Slashdot Mirror
Building a Global Cyber Police Force
dasButcher writes "One of the biggest obstacles to fighting hackers and cyber-criminals is that many operate in the safe harbors of their home countries, insulated from prosecution by authorities in foreign countries where their targets reside. As Larry Walsh writes in his blog, several security vendors and a growing number of countries are now beginning to consider the creation of a global police force that would have trans-border jurisdiction to investigate and arrest suspected hackers."
Arrest those pirates! (no, not the ones off the coast of Somalia, since that would make too much sense)
I foresee this running into a lot of problems. I mean, we can't even get a lot of countries to agree to ICJ (International Court of Justice) jurisdiction. How are we going to get them to agree to let people physically into their countries to investigate crimes and make arrests? Ain't gonna happen ... and this kind of thing is only effective if everyone signs up without reservations.
I don't see how this is a good thing.
It follow American laws - which most of us dont want.
The trouble with this, of course, is that one man's "hacker" is another man's journalist, or whistle-blower, or what have you.
Proverbs 21:19
Personally I think anything with "trans-border jurisdiction" is just asking to be taken advantage of. I like the seperation of government and jurisdiction, although I definately think that something like th UN should reform some of their policies on extradition. In any case, trans-border jurisdiction means jack squat if you cant get the local government to cooperate.
The real problem is the lack of international cooperation and extradition treaties that would cover not only cyber crime, but crimes of all sorts. Creating a hyper-focused solution for a narrow aspect of a broader problem is only going to create more problems, and ultimately erode more freedoms than the number of crimes it may solve.
Wouldn't that be Interpol? Sounds too much like big brother when someone asks for a police force that already exists. The bigger problem with hackers is they are hard to find regardless of which country they are in. Sure Iranian Hackers are harder to catch but with their bandwidth are they really a threat? Do we need yet another redundant police force?
who will prosecute the suspects? A criminal trial is expensive and ends up importing criminals to whichever nation chooses to prosecute. That's the reason that the Somali pirates get turned loose. A similar situation would arise for trans-border cyber crime. Everyone would hope that someone else would prosecute.
So if this is the future...where's my jet pack?
The teamamerica tag made me want to say this...
"Matt Damon..."
Except computer crime doesn't have anything to do with hacking and there's a whole world of unharmonious national laws.
Isn't that pretty much what the International Criminal Police Organization is supposed to do? It's the second largest intergovernmental conglomeration behind the UN, and has almost 200 member countries. Given that cyber crime is crime nonetheless, I'd hope that they were gearing up to be able to handle more and more of it. I feel like more than anything, the laws need to catch up to the criminals in these cases- or they aren't really criminals at all.
As long as America can vote away from this nonsense, I'm alright with the rest of the world doing what they want with their countries.
the MPAA, RIAA and other such scumbags getting in on this. Instead of catching real hackers, they go for the easy fish and arrest students and casual pirates.
Nowadays I don't have trust in any authoritative figure like this. They are usually backed by big corporations, that serve only corporate interests.
World-wide laws, coming soon from your New World Order dictators.
A global law enforcement agency just serves to usurp the rights of a nations citizens by rendering a nations laws harmless. While this may be in the best interest of large corporations, it is most certainly not in the best interest of the majority of internet users. This system will be abused, taken advantage of, and otherwise misrepresented to back the agendas and interests of organizations. Should this actually happen, which I highly doubt, I see a lot of innocent individuals getting crucified by this agency.
The problem here is not a lack of police with the jurisdiction to investigate and arrest suspected hackers. The subject countries have lots of those.
What's missing is a state willingness to prosecute, a willingness that won't change just because the cops are enforcers from Superpol. There is no reason to believe that the US, for example, would let a bunch of policemen from Europe and the Middle East come in and arrest US citizens on the basis of allegations that they broke some Saudi law. They barely tolerate Interpol, and those guys are just librarians.
When you balance the probable damage a "global police force" would do (is anyone naive enough to think that their mandate wouldn't be expanded?) against the damage that expatriate hackers do, the wise thing is to go with the hackers. The proper solution is the one already in place, and that's to have bilateral and multi-lateral extradition agreements.
