DUBAI UNIFORM LAWS VITAL TO PROTECT AGAINST COMPUTER CRIMESKhaleej Times Online

22 January 2005



DUBAI — Jurisdiction over cyber crimes should be standardised around the globe to make swift action possible against terrorists whose activities are endangering security worldwide, a top cyber security expert has said.


Differences in the laws among countries prevented effective investigation against cyber terrorism, which is not bound by national boundaries, and each investigation could involve several countries, said Erik Laykin, the Director of Information and Technology Investigation, Navigant Consulting.

Laykin, who is also President of the Southern California chapter of the FBI’s Infragard, pointed out that the world today is interconnected by electronic networks. It has taken 300,000 years to produce the estimated 12 hexabytes of electronic data. This will double in two years, he said, and added: “Cyber terrorism has been increasing. International cooperation should be initiated between legislative and enforcement authorities to standardise laws for combating this type of dangerous crimes which may target lives of civilians.”

The cyber crimes reported are growing exponentially, he pointed out. In 1999, the reported cyber crimes were 9,859. The number increased to 21,756 cases in 2000, and has gone on increasing through 52,658 (2001), 82,094 (2002), and 140,000 (2004).

According to FBI estimates, just 10 to 15 per cent of cyber crimes were reported. “These crimes include financial theft, fraud and embezzlement, theft of intellectual property, system disruption, system takeover, corporate spying and breach of other privacy regulations. Criminals could have been from outside the US or who operated via countries other than their nations.”

“We need to be active against cyber terrorism to maintain integrity of social systems, stability of global economy, safety of citizens, personal privacy, intellectual property and corporate values,” he said.

The future of the global economy rests on predictable and safe management of electronic communications. The average value of corporate proprietary information loss in 2003 due to computer security breaches was $2.6 million. Some 80 per cent of information stored on industry computers is never reproduced in printed form, Laykin said.

Apart from the jurisdiction issues another major challenge investigators faced is availability of tools for cyber crime on some 400,000 web sites that are dedicated to hacking tips. There are also 440 hacker bulletin boards and millions of private IRC channels on the Internet, he said. “A cyber crime does not necessarily mean using a computer to hack in. All communication technologies could be used in cyber terrorist operations.”

The global electronic network is a culmination of 4,000 years of communications progress and has resulted in the information revolution. The information revolution means full access to all information. It produces a global information society, degrades and modifies accepted social structures. It also creates new risks, shift in intellectual property ownership philosophy, jurisdictional uncertainties, zero-day attack and response challenges, noted Laykin.

“Cyber terrorism is evolving much the same way as the information networks and technology,” he said. “It includes traditional cyber attacks, enhanced para-military operations, information warfare, corporate information espionage, technology-enhanced criminal enterprises, trade secret theft, illegal sales commissions, purchasing fraud, embezzlement, employee screening and selection concerns, intellectual property piracy and counterfeiting, inadequate security guard services, kickbacks, hardware software theft, manipulation of data.”

Major global threats of cyber terrorist operations include state-sponsored terrorism, anti-globalisation activities, mercenary hackers, cyber vandals, internal theft and corporate spying, he pointed out.

Citing some examples, Laykin referred to the railway bombing in Spain last year where cellular phones and cyber techniques were used. Data Processors international lost eight million credit cards that were compromised and their reissue cost was an estimated at $200 million. An employee of the Prudential Insurance stole customer social security numbers and tried to sell them on the web. In New York Times, a hacker compromised employee social security numbers and private customer information. Thieves stole TriWest HealthCare Alliance computers containing 500,000 names and social security numbers. A hacker stole US Navy’s source code for missile guidance system software. They also stole source code for software product under development. An angry employee of an Aerospace manufacturer created a computer bomb and the company went out of business because hard drives were erased.