One of the things that spurred my support for Jack Conway for Attorney General was his promise to get tough on computer and Internet crime.
Below is a Cliff’s Notes version of the issues facing Conway:
Currently the primary Kentucky Revised Statue for dealing with computer crime is CHAPTER 434 OFFENSES AGAINST PROPERTY BY FRAUD.
This statute, which became law in 2002, is limited in its’ scope.
The most severe offense is:
(1) A person is guilty of unlawful access to a computer in the first degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, for the purpose of:
(a) Devising or executing any scheme or artifice to defraud; or
(b) Obtaining money, property, or services for themselves or another by means offalse or fraudulent pretenses, representations, or promises.
(2) Unlawful access to a computer in the first degree is a Class C felony.
Effective: July 15, 2002
History: Amended 2002 Ky. Acts ch. 350, sec. 2, effective July 15, 2002. -- Created1984 Ky. Acts ch. 210, sec. 2, effective July 13, 1984.
Greg Stumbo, the present Attorney General, has a Program on Cybersafety:
“Agents from the Kentucky Bureau of Investigation (KBI) are working to track down predators before they have a chance to harm children.
As Kentucky's top law officer, I have formed an i-Shield Task Force to get "cybersafety" information out to our schools and communities. This Task Force is composed of specially trained law enforcement officers from across the state who will help teach children and others in our community how to avoid Internet predators and other Internet dangers. We've also added this Cybersafety section to our website with online tips and information to safeguard your children from Internet threats including dangers such as cyberstalking and cyberbullying”.
Basically what is now being done is a limited education program and retired cops in the KBI pretending to be children to lure sexual predators into a sting operation. Both activities have value but more needs to be done.
The Current budget for Office of the Attorney General for Fiscal Year 2008 is $25,753,700, this does not include the funding for the Unified Prosecutorial System.
With this money the Attorney General funds the various Divisions:
Administrative Hearings Division
Child Support Enforcement Commission (CSEC)
Kentucky Bureau of Investigation (KBI)
Medicaid Fraud Division
Office of Civil and Environmental Law
Office of Consumer Protection
Office of Criminal Appeals
Office of Rate Intervention
Special Prosecutions Division
Uninsured Employers' Fund
Office for Victims Advocacy
A primary stumbling block in fighting cybercrime is the cost to the law enforcement agency.
From CIO Insight Magazine:
….when it comes to cybercrime, no one really expects law enforcement to keep up technologically with criminals—it's an arms race the criminals keep winning……
In that vein, in August the Senate ratified the Convention on Cybercrime, drafted by the Council of Europe with considerable input from the United States. So far, 43 nations have signed on. The Convention includes many sensible provisions aimed at unifying global computer-crime laws, and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore.
But civil libertarians, along with leading telecommunications companies, strongly oppose the treaty. Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located. If France is investigating a sale of Nazi memorabilia on eBay, the U.S. must cooperate, even though such transactions are not illegal in the U. S.
The treaty could wind up passing the costs of combating cybercrime directly to American businesses.
On a national level the Primary United States computer crime law is 18 U.S.C. 1030, Fraud and Related Activity in Connection with Computers.
Various agencies nationally and internationally can give you some feel for the scope of the problem:
United States Department of Justice
Federal Bureau of Investigation
Sometimes the problems even extend into Kentucky, like this story on Bot Herders.
The FBI has also charged numerous individuals with cyber crimes around the nation as a direct result of the coordinated operation, including:
Robert Alan Soloway of Seattle, Washington, is accused of using botnets to send tens of millions of spam messages touting his website;
James C. Brewer of Arlington, Texas, is accused of infecting tens of thousands of computers worldwide, including some at Chicago-area hospitals; and
Jason Michael Downey of Covington, Kentucky, is charged with using botnets to disable other systems.
What are the types of criminal activity Conway’s Internet Crimes Unit will need to address?
