International cyber crime creates new challenges for US authorities
Last week, the Wall Street Journal reported that Citibank lost millions of dollars to Russian hackers and that the case was currently under investigation by authorities, an assertion that Citibank has denied. According to the article, the "threat was initially detected by U.S. investigators who saw suspicious traffic coming from Internet addresses that had been used by the Russian Business Network, a Russian gang that has sold hacking tools and software for accessing U.S. government systems."
Losses to online crime of all types exceeded $260 million in the U.S. last year, the FBI estimates. Attacks on corporations are "at an epidemic level," former White House cyber-security director Melissa Hathaway said recently.
These reports come as the FBI struggles with how to deal with international cyber crime. Over the last few years, the FBI has gone from opening only a few cyber crime cases a year to over 300 in 2008.
But as the AP points out, "[the FBI's] growing coordination with other nations, however, faces legal and political challenges posed by conflicting laws and the lack of broadly accepted international guidelines for Internet oversight."
Despite these hurdles, the FBI has set up new cyber crime offices in four countries, including Romania, Estonia and the Netherlands, and is reportedly planning on opening up more in the next year.
The U.S. Secret Service, meanwhile, is setting up an electronic crimes task force office in Rome, and adding a field office in Tallinn, Estonia, a country that suffered a major cyberattack in the spring of 2007.
While the Secret Service declined to discuss specific staffing, the agency now includes some computer training for all of its 3,400 agents. About a third of the total gets digital forensics and investigative training.
Just as the hackers allegedly infiltrated Citibank's system, most international hackers "often attack a bank on another continent by routing their breach through armies of infected computers in various nations, linked together in what is called a botnet."
However, many countries -- especially in developing nations -- do not have any laws on cyber crime, or their cyber crime laws go against free speech rights in the US. One hacker who unleashed the "Love Bug" computer virus back in 2000 had charges dismissed against him because the Philippines had no laws against cyber crime relating to his activities.
According to officials, countries in Eastern Europe, Africa and South America — including Nigeria, Brazil, Ukraine, and until recently Romania — have become burgeoning sanctuaries for hackers because of weak law enforcement.
Ulf Bergstrom, spokesman for the European Network and Information Security Agency, based on the Greek island of Crete, agreed that "we need at least to establish common privacy definitions and minimum standards so that you can effectively combat criminals."
Until international agencies can agree on effective cyber crime enforcement, US authorities will continue to struggle to bring criminals who hack into US banks and corporations to justice. The remote nature of cyber crime places new challenges in a world governed by jurisdiction and the weak laws of neighboring states.