‘Cybercrime – Now This Changes Everything!’
advertisement
‘Cybercrime – Now This Changes Everything!’ Presented by Commander Barbara Etter Director, Australasian Centre for Policing Research, and Chair, Australasian Police Commissioners’ Conference E-Crime Working Party to the Growing Australia Online Conference in Canberra 3 to 4 December 2002 2 ABSTRACT The Internet is often described as a wonderful tool, an engaging place and a liberating experience … but for whom? There is the potential for many of us to become victims to the growing pool of criminals who skilfully navigate the Net, preying on the young, the trusting and commercial enterprises alike. Cyberspace is an environment that is intangible, dynamic and unlike any previously known. This is especially true in law enforcement. In some respects, the growth in the uptake of Information and Communications Technology (ICT), including the Internet, presents as great a challenge for policing as the introduction of the telephone and the motor vehicle. The paper argues that cybercrime or e-crime1 presents as a new form of business that will require a fundamental paradigm shift in policing. This ‘new business’ will be characterised by new forms of crime, a far broader scope and scale of offending and victimisation, the need to respond in a much more timely way, and challenging technical and legal complexities. Law enforcement agencies around the world are working together to develop new partnerships, new forensic methodologies and new responses to cybercrime in order to ensure safety and security on the Internet. This paper explores some of the known risks and dangers of the Internet, discusses the continually emerging and changing nature of the problem, highlights the unique challenges and response issues, and outlines how the safety and security of our community is being protected by policing agencies in partnership with a range of key stakeholders. INTRODUCTION Policing the physical world, whilst challenging, is relatively well understood, generally localised and low-tech, and underpinned by many well-established practices and procedures. But Cybercrime – Now This Changes Everything! The policing of cybercrime will be enormously challenging. As one of the Commissioners from the US Commission on Child Online Protection commented (Balkam 2000): The Internet changes everything. It upsets our notions of how things should be, how countries should be governed, how companies should be run, how teachers teach and children learn. It mixes up our conceptual framework of what we think we know about the world, about each other and about ourselves. It is liberating, exciting, challenging and terrifying all at the same time … To a majority of the world’s people, the Internet remains mysterious, forbidding, incomprehensible and frightening. The vision for Australasian policing, as stated in its strategic directions document for 2002 to 2005 (APMC 2002), is: ‘A safer and more secure community’ 1 The term electronic crime is used to refer to offences where a computer is used as a tool in the commission of the offence, or as a target. It also encompasses the use of a computer as a storage device. Cybercrime, on the other hand, involves the commission of crime involving cyberspace. 3 Given the ubiquitous nature of technology, and the fact that the Internet is now an integral part of most of our lives, ‘community’ in the vision statement must equally apply to the new and ethereal dimension of cyberspace. Police must ensure safety and security in various environments including the home, schools, business and the workplace, whether online or offline. New and innovative responses are required to the issue of cybercrime or electronic crime, particularly given its global dimensions and borderless nature. In some respects, the growth in the uptake of ICT, including the Internet, presents as great a challenge for policing as the introduction of the telephone and the motor vehicle. Some argue that such crime is merely a case of the ‘same old wine in new bottles’. However, this paper argues that e-crime, and particularly ‘hi-tech crime’2, presents as a new form of business that will require a fundamental paradigm shift in policing. This ‘new business’ will be resource-intensive and will be characterised by: new forms of crime; a far broader scope and scale of offending and victimisation; the need to respond in a much more timely way; and challenging technical and legal complexities. The objectives of the paper are to: Discuss the risks and dangers of the Internet, as well as the nature of the cybercrime problem; Identify and discuss the new and unique challenges and response issues which may be encountered during the prevention, detection and investigation of such crime; and Outline in broad terms what Australasian policing is doing to prevent and reduce the incidence of this type of crime and enhance the safety and security of our communities. KNOWN RISKS AND DANGERS OF THE INTERNET There are enormous economic