Is Canada losing the fight against online thieves?
Last Updated May 15, 2007
The Vancouver Police Department is one of the few in Canada with a dedicated computer investigative unit. (Photo: Martin Dee)
Cybercrime is a big term, covering everything from fraudulent spam, to hacking, to the theft of information from computers. Itís also a big problem, expanding at a pace that makes the dot-com madness of the '90s look positively lethargic.
In the first quarter of 2007, a staggering 23,864 new threats from malware — malicious computer code designed to commit crimes — were identified globally, according to Ron OíBrien senior security analyst at IT security solutions provider Sophos.
That's more than twice the number discovered in the same period in 2006.
As cybercrime evolves, law enforcement in Canada is struggling to manage a problem that is not only growing, but which operates freely across international borders. To make matters worse, the bad guys are constantly upgrading their skills and technology.
In Canada, thereís no single agency charged specifically with handling cybercrime, but a frontline resource against some types of online crime is the Canadian Anti-Fraud Call Centre. Also known as Phonebusters, itís a joint operation of the Ontario Provincial Police, the RCMP, and the Federal Competition Bureau that serves as a central clearinghouse to collect mass-marketing fraud complaints.
Phonebusters doesn't actively investigate complaints. Instead, it analyses them and refers them to the appropriate law enforcement agency. The operation has 20 civilian staff taking calls, and four police officers in the analytical unit who filed more than 50,000 reports in 2006.
Det. Const. John Schultz, an OPP officer with Phonebusters, says the organization's role allows it to identify patterns across police jurisdictions to find groups that may be operating scams across Canada: "You canít do that unless you have a central sourcing database."
As fraud artists increasingly turn to the web to perpetrate their scams, Phonebusters is referring more and more internet-based cons to local and national agencies. Non-fraud-related complaints, including "pure" internet crimes such as Distributed Denial of Service (DDOS) attacks, are usually reported directly to local police services or the RCMP.
Law Enforcement Under-resourced
However, while a central reporting mechanism for some types of web crime is helpful, it barely scratches the surface in addressing the growing plague of cybercrime.
Once a complaint lands with local law enforcement, outcomes vary. Not all police services have officers trained to deal with online crime, and many departments may have to refer a case elsewhere — typically to other police services or RCMP specialists — or simply place it on the backburner.
"There are very few online fraud investigators in Canada," says Det. Const. Mark Fenton of the computer investigative unit in the Vancouver Police Department. "A lot of people write these files off because they donít have the knowledge and they think itís too hard to investigate."
'There are very few online fraud investigators in Canada. A lot of people write these files off because they donít have the knowledge and they think itís too hard to investigate.'
— Det. Const. Mark Fenton
Where the expertise does exist, resources are being stretched to the limit.
Arne Stinnissen, manager of the Ontario Provincial Police electronic crimes division in Orillia, says that his unit — which specializes in recovering data from computers used in crimes — is seriously short of resources.
"Weíre bringing in a case and a half a day, and clearing about half a case a day, so weíre continually under the gun," he says.
Training officers in high tech isnít quick or cheap: Staff Sergeant Wally Hogg, head of the Waterloo Regional Police fraud branch, says that it can take a year to get someone up to speed and, with technology continually evolving, that training has to be a continuous process.
Prosecutions relatively rare
Once a case has been investigated, securing a conviction is another hurdle. Prosecutors are often reluctant to move forward with cybercrime cases, which can be complex and expensive to prosecute.
"Itís very frustrating," Fenton of the Vancouver police says. "The Crown counsel workload is very high. They have a hard enough time getting through files in the real world, and if all of a sudden they say Ďyes weíre going to accept these type of [cybercrime] files,' they think itís going to open up an avalanche of investigations. And from a technical side, they arenít set up to do investigations for cyber prosecutions."
The other problem, he says, "is that thereís no international law for this kind of stuff."
Since internet criminals arenít bound by borders, crimes are often committed outside the jurisdiction of Canadian prosecutors. Pursuing these cases can involve administrative red tape at best, and out-and-out lack of co-operation from foreign authorities at worst.
There is also a perception that sentences for convicted cyber crooks may not be as serious in Canada as in other jurisdictions.
BOTNETS are networks of computers that have been hijacked by malicious groups or individuals. Their owners are usually unwitting victims who have no idea their machines have been infected and turned into so-called "zombies" or "bots." The zombie computers are typically used to distribute spam or phishing (see below) e-mails, or viruses and Trojans that are used to hijack other computers. Botnet operators often rent time or bandwidth on their networks to spam e-mail marketers and phishing scam artists.
MALWARE is a catch-all term for malicious software such as computer viruses and spyware, that compromise the security or function of personal computers.
PHISHING is a technique in which criminals try to trick people into disclosing sensitive information, such as online banking names and passwords, and is often conducted through e-mails.
PHARMING is an attack in which malicious individuals try to redirect traffic from one website to a false one. This is sometimes done to collect a person's login or password information.
TROJANS are programs that appear to perform a useful function in order to hide a malicious one. Like the Trojan horse of Greek myth that such programs are named after, the deception tricks people into granting crooks access to a computer.
ZOMBIES are computers that have been hijacked to perform commands and functions issued to them by the attackers, often without the owners' knowledge. They are typically infected by Trojans, a type of software that enables attackers to use them in a botnet. An infected computer is sometimes referred to as a bot — short for robot.
"Some [cybercriminals] in the U.S. are getting $2 million in restitution and 20 years on a deal," says John Schultz of Phonebusters. Here, theyíre not getting that in a full blown trial."
