News (Media Awareness Project) - Grappling With Crime Wave on the Web |
Title: | Grappling With Crime Wave on the Web |
Published On: | 1997-11-01 |
Source: | Los Angeles Times |
Fetched On: | 2008-09-07 19:08:41 |
Computers: Governments, Private Firms Haven't Found Effective Strategies To
Prevent Scams.
LONDONThe Web site for the European Union Bank, the world's first
offshore bank on the Internet, offered potential depositors a tantalizing
feast: "total privacy" and "strict confidentiality" along with an
"internationally attractive interest rate offered in the milieu of a
taxfree jurisdiction."
Attractive, indeed: The 3yearold institution, incorporated on the
Caribbean island of Antigua, offered rates up to 10 times higher than those
at other banks. Millions of dollars poured in from hundreds of depositors
around the world, undeterred by a warning from the Bank of England that the
whole thing might be too good to be true.
Alas, London's stodgy central bank turned out to be right. But depositors,
blinded by dollar signs, continued investing right up until the two
Russianborn owners disappeared last August and the European Union Bank
went into receivership. Depositors who had pumped more than $10 million
into the bank were left high and dry.
British authorities cite the European Union Bank as a prime example of the
dangers that lie in wait for the unwaryand the greedywho use the
Internet for financial transactions. Bank scams are only one manifestation
of crime on the World Wide Web.
Computer hackers regularly attack the information systems of large
corporations and government agencies to commit commercial espionage, a
crime that costs an estimated $100 billion a year in the U.S. alone. Drug
cartels use international banking systems to launder millions of dollars in
illegal profits, wiring the money in and out of legitimate businesses
faster than law enforcement agencies can track it. Unscrupulous investment
services reap millions of dollars in profits from the promotion of
worthless stocks.
Crafty cyberthieves have found that they can steal a lot of money with
very little risk. FBI and bank security sources say that the average
electronic bank theft in the United States nets about $250,000 and that
only about 2% of the thieves are being caught.
Daniel Geer, an engineer for Open Market, a Cambridge, Mass., company that
provides secure business access to the Internet, told a subcommittee of the
U.S. House of Representatives earlier this year that stealing money by
computer is far safer than holding up a bank with a gun.
About 80% of the robbers with guns wind up in prison, he said, and their
average take is only about $7,500. By contrast, he cited the case of
Russian computer thieves who stole $10 million from Citibank.
Hackers are typically caught only if they become too greedy, Geer said.
"They start out stealing $1,000 a day and figure they can get away with
$2,000 a day, and they hit some figure which sets off alarm bells."
While the Internet is widely viewed as a key to expanding the global
economy, neither governments nor private institutions have found an
effective strategy for preventing an increasingly serious crime wave.
Rosalind Wright, director of the Serious Fraud Office of the London
Metropolitan Police, calls the Antigua case part of "a great army of
Internet banking services, linked with offshore banking with their layers
of secrecy through which drug money, bribes, proceeds of other major crime
and untaxed millions can be moved with ease away from the prying eyes of
the authorities."
Wright, speaking at a symposium on globalized crime at Cambridge University
that attracted more than 900 delegates from 94 countries, warned of a sharp
increase in various types of crime on the Internet.
At the same symposium, Raymond W. Kelly, undersecretary for enforcement at
the U.S. Treasury Department, said computer criminals in cities as diverse
as Palermo, Moscow, Hong Kong, Lagos, Bogota, London and New York "view
crime as a true investment and export commodity and increasingly are moving
back and forth between legal and illegal activity."
U.S. Had Early Lead in Exploiting Internet The United States seized a
substantial early lead in exploiting commercial opportunities offered by
the Internet. But Europe is fast becoming more competitive, and the
15nation European Union predicts a sharp boost from the introduction of a
single European currency in 1999.
Europe's largest telecommunications firms are already increasing their
Internet access services. Datamonitor, a research firm, reports that major
phone companies in Belgium, Britain, Finland, France, Germany, Italy, the
Netherlands, Spain and Sweden control 34% of global Internet access. Eight
of nine telecommunications companies surveyed offered some kind of online
services, and all nine planned to expand their services.
Dataquest, a U.S. market research group, reported recently that an
estimated 82 million computers worldwide will be linked to the Internet by
the end of this yearup an astounding 71% in just one year. It predicts
that the figure will triple to 268 million in the next four years.