and social benefits to be gained from embracing ICT and the Internet. However, there clearly are a number of dangers or risks involved, for instance, in utilising the Internet. They include (Etter 2002): Invasions of privacy; Fraud and theft, including the potential use of your credit card details by others to purchase goods and services, and the possibility of identity theft, a fast growing crime; Harassment, including spamming, stalking etc; Exposure to material considered to be pornographic, violent, hate-filled, racist or generally offensive; Ready availability of information to assist people with bomb-making and other dangerous activities; Temptation and ability to participate in on-line gambling; Vulnerability to exploitation, such as the physical or emotional abuse of children; Loss of business and reputation, due to denial of service attacks, web graffiti etc.; and 2 Used to refer to more sophisticated electronic crime, particularly where it is multijursidictional. 4 Loss of data and damage to systems, through malicious code, such as worms and viruses. Recent research conducted by the Australian Broadcasting Authority (ABA 2001) found that most adults believed using the Internet involved some risk, with the main areas of perceived risk being (ABA 2001, p.6): Financial dangers e.g. fraud and credit card number theft (54%); Personal data misuse and privacy issues (45%); Content exposure concerns (39%); and Viruses (21%). The most common content concern was the perceived risk of children accessing unsuitable content (27%). Access to pornographic material, and the receipt of such content through unsolicited emails or accidental discovery, were the key concerns. The difference in the level of regulation of the Internet compared with other media was the most common theme raised by parents, when asked why they were concerned about access on the Internet (ABA 2001, p.43). The core differences between the Internet and other media, perceived by parents who were more concerned with Internet content, were: Regulatory differences; Monitoring difficulty – individual versus group nature of the viewing; The unwanted, unexpected nature of access to unsuitable content; and The interactive nature of the medium and the human dimension. When considering the safety of the Internet, an interesting analogy is that of what is in place to ensure safety on our roads. Whilst the roads can certainly be a dangerous place, there are a myriad of established mechanisms to enhance safety and minimise trauma. These include (Etter 2002): A system of licensing drivers and registering cars to ensure driver competence and vehicle roadworthiness; A complex legislative and regulatory regime which outlines the type of driver behaviour expected on the roads; Careful attention to standards, road design and construction, as well as vehicle design, including the provision of air bags, seat belts etc.; Regular patrolling of our roads by police officers, including practices such as random breath testing; Technological checks and safeguards such as radars, speed cameras, red light cameras and video surveillance; Availability of maps, weather forecasts, advisory signs etc. to assist in planning and/or executing journeys; and Regular and high profile prosecutions of offenders. When you compare this to what is currently in place to ensure safety on the Internet, where admittedly the risk of immediate physical injury or death is much lower, the situation is quite alarming, particularly when one considers the ease with which one can become a victim. Policing at the moment does not have the physical presence or degree of visibility in 5 cyberspace that it has in the physical world. There simply isn’t, and never will be, a ‘bobby’ standing at every ‘cybercorner’. Criminal behaviour on the Internet, or cybercrime, presents as one of the major challenges of the future to Australasian and international law enforcement. As ICT becomes even more pervasive, aspects of electronic crime will feature in all forms of criminal behaviour, even those matters currently regarded as more ‘traditional’ offences. It already features in many transnational crimes involving drug trafficking, people smuggling, terrorism and money laundering. Digital evidence will become more commonplace, even in traditional crimes, and we must be prepared to deal with this new challenge. THE NATURE OF THE E-CRIME PROBLEM The computer has become an integral part of our way of life. However, as our connectivity and dependency on ICT increases, so too does our vulnerability. This vulnerability was clearly demonstrated in recent times with: The distributed denial of service attacks on Yahoo, eBay and other major Internet players during February 2000; The ‘Love Bug’ virus (or ILOVEYOU worm), SirCam, Code Red and ‘Bugbear’ (and others), with the cost of virus attacks in 2001 said to be $US10.7 billion ($A20.5 billion) (Gengler 2001, p.36); The reported denial of service attacks on the St George Bank in Sydney in September 