Mikhael Gutsaluk
Candidate of Law
Interagency Scientific-Research Center
on the Problems of Fighting Organized Crime
Fighting Cybercrimes
The problem of computer crimes has attracted attention of many foreign criminalists since the introduction of electronic computers that caused some negative consequences and aggravated the situation connected with protecting information stored in computer and their system databases. These crimes have been registered since 1958. At that time they meant the damage and plunder of computers, theft of information^; swindle or misappropriation of money^; non-authorized use of computers or embezzlement of machine time. The Stanford Research Institute has recorded those cases for a long time but they were of no special interest. By the way, in 1966 a Minnesota bank was first robbed by using the electronic computer [1].
Today all economically developed countries widely use new information technologies in industrial, commercial and banking spheres. It is explained by the fact that traditional methods do not make it possible to gain a correct understanding of a modern information flow or make a profound analysis of dynamic processes of the enterprise economic activities [2]. In its turn, it has even more aggravated the situation connected with protecting information in a reliable way. The active development of Internet technologies has introduced such new categories as e-trade, e-business, etc. Diagram 1 shows the increase in the number of Internet-users.
Diagram 1. The number of Internet-users (mln)
This process has also taken place in Ukraine, which financial establishments obtained an access to the international payment systems. The number of Internet-users in our country is still high when compared with western countries. Today they are approximately 2 million. However, it is only four per 100 persons. At present, such concrete projects as the electronic government or remote education on the base of the Internet are already discussed simultaneously with such a complex of programs as «Electronic Ukraine». At the same time significant advantages of Internet-technologies applied by an information society to conduct scientific researches, electronic business and commerce can be also used by criminals to swindle, steal or "money laundering ", etc. According to the Computer Security Institute, in the latter half of 2002 the number of hacking attacks has increased by 32 % as compared with the similar period in 2001.
The number of non-authorized penetrations into information systems has recently increased like a shot (see Diagram 2).
The Internet that became the most important information source after September 11, 2001, instantly responds to a political and economic life worldwide. On the first day after military operations were initiated in Iraq, more than 400 web sites with English and Arabian anti-war appeals were attacked. Developers of the "Iraq" computer virus sent the electronic message with an inscription “Go USA!!!” and offer to look through the latest photos made at a place of military events. As a result, many computers were infected [3].
In December 2002, the First international strategic congress “E-Crime Congress 2002" devoted to the problems of fighting electronic crimes (the author of this publication participated it) was held in London.
The National Hi-Tech Crime Unit (NHTCU) - the first in the history of Great Britain national law-enforcement organization on fighting computer crimes - took part in preparing and holding the congress.
Great Britain has spent about 25 million pounds for three years on fighting cybercrimes where 10 million - on developing corresponding departments on spots and 15 million - on creating the National Hi-Tech Crime Unit. Nearly 400 delegates from Australia, New Zealand, Korea, Hong Kong, Russia, Latvia, the USA took part in the congress " E-Crime". They represented state, commercial, scientific organizations and law enforcement bodies (in particular, GB Ministry of Internal Affairs, Interpol, Eurofloor, FBI, Russia's Department "K", Microsoft, Symantec, IBM, Sun Microsystems Ltd., VISA, MasterCard, eBay, Bank of New York, Swedbank) engaged in information security and cyber forensics.
It was noted at the Congress that the number of high-tech crimes rapidly increases. The Internet allows organized criminal groups to receive a quick profit with rather small risk to be convicted. An access to the Net makes it possible to break the law in a remote and fast way irrespective of the nationality and residence. It is easy for criminals to deceive people, hide evidences and steal property. They represent a significant threat for a critical infrastructure of the developed countries. According to the Washington ProFile news agency, the terrorist number one - Osama bin Laden - has received computer program Promis manufactured by Inslaw Inc. that allows penetrating into the US governmental information networks. In particular, FBI and CIA use programs created by Inslaw Inc. If Ben Laden really has Promis he can observe operations of the US special services, obtain secret information on strategic objects in the USA, and launder money without any problems. Besides, this software might be used by Al Qaeda to prepare terrorist attacks against New York and Washington on September 11, 2001.
William Barr, the vice-president of a group of insurance companies, has stated in his report that 90 % of organizations annually suffered from illegal penetrations into their information systems^; 80 % of them confirm financial losses^; only one virus NIMDA has caused damage of more than 1,8 billion pounds^; in October, 2002 a cyberattack within one hour put out of action 9 from 13 main computers controlling the Internet global information movement^; annually there are cases of stealing private information to the sum of above 38 billion pounds.
Therefore, taking into consideration that the electronic dependence favors committing cybercrimes, it is necessary to protect every enterprise on a national scale and throughout the world. First, fighting computer crimes provides for creating an appropriate legislative base, taking a complex of organizational measures (including a professional training) and giving a special technical support.
Ukraine's Criminal Code has Section XVI "Crimes committed by using electronic computers, their systems and networks", consisting of Articles 361, 362, 363 devoted to fighting computer crimes.
There is no doubt that the certain progress in qualifying these crimes was achieved unlike the previous Code. However in spite of Ukraine's entry into the European Community and the European Convention on fighting cybercrimes signed on November 23, 2001 where kinds of computer crimes and ways of international interaction were specified, there was a pressing need in reforming the current legislation. After all, the lack of interstate borders in global information networks is one of the basic features, which should be taken into account when preventing and fighting computer offences.
The EC Legislation Committee recommends unifying penal laws on fighting computer offences and specifying the liability for the following crimes:
-Unauthorized access to information^;
- Illegal interception of information by using technical means of computer information or through computer radiations^;
- Interference with data (their destruction, modification or concealment)^;
- Interference with a computer system by preventing its operation^;
- Misuse of devices (manufacture and distribution of equipment to commit computer crimes)^;
- Computer counterfeit (creation of false data)^;
- E-swindle (actions that result in losing others' property through the interference with computer systems)^;
- Computer swindle (interference with the work of an information system to derive economic benefits)^;
- Distribution of the children's pornography^;
- Copyright infringements.
