F-Secure Calls For "Internetpol" To Fight Crimeware

KingofGnG points out F-Secure's Q3 2008 security summary, in which its Chief Research Officer Mikko Hypponen proposes establishing an "Internetpol," an international organization empowered to target and root out cybercrime anywhere in the world. Hypponen gives examples of why such a supernational force is needed — and these are not hard to find — but provides few details about how such an outfit could get started or how it would work. He does mention the wrinkle that in some countries malware writing, cracking, spamming, and phishing are not illegal or not prosecuted. Is an Internetpol even possible, let alone practical?

Re:What kind of crime would it fight?

[GrpA]

You're thinking of the events that were detailed in "The Hacker Crackdown" aren't you?...

I'm not saying your wrong, but please re-read my post. I'm saying that a lot of the time, the police are expected to do this because it's their job, except they don't know where to start, which leads to the situation that they can't actually be certain it *is* their job. So they don't do anything.

It doesn't matter if it crosses state or even federal or international lines...

Only committing crimes in another state from your home state is an old trick to avoid the attention of law enforcement. It only works for a while - the police know how to deal with this.

Imagine this. Someone in your state is breaking the law. You report the details to your local police. They arrest them.

Now consider - Someone in another state is breaking the law. You report the details to *their* local police. They arrest them.

See the difference? You can achieve that without being a police officer - but it does knowing who to contact and what to tell them. Giving them an IP address isn't enough. What they are looking for in *evidence* of a crime they can understand. Send them details of which crime is being broken, so they don't have to work it out themselves, and they know it's something they are responsible for.

Speak to their ISP in advance, explain the situation, get the ISPs contact person and let him know his local police will be in contact to collect the evidence. Most ISPs will co-operate that far - to wait for a request from the local police for information.

Learn about evidence collection. Learn what police need to do their job.

That makes all the difference in the world.

And it is the local police's job to do this. Are you some multibillion dollar exec? No, well how can you seriously expect the secret service to do this for you? Seriously?

Do you think I go and call ASIO (I'm in Australia) or ASIS everytime I find graffiti on my car?

Finding my computer's been hacked is no different. Just because they employ people in secret intelligence organisations who understand the situation doesn't make it their problem... You're a small victim, that's what the local police are there for.

GrpA

Re:What kind of crime would it fight?

[Antique+Geekmeister]

You've apparently not dealt with the police nor the laws on fraud, because you state:

> It doesn't matter if it crosses state or even federal or international lines...

This is amazingly wrong. As soon as it crosses the borders of your local police force's jurisdiction, they *must* escalate it to the authority that covers both jurisdictions, or they have little hope of getting a prosecution. This is from my direct experience with spammer and phishing fraud, and DOS attacks against systems I've dealt with. The local police on each end say 'oohhhh, we can't do that' and pass it to the FBI who completely ignore it. This is with names, dates, times, places, and a careful list of exactly what records they need to subpoena to collect the evidence for conviction. The local police on each end simply will not act.

And I expect the Secret Service to do this, for example, because they are the enforcement arm of the US Treasury: fiscal fraud is what they do (or are supposed to do). Guarding VIP's like the President was added to their responsibilities in the 19th century, but their role as fiscal agents is older, and it remains part of their charter.

Re:What kind of crime would it fight?

[GrpA]

Yes, I have dealt with federal matters, and it's amazing how the same issues that affect whether or not police will take on your complaint occur at all levels.

I did speak to the federal authorities. I did track down the people whose task it was, and I found out what they needed.

It's a bit like chinese whispers. "I can't do anything if XXXX doesn't do their job." They will tell me that, but they won't tell XXXX directly. (XXXX Being a person, agency, official, whatever). I became the "connection" between them, relaying commitments.

So I did the rounds, learned what they required (specific only to my case) and got them all to agree to what was basically an open-ended commitment. THe problem is that they couldn't discuss anything with me - since they all recognized I had no authority and privacy laws got in the way, but wouldn't start bothering their counterparts to request help, because they couldn't tell their counterparts what was going - they didn't know how to.

However, I could get them to commit to speak to XXXX, if XXXX was prepared to help, so I called *all* the XXXXs and explained the situation, and sent the details through to all of them. The XXXX's were Federal Police, State Police and Telecommunications Regulations Enforcement authorities.

Once I had them all committed, I simply became the "co-ordination" point for the exercise. I learned everyone else's role and broke the task down and sent the appropriate information to each person that was relevant to their job.

The result? As soon as they realised I had handed them a case ready to close, with all the contacts agreeing to their role, they moved immediately. The whole thing took about an hour.

In that case, I had made a slight error with regards to the law that was broken, and they called me back to let me know they couldn't actually prosecute and were helpful enough to provide additional information I needed to know to close that loophole with the way my network was set up ( Guest access can be a real issue - if you let people in, proving tresspass is impossible ).

They also provided a committment to back me up in the future if it ever happened again.

True to their word, they did the next time and I caught the guy. He was prosecuted successfully, although the next time, it was local, so I didn't need to coordinate as many people.

So please, consider my point. You need to co-ordinate *everyone* and make sure they know you have a reasonable chance of prosecution and that you've lined up your ducks, or they won't get involved.

It's no different for a cop doing that job. They need to get everyone involved too. Basically they still have to go through the same process.

Most people will do their job and help you if you remove all the obstacles first. In a perfect world, they would move their own obstacles as well, but hey, if it's your problem and affects you, it's up to you to decide how committed you are to solving it.

GrpA