2000 (Kaye 2000, p.1; Spencer & O’Brien 2000, p.29); The hacking of Microsoft where an attacker apparently gained access to the source code for a future product (Gliddon 2000; Weiss 2000); The large scale theft of over a million credit card details from various US e-commerce sites by Russian and Ukrainian crime gangs (Hellaby 2001); Attacks on government websites in the US, UK and Australia by Pentaguard in January 2001, said to be one of the largest most systematic defacements of worldwide government servers on the web (Legard 2001); The largest identity theft case in Internet history involving 200 of the 400 richest people in America listed in Forbes magazine (Weiss 2001); The recent arrest of an identity theft ring in the US involving the theft of more than 30,000 people’s identities through the acquisition of data from credit reporting agencies, with losses to date at $A4.8 million (Festa 2002; Sullivan 2002; The Australian 2002); An international Internet ticketing scam involving a cloned website of the Sydney Opera House whereby people ordered expensive non-existent tickets with their credit cards – the investigation has involved the FBI, US Secret Service, Scotland Yard, the ACCC here in Australia, as well as bank and credit card fraud investigators (Lamont 2002); The theft of telephone services by tapping into the telephone switchboards of 12 of Australia’s largest corporations and the running up of untraceable calls costing around $2 million (The Australian IT Section 2001); The Nimda or ‘swiss army-knife’ worm which impacted on the operations of the National Australia Bank, Parliament House in Canberra, SA Government agencies and others (Bryan & Lekakis 2001; Field 2001); and 6 The hijacking or hacking of the account details of 400,000 Optus Internet dial-up customers, said to have launched the biggest computer crime investigation undertaken by the New South Wales Police (Rossi 2002). Some of these incidents also demonstrate the capacity for a single individual to perpetrate major and widespread criminal harm (with a young Canadian named ‘Mafia Boy’, the offender in the February 2000 denial of service attacks, a New York bus boy and high school drop-out allegedly responsible for the large scale Forbes ID theft scam and a university student from the Philippines the offender in the Love Bug incident). One can only wonder about the extent of damage that could occur in the case of highly skilled, well orchestrated and maliciously motivated attacks. Global connectivity means that havoc can occur, in a very short timeframe, throughout the world. The abuse of computer technology may threaten national security, public safety and community well-being, and devastate the lives of affected individuals. There is also the spectre of cyberterrorism or a cyber dimension to a terrorist attack (Gellman 2002; Verton 2002a & b). New ‘criminal’ opportunities have also been created by the development of electronic media. They include: Denial of service attacks; Viruses, worms, trojans and other forms of malicious code; Unauthorised entry; Information tampering; Cyberstalking; Spamming (sending unsolicited bulk email); Mouse-trapping (where clicking the browser’s back button with the mouse does not lead out of the unwanted site but only to the viewing of further unwanted pages (eg. pornography). To escape, the user may need to close the browser or even restart the operating system); Phreaking (breaking into the telephone network illegally, typically to make free longdistance phone calls or to tap phone lines); and Computer damage. The above are relatively new types of offending or undesirable behaviour that did not exist in the pre-computing environment. Likewise, the development of computers has created new opportunities for services theft, manipulation of the stockmarket (through ramping up of stock prices and ‘pump and dump’ schemes3 using the Internet), software piracy, and other thefts of intellectual property. It was believed a few years ago that only several thousand people in the US had the capabilities to launch a cyber-attack. Recently, it was estimated that there are 17 million such people in the US alone (O’Brien & Nusbaum 2000). Computer Industry Analysts, Gartner Group, also estimate that by 2003, 20 million people worldwide will be actively hacking (Bell 2002). 3 Where someone undertakes actions which falsely inflate a share price and then sells their shareholdings at the inflated price. 