Cybercrime poses a growing threat to companies and governments around the world, yet experts are concerned law makers and judicial systems are still not equipped to provide an adequate response.
While there have been recent high-profile apprehensions in the United States and Europe, it's feared these wins are just scratching the surface. Calls are growing for a new global approach to tackling the problem.
Executive director of the Cyberspace Law and Policy Centre at the University of New South Wales, David Vaile, said the potential financial spoils of cybercrime make it an attractive option for disaffected programmers and security specialists looking to make big money.
He said there is also evidence that it has become part of the armory of terrorist groups and others wanting to instigate high-profile attacks on financial institutions and markets.
"Why would you bother with flying a plane into a skyscraper when you could cause a crisis of confidence in the financial sector with an Internet-based attack?" said Vaile. "You don't even need to rob the banks, just cause a run on them."
One of the key challenges for law enforcement authorities is the lack of a coordinated global structure under which cybercriminals can be charged and prosecuted. To take advantage of this, some groups have set themselves up in countries with less stringent checks and controls.
A recent report by the Australian Institute of Criminology titled Future directions in technology-enabled crime: 2007-09 points to instances of "jurisdiction shopping" where offenders base themselves in countries where law enforcement is less robust and penalties lower.
"Until the process of harmonization of laws and sanctions is more advanced, disparities between countries will continue to create risks," said the report.
As well as the prospect of criminal efforts to attack financial markets, the report points to a range of other cybercriminal activities growing in popularity. They include online auction frauds, fraudulent lotteries, identity thefts and even click fraud. The report also points to an overall trend toward more semantic attacks that take advantage of the growing number of social networking sites on the internet.
"Faced with these potential developments, the design of effective policies and strategies to combat consumer fraud will become more problematic," the report warns. "When coupled with the complexities associated with apprehending suspects, obtaining convictions and imposing sizeable penalties, the deterrent effect of the law will remain limited."
One of the other challenges facing law enforcement agencies and the judicial system is figuring out exactly what sort of penalties should be imposed on cybercriminals. The task is made difficult because some of the types of crimes being committed have only existed for a relatively short period of time.
Security solutions executive with management consultancy Logica, Ajoy Ghosh, said the judiciary tends to look differently on cybercrime than it does on "real-world" crime in which technology happens to have been used.
Ghosh, who is called regularly as an expert witness in criminal cases involving IT, said this is leading to very different levels of punishment being handed out.
He said judges need to have legal precedent to guide their sentencing decisions and, while this is easy to find for real-world crimes, it often doesn't exist for cybercrime.
"Cases such as child pornography where the Internet is used have precedent from cases involving printed materials and video tapes, so sentences being handed out are on par.
"But if someone loses their credit card number or is the victim of cyber-stalking, what is the formula for figuring out what it has cost them? We are in the dark where there is no real-world analogy," he said.
To emphasize the challenge, Ghosh points to the fact that in Australia there have only ever been a handful of prosecutions for unauthorized computer system access and hacking. There have been none for virus or worm propagation.
"There is the potential for 10 to 25-year sentences, yet very rarely are the sentences more than a year and sometimes they are not even custodial," he said. "There is no easy formula for a judge to figure out what the sentence should be."
Yet, despite the challenges facing the judiciary in all countries, cybercrime continues to be solved and the perpetrators tried and convicted.
In June, 90 people were charged with allegedly downloading child abuse images over the Internet following a six-month investigation by the Australian Federal Police.
In May, a Sydney man was charged in connection with an identity theft syndicate of money laundering offenses. If convicted, he faces a maximum penalty of 20 years' jail.
Australian Federal Police commissioner Mick Keelty said criminals devote a lot of time and effort in reviewing the ways in which they can commit crimes, and the Internet provides them with a powerful new channel.
"We should not underestimate the determination of criminals to gather intelligence," he told a recent gathering of legal professionals. "Today many of them use our open court system to study methodologies used by the police and then share that intelligence. It is a real problem for us."
There's little doubt that the number and severity of cybercrime will continue to climb throughout the world. With modern economies now totally dependent on networked data and systems, the financial incentive to thwart the security of these systems is just too great.
"There is no single all-encompassing answer to responding to technology-enabled crime," said the AIC report. "In fact, countering these risks is a multi-dimensional challenge. It requires effective coordination and collaborative efforts on the part of a wide range of government and private sector entities that can occur at various levels."
Ghosh agreed, saying the only way the trend will be countered is by raising the ability of the legal system to deal with new crimes.
"You need a body of case law to deal with it," he said. "And the only way you are going to build up that body of case law is to have successful prosecutions."
Another approach is to start small and work up. UNSW's Vaile pointed to the zero tolerance approach taken in New York City, where petty crimes were tackled in the belief that a "trickle up" effect would lead to a reduction in more serious crimes. The approach worked.
Vaile said more attention should be given to policing and prosecuting things such as spam.
"I believe you would get a much safer Internet if you diverted some of the attention away from breaching every form of security in the name of tracking terrorists and strengthened things like anti-pam laws," he said. "It then becomes clear that any sort of online crime is being treated as serious."
He said the mutual respect and trust model on which the entire Internet was built demands that such an approach be taken by law enforcement authorities.
"I really suspect that major cybercrime would be much more effectively dealt with that way, rather than the current environment where spam and a lot of the abuses that go with it are effectively authorized because they are not prosecuted."
Play video
There are currently no comments for this post.