Sending contract cops into a country that doesn't have laws against hacking may make good TV but the real-life consequences are much more complicated.
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
and the parallel holds, since the end of the real wild west consisted of the feds moving into lawless lands and taking over from vigilante, ad hoc systems of justice, just like this proposal. that was pretty much the historical end of the real wild west
so i'm waiting for the internet's version of "dodge city", where tourists can go and experience the vicarious thrill of driveby downloading, phishing exploits, nigerian email scams, and id theft, much like in the real "dodge city", gunfights at high noon and cattle rustling are now recreated for tourist's sake
"wow dad, i was browsing the dancing hamster website with the purple gorilla in the taskbar on the windows ME simulation, and like, i just got pwned! the simulation showed me as the payload modified the registry settings in the simulation! was it really like that in the bad old days?"
"that's right son, when your dad was your age browsing the internet, you always had your sidearm antivirus at the ready. craven desperate men and psychotic outlaws were always just around the corner, a click away. you had to deal with danger and treachery on a daily basis"
"gee dad, did you actually get an email from belarus claiming to be citibank asking for your security credentials out of concern for your security?"
"sure did"
"that's scary dad! how did the early internet pioneers ever survive in such a hostile wilderness. how did we ever make it this far?"
"sometimes i wonder myself son"
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Like the United Nations. But run by geeks, with member states actually paying their dues in a timely manner. Also, not despised and feared by the citizenry.
-kgj
You cannot impose yourself into someone else's country as their laws differ from yours. Calling it a "safe harbor" is a bit offensive. Like you want to poke them with a stick but local law, culture and geography doesn't allow you to do what you please with "them"..?
I'll start imposing my local laws on Americans. Then complain you wont allow me to proscecute an American, on American soil, under my terms. Say, I would be an Arab (I'm not) and I consider porn-watching criminal and punishble by death. (I've had to write a report on Saudi servers of a client once, where someone downloaded porn hoping we wouldn't login on those servers. Which became locally a criminal case punishable by death. No joke.)
As long you do not have a consensus, globally or the on what "cyber criminality" is, and the severity which it should be prosecuted and make it equally enforcable (legal backing) this is impossible. Once you have this consensus, globally, there would be no "safe harbor" anymore.
I think we can keep recursing like this until someone returns 1
I say we get Al Gore to form the world police. After all, he 'invented' the Internet and the Internet is an American invention. He might have more luck with doing this rather than herding people in climate change talks...
boom goes the dynamite....
put in jail those that already taken the obvious "cyberpol" name for their own purposes.
the U.S.A. was the world's cop?
Yours In Yasnogorsk,
Kilgore Trout
...intro to a comic book series. So dark, so dystopian. I would eagerly read the introductory issues to find out what hero or heroes could possibly stand up to such a corrupt international power with no oversight! Will the heroes be teens, merely human, or something else? Will they be born a hero, or become one out of circumstance. It really is an exciting -- wait, what. This is nonfiction? There is no hero? um...
If something is already illegal in a country A, we don't need more laws or services, because you can already arrest this man. If something is legal, he is allowed to do that in his country, even if that is not something other countrys like.
Also, thats not how the internet work. The internet work in "networks". If you have a problem with a student, on a university, you call the ISP / university. If you have a problem in other country, you contact the authorities of that other country.
-Woof woof woof!
I'm sure the top priority will be catching those EVIL copyright violators.
[Insert pithy quote here]
On the one hand malicious hackers should be killed. On the other, many of the most capable of them are believed to be closely tied to the Russian and Chinese (and Nigerian) governments, encouraged for both their ability to bring in monies, and for cooperation in state cyber-espionage goals. So the only usable model for international intervention may be the one currently used against Qaida in Pakistan - sending in American drones. Except Russia and China (and Nigeria) have rather more use for their hackers than the current Pakistani government has for its Qaida/Taliban ops centers. So they might just be a little touchy about drones taking out buildings in their big cities.
"with their freedom lost all virtue lose" - Milton
Another International Group planning to draw its power from ... enforcing something it probably doesn't fully understand... and punishing by means of... I'm in!
On a more serious note, is there a real life example of this concept actually working?
Through a combination of treaties, "cooperation" and now an entity for "enforcement", the realization of a one world government is coming to fruition.
