International Cooperation in Cybercrime Investigations

Similar documents
A Criminal Intrudes into a Bank in Geneva Korean agents. Canadian agents make the arrest. Argentinian investigators. discover. attack came from Seoul

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

UNODC. International Cooperation and Assistance in Cybercrime Matters

Cybercrime and e-evidence: challenges and solutions.

ITU Model Cybercrime Law: Project Overview


Legal Foundation and Enforcement: Promoting Cybersecurity

Overview on the Project achievements

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

- To aid in the investigation by identifying. - To identify the proper ISP, webhosting. - To use in search warrant affidavits for to

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

10007/16 MP/mj 1 DG D 2B

Comprehensive Study on Cybercrime

CYBERCRIME RESPONDERS TRAININGS

A Multi-Stakeholder Approach in the Fight Against Cybercrime

10025/16 MP/mj 1 DG D 2B

Data Preservation Checklists

LEGAL SOLUTION CYBERCRIME LEGAL SOLUTION LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

The cost of cybercrime the benefits of cooperation

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

OAS Cybersecurity Capacity Building Efforts

MEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV

Project III

Scope of the Member State mechanism

Guiding principles on the Global Alliance against child sexual abuse online

CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE. Octopus Conference, Strasbourg 06 June, 2012

UNODC tackling cybercrime in support of a safe and secure AP-IS

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

Donor Countries Security. Date

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Virtual Currencies and The Commonwealth. 1 June 2016

Caribbean Cyber Security: Not Only Government s Responsibility

Legal, Ethical, and Professional Issues in Information Security

INTRODUCTION. A main question for ISS: why are there so few prosecutions? Copyright Institute for Security Studies 20 November

T-CY Guidance Note #8 Obtaining subscriber information for an IP address used in a specific communication within a criminal investigation

COUNTER-TERRORISM. Future-oriented policing projects

Cyber Security Strategy

In the Balkans, UNODC is part of the consortium with GIZ and the Center for International Legal Cooperation of the Netherlands who will implement the

Responding to Cybercrime:

Inter-American Port Security Cooperation Plan

Promoting Global Cybersecurity

This report was prepared by the Information Commissioner s Office, United Kingdom (hereafter UK ICO ).

Council of the European Union Brussels, 23 November 2016 (OR. en)

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

A1. Actions which have been undertaken by Governments

Cyber Security Development. Ghana in Perspective

Cybersecurity & Spam after WSIS: How MAAWG can help

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

ASEAN s Cyber Confidence Building Measures

RESOLUTION 130 (Rev. Antalya, 2006)

Universal Trusted Service Provider Identity to Reduce Vulnerabilities

Digital Forensic Science: Ideas, Gaps and the Future. Dr. Joshua I. James

Defining Computer Security Incident Response Teams

COUNTERING IMPROVISED EXPLOSIVE DEVICES

New Legal instruments for Cross-border Crime Investigation in EU

Child Online Protection in Child Pornography Namibia

Garry Mukelabai Communications Authority Zambia

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Canada s Weapons Threat Reduction Program

Global Wildlife Cybercrime Action Plan1

ECOWAS Cyber security Agenda

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Snap Inc. Law Enforcement Guide

Policy recommendations. Technology fraud and online exploitation

PROJECT RESULTS Summary

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

The role of municipal government in preventing crime and building community safety

Designing Robustness and Resilience in Digital Investigation Laboratories

TRANSFORMING WEST MIDLANDS POLICE A BOLD NEW MODEL FOR POLICING

CYBER CRIME A COMPARATIVE LAW ANALYSIS SANDRA MARIANA MAAT. submitted in part fulfilment of the requirements for the degree of MAGISTER LEGUM.

Strategic and operational threat analysis at Europol's EC3

GLOBAL CYBERSECURITY INDEX 2016

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

CYBER CRIME LEGISLATION COURSE MALAYSIAN COMMUNCIATIONS AND MULTIMEDIA COMMISSION MALAYSIA

International Law Enforcement Cooperation on Cybercrime investigations: the role of INTERPOL. Mr Olusola Oguntunde

Cybersecurity Capacity ITU Preetam Maloor Strategy & Policy Advisor 3 March 2015

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Assistant Secretary-General Michèle Coninsx Executive Director, CTED

Incident Response Services

15412/16 RR/dk 1 DGD 1C

Joint ICTP-IAEA School of Nuclear Energy Management November 2012

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Commonwealth Cyber Declaration

ILLICIT GOODS AND GLOBAL HEALTH. Future-oriented policing projects

Regional Cyber Security and Cyber Crime Best Practices Workshop November 28-30, 2011 Bogotá, Colombia

PROGRAM SUMMARY OBJECTIVES RESULTS. Last updated date: 7/27/2017. Target Beneficiaries. Donor Security

COMPUTER FORENSICS (CFRS)

The APEC Model. Global Partnership through Regional Initiatives

REGIONAL AND INTERNATIONAL TRENDS IN INFORMATION SOCIETY ISSUES CYBERCRIME CHALLENGE

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

International Nonproliferation Export Control Program (INECP) Government Outreach for Enterprise Compliance