Here is a short list, some a lot worse than others:
Stalking of any kind creates serious danger and trauma for its victims. Frequently, stalking or cyberstalking takes place as part of a continuum of other crimes of sexual violence or interpersonal violence. Stalking is also used by perpetrators to harass and intimidate victims. Often stalking precedes kidnapping, homicide or sexual battery.
Hoaxes are either deliberate or unintentional e-mail messages warning people about a phony virus or other malicious software program. Some hoaxes create as much trouble as viruses by causing massive amounts of unnecessary e-mail, but most are simply annoying.
Impersonation fraud occurs when someone assumes your identity to perform a fraud or other criminal act. Criminals can get the information they need to assume your identity from a variety of sources, such as the theft of your wallet, your trash, the Internet or from credit card or bank information. They may even approach you directly in person, by telephone, or in an Internet chat room (social engineering) and ask you for the information.
The term "spyware" refers to any computer technology that gathers information about a person or organization without their knowledge or consent.
Most commonly, it is put on a computer to secretly collect information about the user that is then sent to advertisers and other interested parties. Spyware can be installed on a computer as part of a software virus or as the result of adding a new program.
E-mail spam is sent to individual users via direct e-mail messages. Spam mailing lists are created by stealing or purchasing Internet mailing lists, searching the web for addresses, and examining Usenet postings. Spam e-mail presents a monetary cost not only to users who use a time-measured Internet service, but to ISPs and on-line services that transmit these messages as well. These costs are then pushed directly onto subscribers.
The majority of the material located on the Internet and transferred through e-mail is adult pornography, and is protected by the first amendment of the United States Constitution.This material loses this protection however, if it includes depictions of child pornography.Child pornography is illegal to produce, possess or distribute under Federal law, U.S. Code 18 Part 1, Chapter 110 Section 2252.
Fraud is defined as the crime of obtaining money by deceiving people. Unfortunately the Internet provides an easy medium for facilitating this sort of criminal activity. Fraudulent criminals, for example, are able to use auction sites to advertise merchandise that does not exist. Unsuspecting victims will send payment only to receive nothing in return.
Phishing scams involve the distribution of 'spoofed' e-mail messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers, credit card companies, and other legitimate businesses. These fraudulent messages are designed to trick the recipients into disclosing personal information authentication data such as account usernames, passwords, credit card numbers, social security numbers, and home addresses. Most of these e-mails look "official," and as a result, recipients often respond to them, resulting in financial losses, identity theft, and other fraudulent activity.
In recent years, malware including viruses, worms, and Trojan Horses have become an increasing threat to both business and home users. Malware is used as a tool by hackers to remotely access computers as well as corrupt or destroy important data.
A virus is a computer program file that can attach to disks or other files and replicate itself repeatedly, usually without user knowledge or permission. Viruses attach to files in such a way that when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies or creates new files.
Worms are parasitic computer programs that self-replicate and spread, but unlike viruses, do not infect host program files. They are independent pieces of code that exploit known system vulnerabilities and often run malicious payloads - without the need for a user to activate them. A worm can be programmed to replicate itself multiple times on the same computer, or can send itself to other computers via the Internet.
Jack Conway has five items he needs to address immediately if he really wants to be effective in fighting cybercrime.
1. Internal Organization
Conway has already promised “I will create a specific Internet Crimes and Fraud Division of the Office of the Attorney General” This requires staff with the technical and legal expertise to be effective in this fight.
2. Cooperation with other Organizations
The Kentucky Attorney General’s Office can’t do it alone. The problem is international and needs bridge building to other agencies.
3. Enabling Legislation
The current statues do not address the multiple types of cybercrime. A new section of Kentucky Revised Statues is needed to address the crimes and the power of policing agencies to deal with the crimes.
4. Civil Liberties
When the Attorney General drafts enabling legislation, how are the rights of the individual protected while extending the powers of police authorities? Do we allow government agents to invade the privacy of law-abiding citizens and provide enough protection to fundamental human rights?
Money is always an issue. Simply put, the Office of Attorney General does not presently have sufficient funds to be effective in this arena. The budget, now being put together for the 2008 General Assembly, will be the first major hurdle Conway will have to jump.