CYBERDILEMMA: PROTECTION VS. PRIVACY
How can countries curb the illegal, unethical and unfair activities that
now increasingly pollute the global network? And thornier still, how can
they do that while protecting the privacy of Internet users?
Since the United States is the world's biggest Internet user, it is the
scene of most computer crime. It is also where the most significant
regulatory effortsand discussions about needed laws and regulationshave
taken place.
The FBI is seeking legislation giving it the authority to control
encryption technology, the datascrambling techniques that enable
businesses to protect the privacy of their Internet communications. The FBI
argues that the same technology can be used by terrorists and drug dealers
to escape detection and that U.S. encryption products should provide law
enforcement officials, under warranted circumstances, with access to "keys"
for decoding the messages.
Five House panels have recommended conflicting versions of legislation that
would overhaul U.S. encryption policy and remove stringent export controls
on encryption technology. House Rules Committee Chairman Gerald B.H.
Solomon (RN.Y.) says he won't send a bill to the floor if law enforcement
officials would have insufficient access to electronic messages.
European Commission officials oppose U.S. export controls on encryption
technology and have spurned U.S. proposals that would allow law enforcement
to monitor Internet communications between individuals or businesses.
Adair Turner, director of the British Confederation of Industries, said
British business interests became concerned only after finally recognizing
that "the technology is roaring far ahead of the legal framework" for
dealing with such issues as secrecy, encryption and data protection.
Security concerns have caused some European firms to shy away from the
Internet. An official of the British American Tobacco Co. in London said
his firm, among many others, regards every email address as a potential
access point that could be penetrated by thieves looking to steal sensitive
data.
Both the U.S. Commerce Department and the European Commission (the
executive body of the European Union) emphasize the need for laws and rules
to prevent fraud, data theft and other illegal activities. At the same
time, they stress the importance of keeping global electronic networks as
insulated as possible from laws or regulations that might hinder free trade
or the free exchange of ideas.
While governments are occupied trying to strike a balance between those two
sometimes clashing goals, online crooks are staying several steps ahead of
them as they move quickly to take advantage of the rapidly developing
communications technology.
"The drug kingpins can buy the very latest equipment and pay the best
technicians to manipulate the Internet," said an American diplomat in
London who is an expert on computer crime. "Governments are still debating
the kinds of methods, funds and resources they think should be devoted to
the problem."
Since banks and financial institutions often fail to report electronic
crimes for fear of bad publicity, there is no accurate way to estimate the
total take from Internet theft.
The San Franciscobased Computer Security Institution, in a survey of 536
companies, financial institutions and government agencies, found that 75%
reported large monetary losses, but only 17% of the computer crimes were
reported to law enforcement agencies.
The FBI estimates that computerusing thieves make off with as much as $10
billion a year in the United States alone. In the United Kingdom, the
British Banking Assn. has estimated the cost of computer fraud at $8
billion a year.
"Even the most conservative estimates suggest that both the number of
incidents and the dollar losses are staggering," said Scott Charney, the
U.S. Justice Department's chief of computer crimes.
And that does not count the cost of computer espionage, which cannot be
easily measured in dollars. In a survey of 428 information specialists with
Fortune 500 companies, the Computer Security Institution found that 42%
reported unauthorized penetration. The White House Office of Science and
Technology has estimated overall losses to U.S. businesses from foreign
economic espionage at nearly $100 billion a year.
Reports about the vulnerability of U.S. government computers have been just
as startling. Hackers have penetrated the Web sites of several government
agencies, including the Justice Department and the CIA.
Congress' General Accounting Office reported that, in 1995 alone, the
Defense Department may have experienced as many as 250,000 hacker attacks,
an estimated 64% of which succeeded.
Earlier this year the U.S. Defense Science Board's task force on
information warfare predicted that, by 2005, widespread hacker attacks by
crime syndicates, terrorists and foreign espionage agencies would seriously
threaten U.S. information systems.
The task force described current practices and assumptions as "ingredients
in a recipe for a national security disaster" and called for "extraordinary
action" on an international scale.
A U.S. Federal Trade Commission official once called the World Wide Web "an
ocean of knowledge with a few sharks in it." Along with the FBI and the
Securities and Exchange Commission, the FTC now warns that the number of
sharks has increased sharply.
U.S. MOUNTS COUNTERATTACK
The United States has mounted a belated but increasingly active
counterattack. Private, federal and state organizations have been
monitoring the Internet for deceptive ads, consumer fraud and other
unlawful activities. Private organizations are assisting government
agencies in regulatory efforts.
