http://emagazine.credit-suisse.com/app/article/index.cfm?fuseaction=OpenArticle&aoid=186816 By Franziska Vonaesch Editor 14.05.2007 The National Coordination Unit for Combating Internet Crime (Kobik) has been online since January 1, 2003. Kobik acts as a center of competence for the public, official bodies and internet service providers on legal, technical and crime-related issues. Practice shows just how competent it is. The Federal Office of Police, Department IMC, Section OSINT/Kobik Monitoring. Even its name reads like a code. Its unobtrusive premises are located in a residential zone near the Wankdorf Stadium in Berne. Those who want to come inside need a special pass. Here - behind closed doors - investigators scan the murky waters of the internet. They're on the lookout for all kinds of criminal offences. For example, the distribution of hardcore pornography and violent images, white-collar crime of various kinds, extremist or racist statements, copyright infringements, illegal arms trading and - since April 1, 2007 - spam. White-Collar Crime is on the Rise In 2006 Kobik received 7,345 tip-offs from the public. 40 percent of the contents are hardcore pornography including child pornography, 24 percent spam, 9 percent pornography in general, 4 percent white-collar crime, 2 percent copyright infringement and 1 percent racial discrimination. The steady rise in white-collar crime is striking - the figures double every year. "White-collar crime on the internet" is a very broad term that covers a multitude of offences: "phishing", money laundering, fraudulent escrow services (internet fiduciary services), misuse of credit card data, illegal data acquisition and countless other types of fraud. All the criminals behind these offences work in the same way: They spy on internet users in order to line their own pockets. This is a serious problem for banks and other financial institutions in Switzerland. Software Looks for Clues Nine members of staff at Kobik are responsible for uncovering criminal activity of this kind. They work in three separate areas: Monitoring, Clearing and Analysis. They are supported by all those who use the appropriate form to provide information about suspicious internet content. "Every tip that we receive appears immediately on the screens of the five Monitoring staff," explains Roger Kffer, Head of Monitoring. Initially the reports are processed by a special program. The software saves the reported data and automatically finds out which computers are being targeted via a particular address - and, most importantly, who is registered as responsible for the computer. "We only follow up cases that have a link with Switzerland." This means either that the "suspicious" computer is located in Switzerland or that the address is registered in the name of a Swiss citizen. Reports that point to foreign providers are passed on selectively to the countries in question. Spam: When Victims Become Offenders Around 20 percent of all messages received are spam. There is a new spam analyzer for tip-offs of this kind under kobik.ch. This tool identifies the relevant internet provider at the press of a button. If the provider is Swiss - Cablecom for example - the victim can report the case to Cablecom. Providers are obliged by law to prevent unsolicited mass advertising. "This analysis tool gives users the opportunity to defend themselves and shows them where they can get help," summarizes Kffer. But users aren't just victims - often they are offenders without even knowing it. The user's computer can be hijacked and infected with viruses or Trojan horses. Each time that the PC is switched on, it automatically transmits spam messages - you could almost say "by remote control." A network of these infected PCs is known as a "botnet." Chat Forums Deliver Tip-Offs The name "Coordination Unit" doesn't really do Kobik justice. "A key part of our day-to-day work is generating cases." "Generating" in this context means actively searching the internet for criminal activity. The topic is clearly prescribed by the body that governs Kobik's activities: child pornography. It's immediately clear that network and research specialists are at work here. "We know exactly what we're looking for and where to find it." However, the investigators don't have an entirely free hand. Monitoring is only permitted in the public sphere - password-protected areas are off limits. Entrapment is also forbidden - as is investigation under false pretenses. The monitoring of chat forums therefore requires a great deal of time and sensitivity. "We know and observe that a great deal of illegal activity goes on in chatrooms and therefore work closely together with the chatroom operators. Bluewin, for example, has more than 300 volunteers who monitor chatrooms intensively." Any suspicious activity is then reported to Kobik. Patrolling the Data Highway But where do most incidents occur? "Mainly in peer-to-peer (P2P) networks." "Gnutella," "Fast Track" and "eDonkey" for example are well-known P2P networks. Countless images and other items of information - including child pornography - are passed along these sections of the data highway. "Here we pick up between 30 and 40 cases per month." Kffer demonstrates how quickly and irrevocably a blow can be landed - even though there are several million surfers on the net at this moment. He enters his query based on its relevance to Switzerland. He keeps the search term secret - this is inside information. The list of hits is long and misleading at first glance, because not every hit points to an offender. Figuring out who is an offender and who is not is a key part of the work. Experience helps. Suspicious activity. Now what? After all the tip-offs and suspicions with a link to Switzerland have been secured in a form that can be used in court, the dossiers are passed to Kobik's Clearing unit. These three employees check the reports to determine their relevance under criminal law and then pass the suspicious cases on to the responsible prosecuting authorities in the cantons. Over the past year Kobik has examined 280 suspicious cases, 79 percent of which were taken further by the police. That's around 221 arrests over the year. In other words, Kobik's nine employees uncover one offender every second day - "clerical work" that's really worthwhile. Related Links: www.kobik.ch _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 16 2007 - 23:47:45 PDT