World: G-8 Countries Tackle Cybercrime



Officials and business executives from Russia, the United States, France, Britain, Italy, Germany, Canada, and Japan (G-8) have been meeting in Paris this week to discuss the issue of computer crime, dubbed "cybercrime." The unleashing of the "I LOVE YOU" computer bug earlier this month focused attention anew on the vulnerability of the Internet. If business over this new medium is to flourish -- as experts forecast -- it must also be secure. But how can this be achieved? RFE/RL's Jeremy Bransten reports.

Prague, 19 May 2000 (RFE/RL) -- The wonder of the Internet is that it is making the world a "global village" -- enabling people in the most remote locations to have the same access to information as their counterparts at the heart of the industrialized world.

The Internet also promises to revolutionize the way people and companies do business. Customers will be able to order goods and services through their computers wherever they are. In the United States alone, the Department of Commerce estimates that the value of goods and services traded over the Internet will surpass $300 billion by 2002. Already in the United States, the number of people going online -- that is, being connected to the Internet -- is doubling every 100 days, and Western Europe is not far behind.

But as Internet use grows exponentially, so too does cybercrime -- or at least concerns about it. The fact that the Internet is not controlled by any central authority is one of its greatest strengths. It allows individuals around the world to trade freely in information, unrestricted by local censors. But it can also give individuals the power to disrupt that flow of information for their own ends. Credit card fraud -- already a multimillion-dollar business -- has received a major boost from the Internet, for example.

Robert Wragg is a consultant for British-based Presence Limited -- a company that specializes in designing Internet web security systems. He says that while banks and companies often employ encryption software to safeguard their clients' credit card numbers, that information can become available to hackers if it is sent over unsecured Internet channels.

"You can set up secure-server systems that are basically owned by companies like banks that you can trust. But the problem with them is that the information occasionally goes out through areas of the Internet which aren't controlled, so you have to be sure that the information is going to be safe all along the route."

Two months ago, British police arrested two 18-year-old boys on charges of breaking into commercial Internet sites and stealing an astounding 26,000 credit card numbers. This week, Russia's Interior Ministry charged two hackers with making illegal purchases worth 18 million rubles ($640,000) using stolen credit cards. Overall, the ministry said the number of Internet-related crimes in Russia jumped to 200 for the first three months of this year -- more than all of those recorded for 1999.

Group of Eight representatives now gathered in Paris are attempting to draft a collective plan to make it easier to prevent and prosecute cybercrime. Earlier this year, after hacker attacks disabled many commercial and government websites in the United States, President Bill Clinton convened a similar "cyber-summit" of business executives and law-enforcement officials, to discuss how to combat such abuse. One of the results of that meeting was the establishment of the U.S.'s Internet Fraud Complaint Center.

Laws have already been drafted in many countries to allow the prosecution of Internet fraudsters. But the Internet's global nature means a single cybercrime often involves several countries and jurisdictions, which complicates prosecution. This month's "I LOVE YOU" virus was launched from the Philippines, where there is no Internet legislation. So even though the bug damaged hundreds of thousands of terminals in scores of countries around the world, the perpetrators may never be tried.

Wragg says the G-8 countries and other states can remedy the situation by removing legal barriers to prosecuting hackers and agreeing on the issue of jurisdiction. But he says any effort at this week's Paris meeting to create new international enforcement agencies to police the Internet is bound to fail:

"The problem with these supranational bodies is that they tend to be very slow to react, and the Internet is a very fast-moving medium. It's a question of jurisdiction -- being able to track down these people. Because if people in the Philippines can only be tried under Filipino law, then what about the damage they've caused worldwide to all these thousands or hundreds of thousands of computers?"

The "Christian Science Monitor" -- a leading U.S. newspaper -- reports from Serbia this week that Belgrade teenagers have found a new pastime: ordering books, clothes and CDs from U.S. websites using stolen credit card numbers. Because Serbia does not cooperate with Interpol or other international law enforcement agencies, the city's Internet cafes have become a haven for such transactions.

Companies hit by Internet fraud or malevolent hackers are often reluctant to publicize the fact, fearing damage to their business reputation. After all, how confident will future legitimate customers be in handing over their credit card numbers and other personal information to Internet businesses perceived as vulnerable?

Until governments prove they can protect global consumers in a way that will not impinge on civil liberties, the Internet is likely to remain a wonderful communication medium -- but a limited tool of commerce.