 2008): NA.

"Spy Satellite Use Limited, Privacy Protected DHS Officials

Inform House Homeland Panel" WashingtonDC: Criminal Law

Reporter Sep 12, 2007. Vol. 81, Iss. 22; pg. 666

"Texas Attorney General Greg Abbott Welcomes New Partner

In Fight Against Cyber Crime" March 24, 2008 accessed on

May 8 on www.oag.state.tx.us/criminal/an_release.php?id=2396

"Review of U.S. Report on China's Military Cyber Capabilities"

Posted on the Internet by KEA, May 3m 2008 and accessed

On: politicalhacking.blogspot.com/