For example, the Council of Better Business Bureaus provides for online
filing of complaints and offers business and consumer alerts. Other
organizations, such as the National Assn. of Insurance Commissioners and
the National Assn. of Securities Dealers, have joined in the effort to
monitor the Internet for illegal or unethical activities.
The FTC, which prosecutes firms and individuals using the Internet in
violation of fraud and truthinadvertising regulations that govern other
media, has aggressively policed the network and identified new frauds.
Earlier this year the FTC unearthed a scheme involving telecommunications
marketers in emerging nations to bilk consumers around the world. Officials
said three companies based in Long Island lured online computer browsers
with promises of free pornography and then hit them with exorbitant
telephone charges to a phone number in Moldova, a former Soviet republic.
The FTC accused the defendants of running "one of the most insidious scams"
the agency had ever encountered, and a federal judge in New York ordered
the operation disbanded.
The SEC has been busy bringing legal action against con artists who bilk
investors and firms or individuals who offer unregistered securities for
sale over the Internet. In a typical stock fraud uncovered by the SEC, a
Miami businessman, Charles Huttoe, pleaded guilty to securities fraud and
money laundering in connection with an Internet stockpicking service.
Huttoe and five others were charged with reaping millions by illegally
driving up the price of shares in their firm and then laundering the profits.
Last year the SEC established an electronic mailboxthe "enforcement
complaint center"to be used by investors to report possible cases of
security fraud. "There exists a remarkable culture of selfpolicing by
Internet users who resent the intrusion of crooks and thieves trying to
exploit this new medium," the SEC said. But it said many Internet users,
fed up with those who abuse the system, are beginning to cooperate with
authorities.
In other countries, as well as in the U.S., users policing the electronic
global networks have been a big help.
But nothing is more important than ongoing efforts by governments to adopt
and enforce measures to curb fraud, theft of data and other illegal
activities, while leaving the networks as free as possible of regulations
that impinge on free trade and the free flow of ideas.
The European Commission declared in its Initiative in Electronic Commerce
that international cooperation and global consensus on policing the
Internet are essential.
Stanley Morris, director of the U.S. Treasury Department's Financial Crimes
Enforcement Network, agrees. "Most anticorruption strategies are doomed to
failure," Morris said, "unless officials learn new methods to deal with
criminals adept at using new technology."
Copyright Los Angeles Times
Prevent Scams.
LONDONThe Web site for the European Union Bank, the world's first
offshore bank on the Internet, offered potential depositors a tantalizing
feast: "total privacy" and "strict confidentiality" along with an
"internationally attractive interest rate offered in the milieu of a
taxfree jurisdiction."
Attractive, indeed: The 3yearold institution, incorporated on the
Caribbean island of Antigua, offered rates up to 10 times higher than those
at other banks. Millions of dollars poured in from hundreds of depositors
around the world, undeterred by a warning from the Bank of England that the
whole thing might be too good to be true.
Alas, London's stodgy central bank turned out to be right. But depositors,
blinded by dollar signs, continued investing right up until the two
Russianborn owners disappeared last August and the European Union Bank
went into receivership. Depositors who had pumped more than $10 million
into the bank were left high and dry.
British authorities cite the European Union Bank as a prime example of the
dangers that lie in wait for the unwaryand the greedywho use the
Internet for financial transactions. Bank scams are only one manifestation
of crime on the World Wide Web.
Computer hackers regularly attack the information systems of large
corporations and government agencies to commit commercial espionage, a
crime that costs an estimated $100 billion a year in the U.S. alone. Drug
cartels use international banking systems to launder millions of dollars in
illegal profits, wiring the money in and out of legitimate businesses
faster than law enforcement agencies can track it. Unscrupulous investment
services reap millions of dollars in profits from the promotion of
worthless stocks.
Crafty cyberthieves have found that they can steal a lot of money with
very little risk. FBI and bank security sources say that the average
electronic bank theft in the United States nets about $250,000 and that
only about 2% of the thieves are being caught.
Daniel Geer, an engineer for Open Market, a Cambridge, Mass., company that
provides secure business access to the Internet, told a subcommittee of the
U.S. House of Representatives earlier this year that stealing money by
computer is far safer than holding up a bank with a gun.
About 80% of the robbers with guns wind up in prison, he said, and their
average take is only about $7,500. By contrast, he cited the case of
Russian computer thieves who stole $10 million from Citibank.
Hackers are typically caught only if they become too greedy, Geer said.
"They start out stealing $1,000 a day and figure they can get away with
$2,000 a day, and they hit some figure which sets off alarm bells."
While the Internet is widely viewed as a key to expanding the global
economy, neither governments nor private institutions have found an
effective strategy for preventing an increasingly serious crime wave.
Rosalind Wright, director of the Serious Fraud Office of the London
Metropolitan Police, calls the Antigua case part of "a great army of
Internet banking services, linked with offshore banking with their layers
of secrecy through which drug money, bribes, proceeds of other major crime
and untaxed millions can be moved with ease away from the prying eyes of
the authorities."
Wright, speaking at a symposium on globalized crime at Cambridge University
that attracted more than 900 delegates from 94 countries, warned of a sharp
increase in various types of crime on the Internet.
At the same symposium, Raymond W. Kelly, undersecretary for enforcement at
the U.S. Treasury Department, said computer criminals in cities as diverse
as Palermo, Moscow, Hong Kong, Lagos, Bogota, London and New York "view
crime as a true investment and export commodity and increasingly are moving
back and forth between legal and illegal activity."
U.S. Had Early Lead in Exploiting Internet The United States seized a
substantial early lead in exploiting commercial opportunities offered by
the Internet. But Europe is fast becoming more competitive, and the
15nation European Union predicts a sharp boost from the introduction of a
single European currency in 1999.
Europe's largest telecommunications firms are already increasing their
Internet access services. Datamonitor, a research firm, reports that major
phone companies in Belgium, Britain, Finland, France, Germany, Italy, the
Netherlands, Spain and Sweden control 34% of global Internet access. Eight
of nine telecommunications companies surveyed offered some kind of online
services, and all nine planned to expand their services.
Dataquest, a U.S. market research group, reported recently that an
estimated 82 million computers worldwide will be linked to the Internet by
the end of this yearup an astounding 71% in just one year. It predicts
that the figure will triple to 268 million in the next four years.
CYBERDILEMMA: PROTECTION VS. PRIVACY
How can countries curb the illegal, unethical and unfair activities that
now increasingly pollute the global network? And thornier still, how can
they do that while protecting the privacy of Internet users?
Since the United States is the world's biggest Internet user, it is the
scene of most computer crime. It is also where the most significant
regulatory effortsand discussions about needed laws and regulationshave
taken place.
The FBI is seeking legislation giving it the authority to control
encryption technology, the datascrambling techniques that enable
businesses to protect the privacy of their Internet communications. The FBI
argues that the same technology can be used by terrorists and drug dealers
to escape detection and that U.S. encryption products should provide law
enforcement officials, under warranted circumstances, with access to "keys"
for decoding the messages.
Five House panels have recommended conflicting versions of legislation that
would overhaul U.S. encryption policy and remove stringent export controls
on encryption technology. House Rules Committee Chairman Gerald B.H.
Solomon (RN.Y.) says he won't send a bill to the floor if law enforcement
officials would have insufficient access to electronic messages.
European Commission officials oppose U.S. export controls on encryption
technology and have spurned U.S. proposals that would allow law enforcement
to monitor Internet communications between individuals or businesses.
Adair Turner, director of the British Confederation of Industries, said
British business interests became concerned only after finally recognizing
that "the technology is roaring far ahead of the legal framework" for
dealing with such issues as secrecy, encryption and data protection.
Security concerns have caused some European firms to shy away from the
Internet. An official of the British American Tobacco Co. in London said
his firm, among many others, regards every email address as a potential
access point that could be penetrated by thieves looking to steal sensitive
data.
Both the U.S. Commerce Department and the European Commission (the
executive body of the European Union) emphasize the need for laws and rules
to prevent fraud, data theft and other illegal activities. At the same
time, they stress the importance of keeping global electronic networks as
insulated as possible from laws or regulations that might hinder free trade
or the free exchange of ideas.
While governments are occupied trying to strike a balance between those two
sometimes clashing goals, online crooks are staying several steps ahead of
them as they move quickly to take advantage of the rapidly developing
communications technology.
"The drug kingpins can buy the very latest equipment and pay the best
technicians to manipulate the Internet," said an American diplomat in
London who is an expert on computer crime. "Governments are still debating
the kinds of methods, funds and resources they think should be devoted to
the problem."
Since banks and financial institutions often fail to report electronic
crimes for fear of bad publicity, there is no accurate way to estimate the
total take from Internet theft.
