|
| Blue uniform hackers |
Extracted from Hazimin Sulaiman, News Strait Times by Nelly |
30 Nov -0001 |
| |
THERE there is money, there is organised crime or the mob. Just like bees to a honey pot, money is such a great motivator for criminal innovation.
Even the film industries are not safe. In Hollywood, for example, mobsters tried to squeeze millions from macho martial arts action star Steven Seagal by forcing him to make more violent mob movies.
And ever since the big push towards the cyberspace economy, transitional organised crime (TOC) has caused great concern.
Dallas-based Microsoft forensics training consultant Chris Ard agrees that after the collapse of the Soviet Union, the Russian mob has been moving actively into committing new types of crime via cyberspace. This, he adds, is made easier by the fact that there are a lot of technically brilliant people in the former Socialist Republic and that the mob has the money to pay them.
Malaysia seems to have a good start in terms of legislation. However, the comprehensive set of cyberlaws such as the Computer Crimes Act 1997 and the Communications and Multimedia Act 1998 are not enough.
We need effective enforcement. Cyber criminal activity is, after all, not limited by physical borders.
In light of that, Multimedia Development Corporation (MDC) together with the Royal Malaysia Police (RMP) and Microsoft held recently, and for the first time, an intensive three-day cyber crime investigation and digital forensics workshop for Malaysian enforcement officers.
The participants and presenters came from the RMP, Attorney General?s Chambers, Bank Negara Malaysia, MCMC, Niser and Microsoft ? the participants were a mix of the well-versed seasoned cyber-enforcement personnel and newbies to cyber crime detection.
The scenarios discussed in the workshop sessions had exposed participants to some highly complicated cyber criminal activities using botnet attacks and phishing scams, yet to be seen here.
In the open final evaluation discussion of the three-day event, a participant said that the workshop made him realise that an investigation can be continued even after the electronic evidence in the form of files or folders are deleted and emptied from the Windows recycle bin as those files can still be retrieved.
Investigating officers will now have to find ways to retrieve such evidence and not have the case dismissed due to lack of evidence or a break in the chain of evidence custody.
RMP?s cyber and multimedia investigation branch deputy superintendent Mahfuz Datuk Abdul Majid mentioned that, relatively speaking, the cyber crimes committed in Malaysia are not as complicated compared to those found overseas.
Cyber crimes prosecution, he adds, also depends on the evidence collected, as initially it could be investigated under the Computer Crimes Act but later changed, due to its seriousness, to investigation under the Criminal Penal Code.
In retrospect, it might be true that the cyber crimes are less complex. But Malaysian criminals have been known for their uncanny resourcefulness of getting around security protocols.
Malaysian criminals have been nabbed across the globe for complicated and advanced credit card cloning and fraud scams. Chip-based credit cards will only slow them down.
Already, there are phishing scams and other cyber crime activities being investigated in Malaysia.
Trying to outpace and outclass the criminals would require the local enforcement to start thinking like cyber criminals ? by being proactive cyber criminal-pretenders.
The non-physical trail of the cyber criminal is a harder one to track. Billions can be stolen undetected and the norm of coming up with solutions after something bad has happened will not reflect well of the Malaysia to the world.
Cyber criminals are already using whatever freely available resources to commit crimes.
Microsoft, Internet safety and anti-counterfeiting, regional manager Anthony Fung, who has served 13 years in the Hong Kong Police Force and responsible for its development of the computer crime lab, observes that cyber criminals are making use of the third party solution and resources on the Internet.
The criminals, he believes, are also hiring tech people. For example, chatrooms are used to sell credit card numbers and free form-information harvesting engines like FormMail help in creating phishing sites.
Technically more advanced Cross Site Scripting (XSS) attachments have also been discovered in Web sites which infect and compromise your PC by fooling you into logging into a legitimate looking Web sites.
Stenography, an advanced form of encryption technology used by the military, is also being used to cover tracks of criminal activity.
All this means that we need experts who are capable of thinking like the cyber mob driven by fast money. They need to be more than just computer security experts who know how to perform system penetration tests.
They need to be more aware on how to use the vast Internet resources for criminal gain in order to prevent such activity.
In the recent past, famous hackers and even the great conman Frank Abagnale Jr (of which the bio-pic Catch Me If You Can is based on) have been caught, turned and recruited to aid law enforcement to understand the criminal mind.
In summary, Fung mentioned that based on his law enforcement experience, it was essential to look at ?how the private sector can facilitate investigations and also how and where criminals are involved?. This requires more than reading logs and examining netbots.
This means that the public, private sector and banks, with pride and embarrassment issues aside, will have to report any incidence that they suspect as having cyber criminal involvement. Only then can the enforcement agencies learn more about how the criminals work.
Once a pattern has been established, a trained cyber enforcement officer can deduce what other scams and criminal activity can be committed.
MDC?s capacity development division vice president Ng Wan Peng summed it nicely by saying, ?The responsibility for a safe and conducive environment is not the sole responsibility of the government only.? |
| |
| |
|