Through the elimination of borders and consolidation of wealth and power, we will cease to see nations and will begin to see a single world, with a single government, a single monetary system and a single police force.
And it will all trace back to "we only did it in the name of securing the internet".
Thunderbirds are go!
Teach them cyber ne'er-do-well's what for, Brains!
Like the U.S. law in congress right now forcing foreign banks to provide all information related to American owning accounts internationally, close them, or have 30% of the bank's assets in the United States withheld.
How about the recent EU SWIFT information handover to the U.S.?
I could see the U.S. doing something similar with internet connections of ISPs that run through the U.S., or have buisness in the U.S. Perhaps they will withhold 30% of their bandwidth.
Living in Chile
I don't see any evidence that this is anything other than the fevered dream Kaspersky and DeWalt. Though I'm sure that won't stop the tin foil hat brigade from going into full on freak-out mode.
do NOT welcome our global police overlords!
Team America.
Seriously.
We all know how well that went...
How about first just doing something about the crimes? I've had good success with the UK police force, and the FBI (with some exceptions), but several other countries authorities have been painful to work with even in cases where there is solid evidence and the countries laws have clearly been broken. I can see how a law like this would help things, but just working on the cases based on current laws would already make a big difference.
i see you are feeding this weird mythology that governments and police are the source of criminal behavior in this world. the truth is that criminal behavior runs amok without some sort of police presence. of course a minority of police will always do bad things, but you're insane depiction of the wild west as crime free utopia until the government arrives is some sort psychotic delusion on your part
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
For a good read on the difficulties of tracking criminals through a global internet read The Cuckoo's Egg. It reads like a suspenseful spy novel but is entirely non-fiction.
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
So it must be good for everyone, not just their bottom lines
*Harrumph* on that shit.
We have a global police force: interpol.
First order of business should be to clear out Redmond. That's where the damage comes from. Microsoft is not a technology problem, it is a personnel problem. Get rid of the staff promoting, signing off on, or boosting Microsoft products (on both sides of the fence) and you kill off 99.9999% percent of existing malware and virtually all vectors for botnets.
The economy could use a $ 10 000 000 000 USD boost about now right? Of course. Get rid of Conficker and the others. The savings for the first year will be more than that.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I'm surprised no one has ever heard of InterPol, it is on every video casette, dvd and Bd you ever owned. The problem is countries other than the US have rights. No one is going to surrender those rights to allow a bunch of gun toting Americans cart blanch to fire at will.
Who will write the laws that this orginization enforces?
To whom will the law writers and this orginization be acountable?
What processes will exist for removing law writers and enforcers who do bad jobs?
What process will exist to appoint new law writers and enforcers?
These seem like rational questions.
Moderation : -1 Conservative Viewpoint
This sounds like the next super awesome Tom Clancy novel. John Clark will be all cyborged out.
If a country has a problem with criminal activity originating from another country's Internet users, simply block the offending country's address range at the border.
There is no choice anymore. You can’t go anywhere for asylum. The worst things that can be global, are governments, and police!
In my eyes this is heading straight to the end of all freedom by total global group-think. Either you follow it, or you go to jail (or die).
I can’t imagine anything worse. Ever. Even a nuclear war and being raped can’t beat that. Because with those things you at least die some day. (Which is a way of becoming free again.)
Any sufficiently advanced intelligence is indistinguishable from stupidity.
The problem isn't being protected from remote governments, its the tacit approval and involvement of the local government.
Russia, anyone? Do you think that cybercrime there doesn't involve FSB?
Will the Global Cyber Force have "Smash Action Kung-Fu Grips"? (along with a disclaimer in fine print that says "does not actually hack"?)
without them malicious hackers we would have never known about say ( estimate ) 70% of the known exploits.. think about what this means... 70% of the currently known exploits could have been kept silent by Corporations or Governments for Strategical puproses or monetary. Now Imagine a conflict between nations.. China vs the USA... ( think Code Red incident ) just imagine the chaos you'dt find yourself in.
Nah personally Id't rather have this kiddie stumbling onto a exploit and abusing it to DDoS his hacker buddies then a government sitting on a stockpile of unknown exploits.
... the global DMCA can be better enforced.
