Villains Get Caught Online
Technology Is Cyber-Crime Fighters’ Weapon of Choice
Throughout the 1930s and ’40s, popular comic strip sleuth Dick Tracy fought off surreal villains with the aid of high-tech gadgets.
These days, law enforcement agencies and companies are using technology to fight a new type of mysterious crook , cyber-criminals.
These villains, who usually go by code names, commit every cyber-crime imaginable, from credit card fraud to breaking into and destroying computer files to child pornography.
Computer specialists and law enforcement experts admit cyber-crime will never be completely deleted. But they say the advancement of technology, combined with increased cooperation between law enforcement and the industry, will help decrease it.
“Five years ago we saw the hacker as a joy rider,” said Tom Perrine, manager of security technologies for the San Diego Super Computer Center at UCSD. “Now you have to think about state-sponsored espionage; we have the idea of hackers for hire, hackers with a cause, eco-hackers, anti-war hackers. Anybody with a cause can go online and raise a ruckus.”
Perrine said novice hackers can even download hacking software from the Internet.
“We call them script kiddies, people who don’t know what they’re doing and don’t understand the possible consequences.”
– Hackers Who Know
What They’re Doing
There are many people, however, who know exactly what kind of crime they are committing. Take, for example, Rancho Santa Fe resident Jonathan Bosanac, who recently pleaded guilty in San Diego federal court as the ringleader in one of the biggest computer hacking cases in the United States.
The 27-year-old, who went by the online name “The Gatsby,” was part of a national hacking group called “The Phonemasters,” who used their home computers to break into phone systems like AT & T; Corp., Sprint Corp., MCI and Atlantic Bell, and download thousands of calling card numbers, access confidential credit reports and sell them.
Most cyber-criminals, however, are hard to catch and convict.
One reason is a lack of federal laws geared toward computer crime, some experts say.
“We don’t need much in the way of new laws,” Perrine argued. “Fraud is fraud and theft is theft , it doesn’t matter if you use a gun or a computer.”
Perrine did say cyber-crime is hard to squash because it’s an international problem.
“We’re going to need a lot more international cooperation. Some countries just really don’t care. Some countries are trying really hard. What we’ve seen, as the Internet spreads, computer crime moves with it.”
– Taking Advantage
Of Weak Systems
Perrine said hackers take advantage of and break into weak systems in other countries.
“Those countries don’t have any law enforcement infrastructure to deal with this stuff,” he said.
Perrine said encryption is the key to preventing cyber-crime.
“We have to have encryption. It’s the basis of privacy and security.
“Unfortunately we haven’t done a very good job at making it accessible and understandable,” he said about encryption. “People need to become informed. They need to ask their service providers, ‘What’s your privacy policy?’ The market needs to tell these people, ‘You need to do a better job.'”
Perrine said until security becomes a selling point, companies won’t spend as much money as they should on computer security.
– Computers Also
Need Safety Features
He pointed to seat belts, air bags and anti-lock brakes, which have become selling points for the automotive industry.
As for the computer industry, consumers need to insist on better software for their home computers, Perrine said.
Combating cyber-crime has become a little easier because of industry and law enforcement partnerships, he said.
“There’s a lot of discussion about computer crime compared to five to 10 years ago when people weren’t talking about it,” said Perrine, who receives about 300 E-mails a day involving computer crime.
He pointed to local organizations such as the San Diego Regional Information Watch, launched to encourage communications within the industry; and the High Technology Crime Investigation Association, which brings together law enforcement and industry leaders.
“Five years ago, we realized system administrators didn’t know how to talk to law enforcement and they didn’t know how to talk to us. This has put San Diego five years ahead of any other city,” Perrine said about forming the later organization.
– Computer Industry
Lends FBI Assistance
Although the FBI has its own squad of cyber-sleuths, the law enforcement agency is happy to work with industry on fighting computer crimes.
“The FBI has taken a very proactive approach at staying at the forefront of this type of criminal act, but obviously we have limited resources,” said Randall Bolelli, special agent with the local FBI cyber-crime unit.
Bolelli was one of the first agents assigned to the cyber squad, which was officially established in June 1998. Nine agents are assigned to the local unit. The FBI has 12 such computer crime squads around the nation.
The cyber-squad unit is part of the National Infrastructure Protection Center, an interagency, public-private partnership made up of representatives from the FBI, the Defense Department, state and local law enforcement and private industry.
“We invest as much time as we can in training, but our biggest problem is trying to stay technologically ahead,” Bolelli said about the FBI. “Equipment is outdated within six months.”