It should be noted that the Convention also provides for the necessity of accepting some procedures on revealing and documenting computer crimes. After all, fighting computer crimes demands an essentially new methodology of pre-judicial inquiry. Item 16 specifies that each party should take legislative and other measures to give their competent bodies an opportunity to issue orders or store computer data, for example, on the movement of information that was saved by the computer system, in particular, if there are some grounds to consider such computer data especially sensitive to loss or modification.
The given questions are settled in the EU countries according to the Council Resolution on operative inquiries of law enforcement bodies concerning public telecommunication networks and services of June 20, 2001 (¹ 9194/01) and that on legal interception of telecommunications of January 17, 1995 (¹ 96/Ñ 329/01).
Though computer crimes have not been widely extended in Ukraine yet, but their cases have been already fixed. Thus, on November 16-20, 2001, Ukrtelecom with more than 700 computers and tens of servers were attacked with a virus. As a result, computers were disconnected from the Internet and the system of corporate e-mail was put out of action for some time. The damage caused by the attack made more than 1 million UAH [4]. Resonant crimes are committed against financial and bank systems as well [5]. The tendency to increase these crimes in Ukraine reminds the world one - annual increase by 2-3 times (according to Ukraine's MIA Department of Information Technologies, 680 hi-tech crimes were revealed only in 2002).
Therefore, it is required to create corresponding units at the Ministry of Internal Affairs and Ukraine's Security Service in an active way. For example, Ukraine's MIA Hi-Tech Crime Unit formed in 2001 made it possible to expose more crimes and institute more proceedings since the introduction of criminal liability for them (1994ã.) when compared with previous years [6]. However, the activity of these units should be coordinated by the special body because cybercrimes also mean an unauthorized access to sensitive information, drawing of money from plastic cards and electronic banking accounts, tax payment evasion and also use of electronic means to commit an act of terrorism.
Proceeding from the urgency of this problem for Ukraine, the Interdepartmental Organized Crime Research Center (IOCRC) at Ukraine's President based Coordinating Committee has gained a necessary experience for previous years. Thus, IOCRC employees prepared the Concept project of realizing the state policy on fighting cybercrimes. On October 6, 2000, the Governmental Analytical Commission accepted the Concept project of reforming Ukraine's laws on public information relations. Main provisions of the above documents are stated in analytical information, reports, Strategy and recommendations on tactics of fighting organized crimes and corruption, etc., applied to the Coordinating Corruption and Organized Crime Committee.
Ukraine's President Decree "On decision of Ukraine's National Security and Defense Council of October, 31, 2001 "On measures to improve national information policy and protect information in Ukraine" ¹ 193/2001 of December, 6, 2001 provides for creating the Interdepartmental Computer Crime Center (ICCC) to fight cybercrimes in an effective way.
"Supporting an offer of Ukraine's Cabinet of Ministers, I think it necessary to create the specified unit in the structure of the Coordinating Corruption and Organized Crime Committee that (according to Article 8 "On organizational and legal bases of fighting organized crimes" of June, 30, 1993) coordinates the activity of all corresponding state bodies including those fighting computer crimes. The Interdepartmental Organized Crime Research Center should be entrusted with carrying out scientific researches, making forecast analyses, collecting and processing information at the corresponding staff and financial provision".
In this connection, the activity of the corresponding Unit in Great Britain should be mentioned again. It is entrusted with fighting hi-tech organized and transnational crimes, carrying out strategic forecasts, making investigations, coordinating the activity of law enforcement bodies and developing recommendations for them.
The Unit includes four departments engaged in investigating hi-tech organized crimes and rendering the corresponding assistance for other law enforcement bodies^; conducting tactical and strategic reconnaissance and cooperating with foreign partners^; advising and assisting local and international law enforcement agencies, governmental and industrial organizations^; gathering electronic evidences to consider hi-tech crimes in court.
Finally, it should be noted that information security experts predict a prompt boost in the number of cybercrimes in the near future. According to the Gartner Company, late 2004 the economic damage inflicted by them will increase by 10-100 times [7]. In this connection, the USA and European Community are forced to take appropriate measures both at the legislative and organizational levels. In particular, the USA has recently accepted a new strategy on protecting the Internet information systems (it is scheduled to allocate about $60 billion). The European Council is creating the Information security agency. The United Nations take appropriate steps as well.
Therefore, having selected its own way of building an information society, Ukraine also should take appropriate steps to protect information that, according to Ukraine’s Constitution, is an integral part of its national security.
1. I. Revjako Computer terrorists: The latest technologies as a tool of committing crimes / Encyclopedia of crimes and accidents. - Minsk, 1997. - P.34.
2. R. Kaljuzhnij, O. Krupchan, V. Gavlovskij, M. Gutsaljuk, V.Tsimbaljuk, M. Shvets Informatization, law, monitoring (legal-organizational problems) - Ê., 2002. - 190 p.
3. http:// LIGA ONLINE. New "Iraq" virus has been created
4. Chronicle of virus attack against Ukrtelecom / http://www.ukrtel.net.
5. M. Gutsaljuk Security of banking information systems // Insurance case. - 2002. - ¹ 2 (6). - P. 68-70.
6. M. Gutsaljuk Fighting computer crimes coordinated // Ukraine's Law. - 2002. - ¹ 5. - P. 121-126.
7. http://www.interpol-assembly2001.com.
^macro[showdigestcomments;^uri[];Fighting cybercrimes]