This whole government thing is a house of cards, held up by weak-minded followers, greedy leaders, and a clueless and apathetic populace. I wonder, really wonder, what a truly free human, who takes on obligations of his own free will and exercises his rights conscientiously, looks like. Wouldn't it be nice if we had a planet full of them one day?
Global police force?
The last time someone tried that, the Schutzstaffel endured much resistance and ultimately failed.
I suspect they would have as much difficulty today as then.
(It even starts the same with way, with some media moron(Berchtold) leading the Crusade)
Who the fuck needs the History Channel? Wait long enough and you get to see it all play out again, live...
Get them a couple of these to travel around in, the pilot might be named "Virgil", a secret base on an island, maybe someone named Penelope to head it all up.
That's a go!
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
How is this insightful? Look I hate the MPAA and RIAA more than anyone. But let's face facts:
Internationally the real piracy threat is people who are printing up fake CDs and DVDs with real-looking cases and everything.
On top of that, these organizations employ the same computer penetration techniques that would be policed by such a law enforcement agency.
Let's get real: When the MPAA or RIAA entertain such delusions of grandiosity that they explore avenues of international copyright enforcement, it has nothing to do with the Internet.
Once upon a time I used to think that having separate countries was the problem with this world. I see now that national borders are the only thing keeping us safe from tyranny on a global scale. I see now that we cannot be ruled by one single governmental entity and expect everyone to be treated fairly.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
vigilante justice is vigilante justice: no accountability. compromised positions (your brother owns the saloon that was shot up/ it was your head of cattle that was stolen/ etc). petty nepotism. corruption. a posse of yahoos acting as cop, judge, jury, and executioner is not justice
yeah, sure an improperly identified/ untried/ hastily executed cattle rustler may make for a quiet town, but its also an evil town
such that the imperfect but impartial imposition of federal justice is far, far superior. the level of injustice far, far reduced
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I think this is great news.
Since the USA is a safe harbor for war criminals they don't want to prosecute, and we have an ICJ for dealing with that, my question is: when are they going to agree to having the International Court of Justice as a court of law for the warcriminals they don't want to prosecute?
Or would it be that if the USA doesn't prosecute for some reason, it's the due course of law, but if another country does not prosecute for some reason (like, people doing things not being punishable in their country) it is because the country is a "safe harbor"?
Naaaah...
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Use the "clear thinking" tag.
Here's what you do instead of creating abusive "cyberpolice": you set up the system so that cheating is very difficult to impossible in the first place, through self-enforcing protocols and smart contracts. Distributed systems, like DHT and P2P, already apply this to some extent.
There is no need for yet another global police force of any sort. I neither need nor want anybody not of my nation having the authority to investigate me at the whim of... whomever. There is nothing wrong with having other countries' own police, on noticing a crime, contacting the police through established channels where the crime took place, and asking them to investigate and prosecute according to THEIR OWN LAWS.
No, the answer here is very simple. Those countries who refuse to co-operate and continually and knowingly shelter criminals using the internet to perpetrate their crimes (e.g., China, Russia, Brazil, Moldova) should simply be cut off from the global public internet, and not allowed back on until they can prove they are willing to behave. In most countries, we do nothing less when we proscribe a "cyber-criminal" from using computers for a period of time after being found guilty, and I don't see why we shouldn't do the same to countries who seek to profit off of other nations by blatantly sheltering criminal activity. Seems to me that would be a lot cheaper and more effective (much less safer to the rights of the citizens of each nation), as it would be a highly effective embargo and liable to have a major impact on commerce for both the smallest and largest of nations - exactly the thing needed to get them to take responsibility for themselves, rather than create another vector for legalistic abuse.