The San Franciscobased Computer Security Institution, in a survey of 536
companies, financial institutions and government agencies, found that 75%
reported large monetary losses, but only 17% of the computer crimes were
reported to law enforcement agencies.
The FBI estimates that computerusing thieves make off with as much as $10
billion a year in the United States alone. In the United Kingdom, the
British Banking Assn. has estimated the cost of computer fraud at $8
billion a year.
"Even the most conservative estimates suggest that both the number of
incidents and the dollar losses are staggering," said Scott Charney, the
U.S. Justice Department's chief of computer crimes.
And that does not count the cost of computer espionage, which cannot be
easily measured in dollars. In a survey of 428 information specialists with
Fortune 500 companies, the Computer Security Institution found that 42%
reported unauthorized penetration. The White House Office of Science and
Technology has estimated overall losses to U.S. businesses from foreign
economic espionage at nearly $100 billion a year.
Reports about the vulnerability of U.S. government computers have been just
as startling. Hackers have penetrated the Web sites of several government
agencies, including the Justice Department and the CIA.
Congress' General Accounting Office reported that, in 1995 alone, the
Defense Department may have experienced as many as 250,000 hacker attacks,
an estimated 64% of which succeeded.
Earlier this year the U.S. Defense Science Board's task force on
information warfare predicted that, by 2005, widespread hacker attacks by
crime syndicates, terrorists and foreign espionage agencies would seriously
threaten U.S. information systems.
The task force described current practices and assumptions as "ingredients
in a recipe for a national security disaster" and called for "extraordinary
action" on an international scale.
A U.S. Federal Trade Commission official once called the World Wide Web "an
ocean of knowledge with a few sharks in it." Along with the FBI and the
Securities and Exchange Commission, the FTC now warns that the number of
sharks has increased sharply.
U.S. MOUNTS COUNTERATTACK
The United States has mounted a belated but increasingly active
counterattack. Private, federal and state organizations have been
monitoring the Internet for deceptive ads, consumer fraud and other
unlawful activities. Private organizations are assisting government
agencies in regulatory efforts.
For example, the Council of Better Business Bureaus provides for online
filing of complaints and offers business and consumer alerts. Other
organizations, such as the National Assn. of Insurance Commissioners and
the National Assn. of Securities Dealers, have joined in the effort to
monitor the Internet for illegal or unethical activities.
The FTC, which prosecutes firms and individuals using the Internet in
violation of fraud and truthinadvertising regulations that govern other
media, has aggressively policed the network and identified new frauds.
Earlier this year the FTC unearthed a scheme involving telecommunications
marketers in emerging nations to bilk consumers around the world. Officials
said three companies based in Long Island lured online computer browsers
with promises of free pornography and then hit them with exorbitant
telephone charges to a phone number in Moldova, a former Soviet republic.
The FTC accused the defendants of running "one of the most insidious scams"
the agency had ever encountered, and a federal judge in New York ordered
the operation disbanded.
The SEC has been busy bringing legal action against con artists who bilk
investors and firms or individuals who offer unregistered securities for
sale over the Internet. In a typical stock fraud uncovered by the SEC, a
Miami businessman, Charles Huttoe, pleaded guilty to securities fraud and
money laundering in connection with an Internet stockpicking service.
Huttoe and five others were charged with reaping millions by illegally
driving up the price of shares in their firm and then laundering the profits.
Last year the SEC established an electronic mailboxthe "enforcement
complaint center"to be used by investors to report possible cases of
security fraud. "There exists a remarkable culture of selfpolicing by
Internet users who resent the intrusion of crooks and thieves trying to
exploit this new medium," the SEC said. But it said many Internet users,
fed up with those who abuse the system, are beginning to cooperate with
authorities.
In other countries, as well as in the U.S., users policing the electronic
global networks have been a big help.
But nothing is more important than ongoing efforts by governments to adopt
and enforce measures to curb fraud, theft of data and other illegal
activities, while leaving the networks as free as possible of regulations
that impinge on free trade and the free flow of ideas.
The European Commission declared in its Initiative in Electronic Commerce
that international cooperation and global consensus on policing the
Internet are essential.
Stanley Morris, director of the U.S. Treasury Department's Financial Crimes
Enforcement Network, agrees. "Most anticorruption strategies are doomed to
failure," Morris said, "unless officials learn new methods to deal with
criminals adept at using new technology."
Copyright Los Angeles Times
Member Comments |
No member comments available...