7 In relation to the tools of crime, the box below is enlightening as to how much assistance would-be criminals can obtain by simply downloading easily accessible tools that are often available free from the Internet. There are said to be some 30,000 websites that post hacker codes, which can be downloaded to break passwords, crash systems and steal data (Adams 2001). One study recently found that of 3 million sites tested world-wide, about 80% displayed a vulnerability that could be exploited by tools readily available on the Internet (Van Dijk 2001, p.5). New tools, such as ‘autorooters’4, are also emerging, which automate the hacking and cracking5 process and make it even easier to compromise systems (Tanase 2002). They are regarded as a new and very serious threat to network security (Tanase 2002). TOOLS FREELY AVAILABLE ON THE INTERNET Anonymous re-mailers: Machines on the Internet configured to receive and re-send traffic by replacing the original source address of the sender with the address of the anonymous re-mailer machine. Used by intruders to mask their identities. Internet packet filters or ‘sniffers’: Software that allows intruders to intercept network traffic. Nukers: Software tools used by intruders to destroy system log trails. Password crackers: Software that allows intruders to ‘break’ encrypted password files stolen from a victim's network server. Scanners: Automated software that helps intruders identify services running on network machines that might be exploited. Spoofers: Software tools that allow intruders to masquerade as other users. Steganography: A method of encrypting and hiding data in graphics or audio files. Used by intruders to spy, steal, or traffic in information via electronic dead drops, for example, in Web pages. Trojan programs: A legitimate program altered by the injection of unauthorised code into that program causing it to perform unknown (and hidden) functions to the legitimate user/system owner. Intruders use them to create undocumented ‘backdoors’ into network systems. (Source: KPMG 2000, p.10) People who commit computer crimes vary widely in skills, knowledge, resources, authority and motives. In addition, motives are said to include greed, need (to solve personal problems such as gambling debts), inability to recognise the harm done to others, personification of computers (seeing computers as adversaries in a game) and the Robin Hood syndrome (seeing corporations as so rich that stealing from them is morally justified) The term ‘autorooter’ is based on security lingo for successfully cracking and gaining privileged access to a machine (or ‘rooting’ a system). The ‘auto’ prefix stems from the fact that these devices essentially package, or automate, the cracking process from start to finish. They can be designed to scan a network for vulnerable machines or attack everything they come across. Once a machine is successfully compromised, any type of malicious code can be installed and configured, data might be captured (using a sniffer), web pages defaced, or servers installed. 4 5 Hacking with malicious intentions. 8 (Kabay 2000, citing Parker). Offenders can range from juveniles operating out of their bedrooms, to disgruntled employees or insiders, traditional criminals, organised crime rings, and even foreign intelligence organisations. There is growing evidence that organised crime groups are exploiting the new opportunities offered by the Internet (Williams 2002). It has been reported that the Chinese triads have been employing computer programmers since 1998 (Galeotti 2000). In addition, the Aum Shinriko sect which was responsible for the deadly sarin nerve gas attack in a Tokyo subway in 1995 diversified into the IT industry and reportedly was responsible for the installation of over 100 computer systems into Japanese government ministries and major companies, thus raising fears over how the Aum could exploit its cyberwarfare potential through its access to government computers (O’Ballance 2001). The Colombian drug cartels have also been utilising cutting edge ICT to assist them in their operations (Kaihla 2002), as have some Outlaw Motor Cycle Gangs (Edwards & Shephard 2002). Cybercrime is variable in its manifestations, so it is difficult to discuss in terms of aggregate incidence and impact. This inability to accurately define the nature of the problem is not helped by the fact that currently no comprehensive statistics on e-crime are maintained by Australasian police. Unfortunately, definitive information on the present extent and impact of electronic crime both in Australia and overseas is not available. A significant amount of this crime is simply not reported and much may not even be detected. UNIQUE CHALLENGES While computer technology will be used in many traditional crimes, the nature and particular features of e-crime or cybercrime will pose new and unique challenges for policing because of characteristics such as (Police Commissioners’ Conference Electronic Crime Working Party 2000, p.4): Anonymity; Global reach (including issues of jurisdiction, disparate criminal laws and the potential for large scale victimisation); The speed at which crimes can be committed; The potential for deliberate exploitation of sovereignty issues and cross-jurisdictional differences by criminals and organised crime; The volatility or transient nature of evidence, including no collateral or forensic evidence such as eyewitnesses, fingerprints, trace evidence or DNA; and The high cost of investigations. The ability for criminals to remain anonymous on the Internet presents a huge challenge for police and policy makers. Anonymity is assisted by a proliferation of Internet cafes and web kiosks, the emergence of data havens, prepaid Internet packages, the availability of tools for ‘spoofing’6 and the presence of anonymising services on the Internet (e.g. www.anonymizer.com). 