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

Information Security Incident Response Plan

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

ITU Regional Forum on Consumer Information, Protection and Rights for Africa 2017 Cotonou, BENIN March 2017

MELANI: Information exchange a story of success

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

Transcription:

International Cooperation in Cybercrime Investigations Joel Schwarz Computer Crime & Intellectual Property Section Criminal Division, US Department of Justice Joel.schwarz@usdoj.gov

Criminal Investigations The Challenges of Globalization of Challenges from a LE perspective : Enact sufficient laws to criminalize computer abuses; Commit adequate personnel and resources; Improve abilities to locate and identify criminals; Improve abilities to collect and share evidence internationally to bring criminals to justice. 2

Networks Criminalize Attacks on Computer Where Country A criminalizes certain conduct & Country B does not, a bridge for cooperation may not exist - dual criminality Extradition treaties Mutual Legal Assistance Treaties Convention on Cybercrime Acts as a Mutual Legal Assistance Treaty where countries do not have an MLAT Model to ensure act is criminalized in each country Laws don t need to have same name, or same verbiage just similar elements 3

Law Enforcement Needs Experts dedicated to High-tech Crime Experts available 24 hours a day (home & beeper) Continuous training Continuously updated equipment Each country needs this expertise 4

Solutions Are Not Always Easy Difficult budget issues arise (even in the U.S.) Requires the commitment of the most senior officials Often close cooperation with the private sector can help Disparity of resources: Criminal: crossing border is a trivial action LE: cooperating across those same borders is very difficult for investigators 5

Canadian agents make the arrest Korean agents discover attack came from Vancouver Namibian investigators discover attack came from Seoul Philippine investigators discover attack came from computer in Namibia A Criminal Intrudes into a Bank in Manila 6

Crimnals Locating and Identifying Primary investigative step is to locate source of the attack or communication Very often what occurred is relatively easy to discover, but identifying the person responsible is very difficult Applies to hacking crimes as well as other crimes facilitated by computer networks 7

Tracing Communications Only 2 ways to trace a communication: 1. While it is actually occurring 2. Using data stored by communications providers 8

Tracing Communications Infrastructure must generate traffic data in the first place Carriers must have kept sufficient data to allow tracing Certain legal regimes require destruction of data The legal regime must allow for timely access by law enforcement that does not alert customer The information must be shared quickly Preservation of evidence by law enforcement Critical given the speed of international legal assistance procedures Must be possible without dual criminality Convention on Cybercrime, Article 29 9

Solution: Sharing Evidence Countries must improve their ability to share data quickly If not done quickly, the electronic trail will disappear Yet most cooperation mechanisms take months (or years!), not minutes 10

Sharing Evidence Solutions for Collecting and Convention on Cybercrime Parties agree to provide assistance to other countries to obtain and disclose electronic evidence Convention on Cybercrime, Article 30: expedited disclosure of traffic data 1.Preserve all domestic traffic data 2.Notify requesting country if trace leads to a third country 3.Provide sufficient data to allow requester to request assistance from the third country 11

Network 1 24/7 High Tech Crime LE Problem: MLA on computer/internet cases Solution: 24/7 emergency contact network Knowledgeable LE point of contact tech & law Data preservation, advice, ISP contacts, start mutual legal assistance process Available 24/7 Participation About 50 countries open to all, not exclusive club South Africa, Namibia, Mauritius, Korea, Taiwan, etc. 12

Law Enforcement 24/7 Network (November 2007) 13

Network 2 24/7 High Tech Crime Requirements: person on call Technical knowledge Know domestic laws and procedures No big office or fancy command center needed No promise of assistance just immediate availability Doesn t supplant ordinary mechanisms -- it enhances and fills a gap Contact CCIPS if interested... All countries need advice (large and small) Borrow each other s expertise, help with policy Expect another training for 24/7 countries in 2008 It works! South American kidnapping case... 14

Ongoing International Efforts APEC leaders committed to: Modernize legal frameworks Develop cybercrime investigative units and 24/7 response capability Establish threat and vulnerability information sharing OAS: providing assistance to member states Regional workshops 1 st series: Policy and legislative development 2 nd series: Computer investigations and forensics, international cooperation 3 rd series: Being developed OECD: Culture of Security Africa what s going on locally? 15

African Region CC Initiatives June 2006 -- 2 training workshops (1 week each) 20 sub-saharan African nations attended Results of workshops: 2 additional African countries join 24/7 Network CCIPS asked for legislative draft assistance Currently finalizing planning and funding for next African-region workshops likely in West Africa in 2008 looking for regional partners and hosts African-focused ListServ: AfricanCyberInfoNetwork@afrispa.org share insights, seek help and guidance from others, update each other on in-country/region developments 16

Conclusion Every country relies on the others for assistance in responding to the threat of cybercrime Each country needs to: Enact adequate substantive and procedural laws Empower its law enforcement authorities to collect evidence for other countries Work to enhance the rapid collection and international sharing of electronic evidence 17

Questions? 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback