Cops see little hope in controlling computer crime

Encryption, anonymity, and the jurisdictional problems posed by a global Internet are quickly turning from small headaches to full-blown migraines for local, state, and federal police forces.

"It's hard to predict where we will be in 10 years," said Scott Charney, chief of the computer crime and intellectual property section of the U.S. Department of Justice. "But there are going to be all sorts of birthing pains." Charney gathered here with other computer-savvy law enforcement officials to attend an international symposium on criminal justice issues at the University of Illinois at Chicago. The symposium focused on high-tech crime, cyber-terrorism, and information warfare.

Invisible criminals
Law enforcement officers say one of their biggest challenges paradoxically remains knowing when a crime is committed.

According to the General Accounting Office, there were 250,000 attempted break-ins at the Department of Defense in 1995. NASA estimates that crackers -- hacker criminals -- broke in to over 120,000 of its systems in 1996. Yet, few of those incidents are detected, much less reported. When DOD hackers broke into their own servers in 1996 and 1997, they attacked 38,000 machines. Only four percent of the incidents were detected. Out of that number, only 27 percent of detected break-ins were reported.

"We will get better," said Doris Gardner, an investigator with the National Infrastructure Protection Center, a new federal agency established to fight computer crime. "We need to educate -- to work better with each other."

Pandora's box
Yet, even as law enforcement is educating itself on the challenges ahead, experts here said cyber-criminals continue to refine their abilities.

According to the DOJ's Charney, the number of cases involving encrypted data climbed from three percent in 1996 to seven percent in 1997. If that trend continues, he said, the only tactic left for law enforcement is to increase its surveillance capabilities.

"If privacy advocates get their way on encryption," said Charney, "they may not be happy."

With no way to read into encrypted electronic documents, he added, the FBI and others will have to rely on capturing the evidence at the source. "And that could really decrease privacy."

Even so, there are other ways around encryption. In 1996, when an ISP reported that its system had been cracked, all FBI leads ran into brick walls. Luckily, the cracker, Carlos Salgado Jr. -- who had stolen over 100,000 credit card numbers worth more than an estimated $160 million -- found a potential buyer who suspected his credit card was one of the ones on the block to be sold. The "buyer" contacted the FBI and became a cooperative witness in the case.

Despite Salgado's extensive use of encryption -- both his e-mails and the actual credit-card data were encrypted -- the FBI had no problems collecting evidence, because their witness received all the codes from Salgado.

Luck, or a trend? It's too early to tell, but Gardner, for one, seems positive on the FBI's ability to prosecute. "If we know about it," she said, "we can usually prosecute it."