With an increasing amount of business being done online, the chances are growing that you, or your company, may become a victim of online criminal activity.
It could be as simple as a customer who buys from your website with a stolen credit card, or as complex as being lured to invest in a multimillion-dollar deal only to learn that the glowing stories about it on a financial news website were bogus. It might be the mushrooming crime of personal or corporate identity theft.
According to Ontario Provincial Police Staff Sgt. Barry Elliott, creator and co-ordinator of an anti-fraud group called Phonebusters.com, more than 9,000 Canadians have reported identity theft losses totaling $7.1 million this year, "and we're tracking for a total number of complaints in the 11,000 to 12,000 range."
If cybercrime strikes you, who ya gonna call?
 |
| Tom Keenan, Business Edge |
| The Guangzhou Public Security Commanding Center is poised to track cybercrime activity. |
Your bank or credit card companies would be your first resort. They all maintain large and growing cyberfraud units. Next come the police, but keep in mind that if you involve them you may lose control of the investigation and how it is explained to the public. Some businesses choose to swallow a loss rather than risk having their gullibility or lax controls exposed in the media.
What if the cyberfraud is international? Who do the local police call? Other police. However, the results are not always very helpful. As one U.S. cybercrime investigator put it, "when the trail leads to the People's Republic of China (PRC), the information flow seems to abruptly stop."
Chinese authorities admit they have home-grown cybercriminals, and also that very few have been brought to justice. But they say they're trying to do better, perhaps spurred on by China's new World Trade Organization membership and the upcoming Olympic Games.
More than 200 world experts on cybercrime gathered recently for a meeting of the Society for the Policing of Cyberspace, with major sponsorship from Motorola and Microsoft.
Usually held in Vancouver, this year's International Summit took place in Guangzhou (formerly Canton), a bustling city in the PRC not far from Hong Kong.
Over four days, police, legal and technical experts tried to bridge the gap in international cybercrime enforcement, while, of course, making time for tours and socializing.
The distance from Hong Kong to Guangzhou may be short, but there's a huge cultural gap. When we visited Microsoft's Asian security experts at their office in Hong Kong's shiny new Cyberport, we could have been in a corporate boardroom in Calgary or Redmond, Wash.
At the Guangzhou Public Security Commanding Center, on the other hand, there was little doubt that we were in a country that still heeds the words of Chairman Mao that "the individual is subordinate to the organization."
Hidden computer monitors rise up from a gigantic conference table at the push of a button. Dozens of large video screens display the activities of citizens, up close and personal, from both street level and overhead cameras. The very layout of the place conveys an air of a no-nonsense command and control.
Chinese conference presenters, from police to prosecutors to judges, cited the 1997 changes to the China's Criminal Code that introduced crimes such as "invading a computer information system, increasing or jamming the functions of the computer information system," and even "teaching another person how to commit a computer crime."
That can draw a sentence of five years in jail.
However, it's clear that the emphasis so far has been on prosecuting China's economic cybercriminals. Articles 264 and 266 of the PRC Criminal Code deal with "stealing a relatively large amount of public or private property" and "swindling public or private money or property.”
A handful of Chinese citizens have been tried, and a few actually imprisoned, for crimes such as cheating in online auctions and running illegal online gambling.
There's also been an attempt to control the "spreading of bawdy materials.”
The terms of use for the in-room Internet at the conference hotel actually made mention of this, along with a prohibition on "disseminating rumors, disturbing social order, or undermining China's social stability."
Type in words such as "Falun Gong" into Google in China, and you get a mysterious "page cannot be displayed" instead of the usual 1.8 million hits. Our tests found, however, that you could sneak anything you wanted into China through Instant Messenger chats.
What about China's legendary disregard for intellectual property rights? Judge Li Xiao spoke about China's efforts to address rampant copyright infringement, saying it has "been listed as one of eight big problems.”
However, a quick look on the street shows there's still no shortage of counterfeit goods, both high and low tech.
Experts who try to pursue cybercriminals here say it's usually a frustrating experience.
One very senior Hong Kong-based expert said: "Look, it's a corrupt country, and usually the witnesses are gotten to before we can go to trial, so we don't even bother (chasing cybercriminals into China.)" That will have to change if China truly wants to be integrated into the international e-commerce world.
One hopeful sign for law enforcement is the growing acceptance of the Council of Europe's (COE) convention on cybercrime. This legally binding document contains uniform definitions of various computer-related crimes, and attempts to harmonize laws and provide a means for international prosecution of cybercriminals.
Both Canada and the U.S. have signed but not ratified the convention, so it is not yet in force in those countries. In fact, only 11 countries, most of them in Eastern Europe, have ratified it.
The list includes Romania, Hungary and Bulgaria, which, ironically, are notorious hotbeds of bad stuff on the Internet.
The COE's Margaret Killerby urged delegates to pressure their countries to ratify the treaty to aid international investigation and prosecution of cybercrime.
But the COE convention is not without its opponents. EPIC, the Electronic Privacy Information Center, opposes U.S. ratification of the treaty, saying it would "create invasive investigative techniques while failing to provide meaningful privacy and civil liberties safeguards.”
Other critics have suggested that it might also allow governments to demand encryption keys.
Perhaps the most concrete outcome of the Guangzhou summit, beyond new friendships and professional links, was a commitment on the part of developed nations to share their cyberpolicing expertise with less developed ones.
Representatives of the U.K. Centre for High Tech Crime Training and the Justice Institute of British Columbia quickly volunteered to work on this.
They'd better hurry up, because cyberfraud is the safest, easiest and most profitable form of crime, and people in developing countries are becoming aware of this.
As the trailer for the con artist movie Matchstick Men put it, "if there's a sucker born every minute, these guys will work the delivery room."
(Tom Keenan is a professor at the University of Calgary and an expert on technology and its social implications. He can be reached at keenan@businessedge.ca)