Cybercrime cooperation advances

Christopher Painter, principal deputy chief of the U.S. Department of Justice's Computer Crime and Intellectual Property Section, attended the G8 24/7 High Tech Crime Network meeting last week in Rome. The network started in 1997 with the G8 countries, which exchanged details of law enforcement officials who could help preserve electronic evidence for officials in another country investigating a trans-border cybercrime case. Since then, the network has grown to 45 countries, improving the ability of officials to fight burgeoning computer crime.

Painter spoke with IDG News Service on Monday in London on what was accomplished at the last meeting and the latest computer crime trends.

IDG News Service: How did the G8 24/7 High Tech Crime Network come about?

Painter: In 1997, the G8 had their ministers of justice and interior come together and create a 10-point action plan and 10 principles in combating cybercrime. One of the things that came about was trying to set up a cooperative network realizing that things move quick in cyberspace and often quicker than some of the formalized processes allow. Data is very transient and ephemeral. So the idea was to try to set up a network of informal points of contact. It's essentially a directory, a way to reach cybercrime experts.

IDGNS: How large is it now?

Painter: By 2001 it had grown to approximately 18 members, and now it has grown to 45, including the addition of six new members in the last year. We have countries represented now from all continents [except for Antarctica]. There are a couple of countries from Africa who joined this past year and countries from South America.

IDGNS: What's the process for sharing data?

Painter: In a case of either a cyberattack or a case where cyberevidence is involved, they can call another person on the contact list and that person can hopefully at least preserve the data while you take the more formal steps.

IDGNS: What sort of activities did you focus on at this year's conference?

Painter: This time we provided some more substantive training, such as on botnets, and working on ways to tie the network closer together. There were people from the U.S. talking about various types of malicious code, and people from the U.K. -- the Serious Organized Crime Agency. Italy was running a training session. There were a lot of countries involved in doing the training. That worked very well.

IDGNS: In what countries do you see cybercrime growing?

Painter: That shifts over time. There have been some Eastern European countries that have been really taking this seriously -- Romania and others who are identifying this as a problem. But I think it's going to continue to shift, depending on the type of crime you are talking about. That's why we are encouraging all countries to have the operational ability, like the 24/7 network.

IDGNS: With a constant churn of new online scams, how do you prioritize what cases you pursue?

Painter: It's a triage process. We have to look at it as far as how serious the harm is, how fleeting the evidence is going to be, so it's really going to be a case by case basis.

IDGNS: What's the greatest threat right now?

Painter: Phishing continues to evolve in different ways. Botnets still are the hot ticket. Zero-day vulnerabilities are certainly a concern.

IDGNS: Do you think hackers are paying attention to stronger law enforcement efforts and more prosecutions?

Painter: I think there's more deterrence out there than there's ever been before because there are two things happening. One, people are seeing that cases do get prosecuted. Two, I think the public opinion has changed. Once hackers were regarded as playful villains they like to admire. Now when they see their own personal information, identity and money being taken from them, that attitude has changed.