Interview with the CCRC director
Date: April 27, 2004Source: Computer Crime Research Center
What is the background and purpose of the centre and its geographical perspective?
Founded in 2001, the Computer Crime Research Center (CCRC) is an independent institute to research cyber crime, cyber terrorism and other issues of computer crimes and internet fraud phenomena. The CCRC is a non-profit organization composed of professionals dedicated to education in the field of computer crimes and cyber terrorism prevention and investigation. CCRC members represent Ukrainian and International researchers. In January 2004 CCRC became a part of World Anticriminal and Antiterrorist Forum (WAAF) in Ukraine.
Researches are carried out within the framework of the joint US-Ukrainian scientific-research program of the Computer Crime Research Center and the Transnational Crime and Corruption Center (TraCCC) at the American University, Washington, DC, USA.
The mission of the CCRC is to research and warn of unlawful acts involving computer and information technologies, including computer crimes, internet fraud and cyber terrorism. We conduct researches in fighting child pornography and pedophilia in the Internet.
We support domestic law enforcement, experts and partner organizations working on issues of fighting computer crimes. We also support foreign organizations working on computer crimes.
We conduct original criminological and legal research and compile international research on issues of computer crimes for the purpose of rendering assistance to legislators, scientific, law enforcement and information security professionals.
We conduct seminars, conferences and international symposia on cyber-crime and cyber-terrorism.
We have created a library and publish articles and research results. We contribute to the international information exchange on experience with fighting cyber crime.
We train students and experts in the fields of prevention and investigation of illegal activities perpetrated through the use of information technology.
How would you define 'cyber crime' or if you prefer computer and internet crime? Is it generally on the increase?
Cyber-crime ('computer crime') is any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them. In a wider sense, 'computer - related crime' can be any illegal behavior committed by means of, or in relation to, a computer system or network, however, this is not cyber-crime.
Cyber criminality is criminality in so called virtual space. Virtual space can be defined as fashioned with help of computer information space where data on persons, objects, facts, events, phenomena or processes are represented in mathematical, symbol or any other way and are transferred via local and global networks, or data stored in other physical or virtual device, or other carrier, designed for its storage, processing and transmission.
Cyber-terrorism is a serious threat for people that can be compared with nuclear, bacteriological and chemical weapon, but it is not fully realized and studied because of its novelty. The appropriate experience of the world community proves the doubtless vulnerability of every country especially as the cyberterrorism has no state frontiers. A terrorist is capable of threatening any information system worldwide.
Re: Is it generally on the increase?
According to most experts, today Internet Crimes poses greater cyber security threat than 5 years ago. In spite of law enforcement and special services efforts directed to fighting Internet crimes, their quantity, unfortunately, is not reducing, and vice versa their social danger is constantly growing.
Do you agree that Eastern and central Europe, Russia and the former Soviet bloc in general are significant sources of computer/internet crime in the world today? (Any facts and figures would be great!)
According to Symantec's latest Internet Security Threat Report, in terms of overall volume, the United States topped the top-10 list of attacking countries, with 35.4 per cent of recorded cyber-attacks originating in the US.
South Korea was second at 12.8 per cent and China third at 6.9 per cent. The others were Germany (6.7 per cent), France (4 per cent), Taiwan (3.9 per cent), Canada (3.2 per cent), Italy (3 per cent), Great Britain (2.2 per cent) and Japan (1.8 per cent). These nations were responsible for the origin of 80 per cent of all cyber-attacks, according to Symantec's analysis of real-time hacks detected by a sample of 400 companies deploying more than 1000 intrusion detection systems and firewalls in more than 30 countries. South Korea was the No. 1 culprit on a per-user basis among countries with more than one million Internet users. Perhaps riding rapid growth in high-speed Internet connections there, South Korea jumped from the No. 4 spot. Meanwhile, the former leader, Israel, dropped down to No. 10 as its total attack volume fell about 50%.
Regarding Russia and Former Soviet Union:
Russia: cyber crime doubled in 2003 http://www.crime-research.org/news/2004/01/Mess3004.html
Russia: computer crimes statistics http://www.crime-research.org/news/13.03.2004/131
For the information, according to the national researches 10% of Russian and Ukrainian
population are Internet users. IT market is increasing by 20-30%; at the same time Cyber crime in Russia and Ukraine is increasing by 200-300% annually.
If so, why do you think this is? Because these areas have a highly-trained, skilful but poorly paid workforce? What's your view?
We think the social situation in countries of the former Soviet Union makes young men to seek ways to make more money. Some of them choose the "hacking". Besides High Schools in Russia and Ukraine give students a high level skills in math and technics. So, "further hackers" begin to test own strength.
Besides, as you may know there is a 'hacker school' in Moscow. But it is not illegal. The school doesn't propagandize the illegal activity. You can find more information at http://hscool.net./about/index.html
Our researches show that most virus-makers don't possess wide knowledge and they are not high skilled experts in computer technologies. (Certainly there are exceptions as well). They are 13-26 years old men, rather clever or overwhelmed with desire of self-assertion and wish to become members of a certain society; as a rule they are encouraged with revenge, sociopolitical motives, desire to show weakness of technologies, and just with mere curiosity. As a rule, such "virus-maker" creates viruses not with the purpose of causing harm, but to be in "advance of technologies".
Often "virus-makers" do not mean to do harm to someone intentionally; they dispatch viruses as "experiment". They do not realize that damage which is done by their "creations" and do not understand that they became initiators of lots of problems. Frequently they are estranged from a real life and live in their own illusory world.
"Virus-makers" believe they do something "cool" and high-end. But actually it is not so. Computer viruses are rather simple programs and it is not necessary to have profound knowledge for virus-making. And at the age of 24-25 years most of them understand it, lose interest and give up this business.
What are the links, if any, between organized crime and computer/internet crime? In the West we here a lot about the so-called 'Russian mafia'. Are they involved, and if so, how?
We think there is a direct relation between computer crime and organized criminal groups. Generally organized criminal groups use high skilled IT experts in their criminal intentions, for committing both traditional crimes and cyber crimes. Internet can be used in information exchanging and planning crimes. For example, there was a case in Ukraine, when the database of Police has been hacked with the aim to delete records on stolen cars. So criminals could sell stolen cars without any problems.
Are there special law enforcement agencies (police etc) in these countries whose job it is to fight computer crime? If so what's the history, background and record of such groups?
There is a special department "K" at the Ministry of Internal Affairs of Russian Federation. They are called Spider Group, because of their emblem on the uniform with the image of a spider. And there is a Hi-Tech and Intellectual property crime Unit at the Ministry of Internal Affairs of Ukraine. All this agencies are engaged in fighting computer crime.
Are the criminals targeting victims/companies at home in eastern/central Europe and Russia/former soviet bloc, or is it mostly 'exported' crime?
According to information we have, most of targets are domestic companies and banks. There was no criminal case initiated on the facts of breaking foreign companies by domestic hackers. We don't think it is mostly 'exported' crime.
What do you feel is the short-term, and long-term prognosis for computer crime in the future? Will it continue to increase? If so, why? If not, why not?
We think cyber crime in Russia and Ukraine (including other states of the former Soviet Union) will be constantly increasing. The imperfection of national legislation allows a criminal to commit cyber crimes and to remain free. Even in case if they are disclosed, more likely, they won't be brought to the Court. The judicial system demands essential amendments regarding cyber crime.
Add comment Email to a Friend