6 Spoofing is a technique used to gain unauthorised access to computers, whereby the intruder sends messages to a computer with an Internet Protocol (IP) address indicating that the message is coming from a trusted host. The person modifies the packet headers so that it appears that the packets or message are coming from someone else. 9 The challenges of the digital age and for the investigation of e-crime are numerous and diverse, and include (Police Commissioners’ Conference Electronic Crime Working Party 2000, pp. 25-28; Rees 2000, pp.16-19): Bridging multi-jurisdictional boundaries; Retaining and preserving evidence; Acquiring appropriate powers; Decoding encryption; Proving identity; Knowing where to look for evidence; Tackling the tools of crime and developing tools to counter crime; Rethinking the costs and priorities of investigation; Responding to crime in real time; Coordinating investigative activities; Improving training at all levels of the organisation; Developing strategic partnerships and alliances; Improving the reporting of electronic crime; Enhancing the exchange of information and intelligence; Acquiring, developing and retaining specialist staff; and Avoiding ‘tech-lag’ (or getting access to cutting edge technology). The forensic challenges, in particular, are considerable (Etter 2001). The US Department of Justice in a recent report (2001, p.23) identified four major challenges in relation to forensic evidence collection and analysis: Finding evidence in the ‘information ocean’ – Finding important evidence can be nearly impossible. Separating valuable information from irrelevant information also requires extraordinary technical efforts. Determining the location where evidence is stored can also be quite difficult. Anonymity – Computer networks permit persons to easily maintain anonymity and most web surfers have a ‘handle’, a false name or identity. Traceability – Related to anonymity, traceability refers to how difficult it is to establish the source and destination of communications on computers and communication networks, such as the Internet. Traceability is becoming even more difficult because of the proliferation and easy availability of multiple communications providers. Communications on the Internet, for example, can easily pass through 10 different Internet Service Providers (ISP’s), each of which must provide information (often in real time) to trace a communication. Encryption – Shortly, the vast majority of data and communications will be encrypted. Encryption can hinder law enforcement investigations and increase costs because of the problems associated with cracking the encryption. 10 HOW AUSTRALASIAN POLICING IS PROTECTING CYBERSPACE The issue of ‘computer crime’ has been on the policing agenda for a number of years now. One longstanding initiative is the ACPR’s Australasian Computer Crime Program (ACCP), which incorporates the Australasian Computer Crime Managers’ Group (ACCMG). New impetus was provided in March 2000, when, at their annual Conference, the theme of which was ‘Crime @ the speed of thought’, Australasian Commissioners of Police, recognising the complexity and immediacy of the cybercrime issue, formed a Steering Committee of four Commissioners of Police.7 They also established an E-Crime Working Party (ECWP) chaired by the Director of the ACPR. The major task of the ECWP was to prepare a draft Australasian law enforcement strategy on electronic crime and a related task was to evaluate the current law enforcement response capacity. The Working Party was requested, as a first step, to scope out the nature of the electronic crime problem. In September 2000, the Working Party finalised and published a comprehensive and detailed report entitled ‘The Virtual Horizon: Meeting the Law Enforcement Challenges’ (Police Commissioners’ Conference Electronic Crime Working Party 2000). Following on from the scoping exercise, an analysis was undertaken by the ECWP and a strategy developed. At this stage, the strategy identifies 5 important focus areas which are inextricably linked and will have limited impact unless dealt with collectively. They are: Prevention; Partnerships; Education and Capability; Resources and Capacity; and Regulation and Legislation. Complementary workplans which address each of these focus areas were developed and action is being taken to implement priority taskings, as resources allow. Every effort is being made to ensure that the strategy leverages off a variety of important initiatives already in place. At the March 2001 Police Commissioners’ Conference, Commissioners also established an E-Crime Law Reform Working Party (ECLRWP) in