The net effect is that cybercrime is a relatively low-risk endeavour for crooks in Canada.
"Criminals arenít that dumb," says Bessie Pang, executive director of the Vancouver-based Society for the Policing of Cyberspace. "They can work out what are the chances of me being caught, and when I do get caught what are the chances of me having to pay for my crime. Itís a business equation."
POLCYB is looking for ways to step up the national fight against cybercrime without breaking the bank, specifically by building broad-ranging interdisciplinary partnerships whereby police agencies, government, academia and the private sector can share information and resources.
Law enforcement agrees with the strategy.
"Iím relying more on public-private partnerships," Fenton says. "The [frequently targeted] financial institutions and corporations need our help, and we need their help to solve this stuff as well."
Experts also say that fighting cybercrime has no simple "made-in-Canada" solution.
Transnational co-operation is essential to catch mobile and flexible bad guys who can change servers and cities at the drop of a hat. To that end, there is the Convention on Cybercrime, an international agreement designed to make it easier to investigate and prosecute cases across borders by harmonizing cybercrime legislation in different countries. Canada signed on in 2001, but has yet to ratify the treaty or put its provisions into place.
Finally, experts say, public education is ultimately the key to winning the battle against online criminal activity. Police say that the computer-using public must learn how to protect themselves, not just with firewalls and antivirus software, but also with simple common sense about things such as responding to spammed e-mails or giving banking information to unknown websites.
"When you arrest someone, thereís always going to someone willing to take their place," Phonebustersí Schultz says. "Youíre never going to catch all the bad guys, so the goal has to be to have the best-educated consumers in the world."
- Green machines
- Disk drive: Companies struggle with surge in demand for storage
- Open season: Will court decision spur Linux adoption?
- Analogue TV
- Video games: Holiday season
- Video games: Going pro
- Guitar Hero
- Parents' guide to cheap software
- Working online
- Laptop computers for students
- Technology offers charities new ways to attract donations
- The invisible middleman of the game industry
- Data mining
- Two against one
- The days of the single-core desktop chip are numbered
- Home offices
- Cyber crime: Identity crisis in cyberspace
- Yellow Pages - paper or web?
- Robotics features
- iPhone FAQ
- Business follows youth to new online world
- A question of authority
- Our increasing reliance on Wikipedia changes the pursuit of knowledge
- Photo printers
- Rare earths
- Widgets and gadgets
- Surround Sound
- Microsoft's Shadowrun game
- Dell's move to embrace retail
- The Facebook generation: Changing the meaning of privacy
- Digital cameras
- Are cellphones and the internet rewiring our brains?
- Intel's new chips
- Apple faces security threat with iPhone
- Industrial revolution
- Web developers set to stake claim on computer desktop with new tools
- Digital photography
- Traditional film is still in the picture
- HD Video
- Affordable new cameras take high-definition mainstream
- GPS: Where are we?
- Quantum computing
- What it is, how it works and the promise it holds
- Playing the digital-video game
- Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
- Online crime
- Botnets: The end of the web as we know it?
- Is Canada losing fight against online thieves?
- Malware evolution
- Money now the driving force behind internet threats: experts
- Adopting Ubuntu
- Linux switch can be painless, free
- Sci-fi projections
- Systems create images on glass, in thin air
- Power play
- Young people shaping cellphone landscape
- Digital cameras
- Cellphone number portability
- Barriers to change
- Desktop to internet
- Future of online software unclear: experts
- Complaining about complaints systems
- Canadian schools
- Multimedia meets multi-literacy age
- Console showdown
- Comparing Wii, PS3 and Xbox 360 networks
- Social connections
- Online networking: What's your niche?
- Virtual family dinners
- Xbox 360 console game
- Vista and digital rights
- Child safety
- Perils and progress in fight against online child abuse
- Biometric ID
- Moving to a Mac
- Supply & demand
- Why Canada misses out on big gadget launches
- Windows Vista
- Computers designed for digital lifestyle
- Windows Vista
- What's in the new consumer versions
- Cutting the cord
- Powering up without wires
- GPS and privacy
- Digital deluge
- Consumer Electronics Show
- Working online
- Web Boom 2.0 (Part II)
- GPS surveillance
- Hits and misses: Best and worst consumer technologies of 2006
- Mars Rovers
- Voice over IP
- Web Boom 2.0
- Technology gift pitfalls to avoid
- Classroom Ethics
- Rise of the cybercheat
- Private Eyes
- Are videophones turning us into Big Brother?
- Windows Vista
- Cyber Security
- Video games: Canadian connections to the console war
- Satellite radio
- Portable media
- Video games
- Plasma and LCD
- Video screens get bigger, better, cheaper
- Video games:
- New hardware heats up console battle
- High-tech kitchens
- Microsoft-Novell deal
- Lumalive textiles
- Music to go
- Alternate reality
- Women and gadgets
- High-tech realtors
- The itv promise
- Student laptops
- Family ties
- End of Windows 98
- Browser wars
- Exploding laptop
- The pirate bay
- Stupid mac tricks
- Keeping the net neutral
- PS3 and WII at E3
- Sex on the net
- Calendars, online and on paper
- Google, ipod and more
- Viral video
- Unlocking the USB key
- Free your ipod
- In search of
- Sony and the rootkit
- Internet summit
- Electronic surveillance
- RFID and privacy: Tracking your patterns?
- Nike+iPod could be used to track user: study
- Canadian coins bugged, U.S. security agency says
- CBC science section
- Online I.D. theft
- Computer security
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)