Cyber-World at Risk

What do a bank in Antigua and money transactions made from Russia have in common with two miscreants from Sweden and Argentina? Each helped bring the justice and interior ministers of the major industrialized nations to Washington earlier this month to achieve a united front against computer crime.

“Computers and networks are opening up a new frontier of crime. Criminals are no longer restricted by national borders,” Atty. Gen. Janet Reno said after meeting with ministers from Japan, Great Britain, Germany, France, Russia, Italy and Canada. Unfortunately, the agreements that were reached were vague and late in coming.

By one estimate, a single category of computer crime, commercial espionage, by itself costs big corporations and government agencies $100 billion a year in the United States alone. Law enforcement officials also warn that more and more illicit profits are being laundered through computer networks by crime and drug cartels.

To combat this, the December meeting of the G8, as the major nations are known, proposed 24-hour international contact to help nations quickly track down computer criminals. Some measure of that has been in operation for years in law enforcement. There was also a vague promise “to train and equip enough law enforcement officers.” The meeting’s best proposals will be the most difficult to implement: extradition agreements, stiffer punishment for high-tech crimes and the addition of computer crime agreements to other negotiations.

It’s easy to illustrate the need for an international system. The self-named “Demon Freaker” broke into 911 emergency systems in the United States and planted fake emergency calls. Over a period of two weeks, he tied up legitimate 911 calls in 11 Florida counties from a computer in his bedroom in Goteborg, Sweden. In another case, Julio Cesar Ardita broke into a Harvard University computer and then into sensitive U.S. military and NASA computer files, all without leaving Argentina.

A Swedish prosecutor wanted to charge “Demon Freaker” with a serious crime, perhaps even sabotage, but current Swedish law didn’t include such options, and the cyber-vandal got off with a fine of only $350.

The U.S. case against Ardita did succeed, but only because Ardita (whose father is a consultant to the Argentine Congress) was pressured to waive extradition and admit guilt. Argentina’s extradition policy with the U.S. does not cover high-tech computer crimes, a common omission even among allied countries.

Better international enforcement has to be coupled with better security. Just this year, a national FBI survey found that computer systems had been breached at 49% of the 563 businesses that were polled. The average financial loss from each attack was more than $400,000. And the Pentagon reported that interlopers had managed to break into U.S. military computers in 65% of 250,000 attempts. That’s cause for alarm, even though most were harmless intrusions.

The fledgling world of electronic commerce is also vulnerable. One continuing investigation involves an electronic bank heist accomplished in 1994 from St. Petersburg, Russia, with a cheap laptop computer. In that case, the hacker broke into Citibank customer accounts and transferred about $10 million to accomplices in the United States, Finland, Germany, Israel and the Netherlands. A suspect, Vladimir Levin, was finally extradited to the U.S. in September to stand trial. Authorities are still not sure exactly how the crime was orchestrated, and the investigation remains open.

A more recent operation billed itself as the world’s first electronic bank, headquartered in Antigua. Foreign and U.S. officials offered only a few tepid warnings about the “bank,” which promised depositors ridiculously huge returns. By the time an official fraud alert was issued, the bank’s directors had fled with tens of millions in deposits. Even when fraud is strongly suspected, it is difficult to get governments to respond quickly and in concert.

The G8 effort to standardize laws, improve cross-border investigations and reach more extradition agreements indicates that nations are taking computer crimes seriously, at last. And binational efforts to cooperate in prosecutions are an incremental help. But these efforts will have to be accelerated. Nations must reach broad international agreements, tied to issues of trade and foreign aid, to gain enough digital speed to catch up to the cyber-criminals.