recognition of the importance of law reform issues. The ECLRWP is currently chaired by the Australian Federal Police (AFP) and works closely with the legislative update group of the Commonwealth’s Action Group into the law enforcement implications of Electronic Commerce (AGEC). A range of issues is currently being examined including interception and surveillance capacities, police access to stored emails, the legislative response to identity crime, privacy issues, and data retention and preservation. A major thrust of the E-crime strategy is prevention, which will involve a whole of government approach to a range of issues. For instance, community education, particularly involving children, parents and teachers, along with the development of cyberethics, will be 7 Currently Commissioner Matthews (WA) as Chair, Commissioner Keelty (AFP), Commissioner Hyde (SAPOL) and Commissioner Robinson (NZ). 11 important in responding to Internet safety concerns and in raising the barriers to crime. It is of concern that juvenile offenders are becoming increasingly involved in e-crime. Addressing victim issues will also be important, particularly in relation to identity crimes (including the traumatic experience of identity take-over). A major challenge will be successfully engaging the private sector. Clearly, it will be necessary to persuade CEO’s and other business leaders that the issue of online security and resistance to e-crime is a matter of good corporate governance which needs to be integrated throughout any business strategy. Unfortunately, it would seem that too many corporate leaders currently regard the matter as a technical issue to be dealt with by IT departments, or a cost of doing business which is often simply passed on to the broader pool of customers. One important development within Australian policing is a recent decision by the Australasian Police Ministers’ Council (APMC) to establish an Australian Hi-Tech Crime Centre (AHTCC). The Centre is to be hosted by the AFP and will be co-located with its Transnational Crime Coordination Centre (TCCC). The focus of such a centre will be on serious, organised and multi-jurisdictional crime with a hi-tech dimension. It became increasingly apparent that it was necessary to develop both a ‘centre of excellence’ and a ‘single point of contact’, within Australia to represent law enforcement interests if policing was to be effective across the spectrum of major crime. Crime is simply becoming more complex and there is a need to ensure the continual enhancement of forensic, interception and other technical capabilities, particularly as organised crime, including terrorists, utilise new technologies. There is also a definite need for enhanced coordination in relation to assessment/prioritisation, tasking, intelligence collection and exchange, and law reform. A national centre will be particularly useful given the borderless nature of cybercrime and the need for Australia to assist other nations in accordance with international arrangements. A centre will be well placed to provide a highly responsive and expert 24 hour/7 day response capacity where required and will develop a capacity for real time assistance and online investigation. CONCLUSION Law enforcement agencies around the world are working together to develop new partnerships, new forensic methodologies and new responses to cybercrime. The nature of Internet crimes presents complex new challenges for law enforcement with regard to investigating crimes, collecting, analysing and presenting evidence, identifying, apprehending and prosecuting offenders, and assisting victims and their families. Cybercrime is truly a global issue and there will be an unprecedented need for international commitment, coordination and cooperation. It will also be important to more fully understand the nature of the problem and to address the significant under-reporting of the phenomenon. Prevention and partnerships with a broad range of stakeholders will be essential. In some respects, the growth in the uptake of ICT, including the Internet, presents as great a challenge for policing as the introduction of the telephone and the motor vehicle. While there will always be a role for traditional investigative techniques, cybercrime presents as a 12 new form of business that may require a fundamental paradigm shift in policing. Dealing with the global and immediacy aspects of the issue will be extremely challenging. New skills, technologies and investigative techniques, applied in a global context, will be required to detect, prevent and respond to cybercrime. This is not just about a realignment of existing effort. This ‘new business’ will be characterised by new forms of crime, a far broader scope and scale of offending and victimisation, the need to respond in a much more timely way, and challenging technical and legal complexities. Innovative responses such as the creation of ‘cybercops’, ‘cybercourts’ and ‘cyberjudges’ may eventually be required to