Can you really tell me that with such an international organization in place that it wouldn't be long before we start seeing criminal charges being placed in China and enforced by these cyber-cops because someone in Norway said something on a forum or IRC contrary to some official government party line? I don't favor the idea of being dragged to Iran for posting a picture on IRC that is a part of my guaranteed free speech here but proscribed there. You (and your nation) connect to the internet voluntarily. If you don't like what is on the internet, don't look at it or disconnect. Same with TV: at least in places where our media isn't state run, you have the option to change the channel or turn it off. As a result, if China or Iran doesn't like what's on the internet, they can get off it, and by the same token, if some nations can't at the very least comply with what the rest of the internet see as minimum basic acceptable behavior, they should be forced to deal with their own people in their own little walled garden until they realize how obnoxious those people are and do something about it. The value of neutrality and anonymity only go so far as they don't cause active, real, provable harm to others, at which point it becomes necessary to lift that veil and deal with such people - no one REQUESTS or knowingly volunteers to have their bank account hacked or to be packeted, and it's precisely when one's interaction with the internet ceases to be voluntarily that neutrality ceases to be a concern. This doesn't require people with badges who have no national boundaries and are subject to their own laws to go do something about it, simply the same thing that network operators have been doing VERY SUCCESSFULLY from day one: disconnect and ban the offending user. If that user is an entire nation, oh well. If the internet matters enough to the people of that nation, then perhaps those people will demand their government get their shit together and do something about it. If not, then obviously that country wasn't an important, useful or desirable addition to the global public internet in the first place.
"Inveniemus Viam Aut Faciemus" 'We will find a way... Or we will make one!' --Hannibal of Carthage
It's the Kemp-Kasten Ammendment:
http://www.nchla.org/datasource/idocuments/KempK8503.pdf
I imagine that this portion of the document might have something to do with it not being adopted, since it seems to contravene Roe v. Wade:
Of course, if you're the type who thinks that women should not have rights over their own bodies, and would force them into slavery as incubators, your view might differ from that of the U.S. Supreme Court. http://en.wikipedia.org/wiki/Roe_v._Wade.
China has signed onto that and onto other human rights conventions, yet still practices coercive abortion and sterilization. Peru also carried out a similar program under Alberto Fujimori's administration, which is why they've been trying to extradite him from Japan; Mexico continues a similar policy: http://www.libertadlatina.org/Crisis_Forced_Sterilization.htm
It's not politically correct to point out that this type of document isn't worth spit if it's adopted but not enforced, but it's nevertheless true.
-- Terry
I mean for God's sake, what possible objection could the US have against a treaty aiming to prevent the organised sale of children into slavery and child prostitution?
Because the US politicians want a supply of playmates for their afternoon naps between voting on legislation they never read.
Whats happens when the trace reveals the origin of the hack as the pla or the nsa ... thats right Rules dont apply in some cases .....
I imagine the people cooking up ACTA would love this idea.
"For a good read on the difficulties of tracking criminals through a global internet read The Cuckoo's Egg. It reads like a suspenseful spy novel but is entirely non-fiction." - by Temujin_12 (832986) on Monday December 14, @11:11AM (#30431982)
Excellent suggestion: I read it a few years back myself, & it was a DAMNED good read!
It struck me "personally", in a way. I state that, because I have a family member in the U.S. Military, as an officer & a gentleman, who was stationed @ (not @ the time of the novel though) @ Ft. Stewart near Richmond Hill Ga. (by Savannah GA.)...
(That was one of the compromised sites that this German/KGB group of hacker/cracker types invaded...)
That kept me reading, @ first - &, the rest of it later did, bigtime!
(Especially since it showed that no matter how much asking for assist that Cliff Stoll went thru, nobody was willing to help (well, @ least NOT until the U.S. Gov't. was shown that their military systems were compromised) & everyone from local, to state, to federal law enforcement agencies treated it all like a "big joke" & a bunch of b.s., largely).
AND?
Thank goodness for CSC/CIS students, in academia: I state that, because it was their "alternate/supplementary" logging system that was done as a summer project iirc @ the educational institution where C. Stoll worked that "saved the day" (or, rather, clued Stoll into SOMETHING FISHY going on) pretty much...
Without it?
The hacker/cracker types would probably still be @ it (students' alternate logging system wasn't "mirroring" the std. system that came with the OS' compromised (*NIX rigs iirc), & that started the ball rolling + was "Clue #1"). Pretty nifty trick w/ printer I-O was also used to track them as well... pretty "nifty" I felt @ least. Good book - should be MANDATORY READING for anyone interested in information security!
APK
P.S.=> Truth IS stranger than fiction, & this novel? Is pretty good proof of that much, imo @ least... apk