overcome the significant jurisdictional issues. Addressing the issues outlined will be essential in establishing a secure and trusted electronic environment and in ‘Growing Australia Online’. REFERENCES Adams, J. 2001, ‘The Weakness of a Superpower’, Foreign Affairs, May/June. APMC 2002, Directions in Australasian Policing 2002-2005 (in press). Australian Broadcasting Authority (ABA) 2001, The Internet at Home: A report on Internet use in the home, December, Sydney. Bell, S. 2002, ‘The web’s most wanted’, 1 August, http://www.guardian.co.uk/Archive/Article/0,4273,4472989,00.html. Bryan, M. & Lekakis, G. 2001, ‘Nimda computer virus hits NAB’, The Australian Financial Review, 20 September, p.50. Edwards, P. & Shephard, M. 2002, ‘Biker gangs putting Web to deadly use’, The Star, 7 July, http://www.thestar.ca/NASApp/cs/ContentServer?GXHC_gx_session_id_= fd492cf53c7fefeb&page, visited 11 July 2002. Etter, B. 2001, The Forensic Challenges of E-crime, Current Commentary No.3, 10/2001, Australasian Centre for Policing Research, Adelaide. Etter, B. 2002, The Challenges of Policing Cyberspace, Presented to the Netsafe: Society, Safety and the Internet Conference, 10-12 February, Auckland, New Zealand. Festa, P. 2002, ‘Feds charge 3 men with identity theft’, CNET News.com, 25 November, http://news.com.com/2100-1023-971196.html?tag=fd_top. Field, R. 2001, ‘Nimda forces network shutdowns’, Computerworld, 1 October, Vol.25 No.12, p.3. Galeotti, M. 2000, ‘Chinese crime’s global reach’, Jane’s Intelligence Review, November, pp.10-11. Gellman, B. 2002, ‘Cyber-Attacks by Al Qaeda Feared’, Washington Post, 27 June, http://www.washingtonpost.com/ac2/wp-dyn/A50765-2002Jun26?language=printer, visited 28 June 2002. Gengler, B. 2001, ‘Virus costs hit $20.5bn’, The Australian, 11 September, p.36. Gliddon, J. 2000, ‘Cracks in the Armour’, The Bulletin, 7 November, p.86. Hellaby, D. 2001, ‘Warning over Credit Card Sting’, The Australian, IT section, 20 March, p.32. 13 Kabay, M.E. 2000. ‘Studies and Surveys of Computer Crime’, Focus, 11 December, http://securityportal.com/cover/coverstory20001211.html, visited 13 December 2000. Kaihla, P. 2002, ‘The Technology Secrets of Cocaine Inc.’, July, http://www.business2. com/ articles/mag/0,1640,41206,00.html. Kaye, B. 2000, ‘St George still a ‘sitting duck’’, Computerworld, Vol.24 No.11, 11 September, pp.1 & 4. KPMG 2000, E-Commerce and Cyber Crime: New Strategies for Managing the Risks of Exploitation, USA. Lamont, L. 2002, ‘Opera victims duped by world wide web of fraud’, The Sydney Morning Herald, 11 November, p.8. Legard, D. 2001, ‘Hackers Hit Government Sites’, Computerworld, Vol.24 No.26, 29 January, p.12. O’Ballance, E. 2001, ‘From Sarin to Cyber Warfare: The Aum Doomsday Sect’, Intersec, Vol.11 Issue 2, February, pp.52-53. O’Brien, K. & Nusbaum, J. 2000, ‘Intelligence Collection for Asymmetric Threats – Part Two’, Jane’s Intelligence Review, November, pp.50-55. Police Commissioners’ Conference Electronic Crime Working Party 2000, The Virtual Horizon: Meeting the Law Enforcement Challenges. Developing an Australasian law enforcement strategy for dealing with electronic crime. Scoping Paper, Australasian Centre for Policing Research, Report Series No: 134.1, Adelaide. Rees, A. 2000, ACPR Technology Environment Scan, Report Series No: 133.1, Australasian Centre for Policing Research, Adelaide. Rossi, S. 2002, ‘Hackers hit Optus accounts’, Computerworld, Vol.25 No.24, pp.1 & 4. Spencer, S. & O’Brien, S. 2000, ‘Internet banking service attacked’, The Advertiser, 2 September, p.29. Sullivan, B. 2002, ‘Huge identity theft ring busted’, MSNBC News, http://www.msnbc.com/news/839678.asp?0si=Tanase, M. 2002, ‘Introduction to Autorooters: Crackers Working Smarter, not Harder’, 21 August, http://online.securityfocus.com/infocus/1619. The Australian IT Section 2001, ‘Gangs tap into phone system’, 29 March. The Australian 2002, ’30,000 fleeced by identity scammers’, 27 November, p.9. US Department of Justice 2001, Electronic Crime Needs Assessment for State and Local Enforcement, National Institute of Justice Research Report, NCJ 186276, March, Washington DC. Van Dijk, S. 2001, ‘Technology Alone No Match for Security Risks’, Computerworld, Vol.24 No.39, 14 May, p.5. Verton, D. 2002a, ‘Experts predict major cyberattack coming’, Computerworld, 8 July, http://www.computerworld.com/securitytopics/security/story/0,10801,72533,00.html, visited 25 November 2002. Verton, D. 2002b, ‘Experts: Don’t dismiss cyberattack warning’, Computerworld, 18 November, http://www.computerworld.com/securitytopics/security/story/ 0,10801,76000,00.html, visited 25 November 2002. Weiss, T. 2000, ‘Microsoft Says it Tracked Intruder for 12 Days’, Computerworld, Vol.24 No.18, p.3. 14 Weiss, M. 2001, ‘How the NYPD Cracked the Ultimate Cyberfraud’, NYPOST/FOXNEWS, 20 March. Williams, P. 2002, Organized Crime and Cyber-Crime: Implications for Business, CERT Coordination Centre, www.isalliance.org/resources/papers/cybercrime-business.pdf, visited 17 June 2000.