One way the FBI has tried to stay in tune with technology is through its new agents, most of whom are fresh out of school.
“One of the benefits the FBI has had recently is we’ve had more hires in recent years,” Bolelli said. “They have the latest and greatest grasp on what’s current on the Internet.”
– Insiders Generate
Many Cyber-Crimes
He said the bulk of cyber-crimes come from insiders, i.e., disgruntled employees.
Bolelli said one way companies can help prevent computer crime is to do their homework and be prepared before launching into cyberspace.
“Security, before, was an afterthought. But now people are beginning to think more about security.”
In order to create a closer relationship with industry, the FBI has established the National InfraGard Program. The pilot program began in Cleveland in 1996 when the Cleveland FBI field office asked local computer security professionals to determine how to better protect critical information systems in the public and private sectors.
The FBI is working on establishing an InfraGard program in San Diego next year.
– Consumers Also
Take Responsibility
Bolelli said preventing cyber-crimes isn’t just the responsibility of law enforcement and industry. He said consumers must also help by arming themselves with knowledge and common sense.
“People have to understand that when they’re using the Internet they’re putting information out there. I think sometimes people think just because they’re looking at a computer screen that there’s no chance that somebody else can get in.”
Bolelli said consumers who purchase goods and services online must make sure they’re buying from legitimate and reputable companies.
One San Diego company, eHNC, is making E-commerce transactions safer.
In late March, eHNC introduced eFalcon, a special fraud detection software that monitors online transactions.
“The software looks at hundreds of different pieces of information that the merchant can send to us that the prospective fraudster types in,” said Wesley Wilhelm, director of consulting for eHNC, a division of HNC Software.
– How Detection
Software Works
He said some of the data the software captures includes time of day, bill to address, E-mail address and what’s being ordered.
“We take all of that information and run it through our neural networks. Then it creates a picture of what looks like fraud and what doesn’t look like fraud.”
The merchant is then given a score. The higher the score, the more likely the transaction is fraudulent.
All this is done in a matter of sub-seconds, said Wilhelm, co-creator of eFalcon.
He said many cyber-criminals are taking advantage of merchants who are new to the Internet.
Wilhelm also pointed out many E-commerce companies stop selling their products to certain regions with high fraud rates, which could greatly affect their sales.
“We allow them to start selling in those areas again.”
Fraudulent electronic commerce transactions account for more than half of the total $32 billion in annual fraud in the United States, according to PriceWaterhouseCoopers.
Six million Internet users claim they have fallen victim to credit card-related fraud, including unauthorized use, according to a national survey by the National Consumer League.
Forrester Research reports the market cost of misdirected shipments due to errant ship-to-address information could exceed $135 million this year.
To help decrease these numbers and to create more awareness about E-commerce fraud, eHNC co-founded the Internet Fraud Prevention Advisory Council. The council identifies Internet fraud trends, develops and reports on case histories relative to Internet fraud, and collects data and statistics about Internet fraud and its prevention.
“We can make fraud go away but the cost is too high,” Wilhelm said. “The way is to absolutely sell nothing (online). That’s not going to work.
“So we’re going to make it harder and harder for the fraudsters.”
Partnership to Develop Online Car Configuration System
CarPrices.com, Selectica, Inc. and JATO Dynamics, Inc. announced a partnership to develop and market Select-A-Car, a pre-packaged, online car configuration system.
Under the terms of the agreement, the three companies will jointly develop Select-A-Car and license the solution to automotive manufacturers, dealer networks, Internet portals and other auto-focused E-businesses.
The system guides consumers to the make, model, and specific features they desire, while ensuring that buyers are presented only with vehicles that can actually be delivered.
The system combines San Diego-based CarPrices.com’s interface; Troy, Mich.-based JATO’s database of manufacturers specifications and options for each car model; and San Jose-based Selectica’s Internet selling system. The selling system features needs analysis, product configuration, pricing, quoting and comparison shopping capabilities.
Buyers will be able to customize vehicles and see a picture of the selected auto. The image will change as the consumer selects specifications. The system will have a constraint engine to make sure that the buyer only configures cars that can actually be built and sold. The configuration can then be saved as a quote that the buyer can print and send to the appropriate dealer or E-business.
TRW Implements E-Library
TRW Space & Electronics Group has implemented an E-library from San Diego-based Cutting Edge, which offers high-capacity storage and networking solutions.
The library allows TRW staff to access a document warehouse of graphics, photos, text and drawings that are necessary for product design and technical analysis. The electronic library was set up and installed in one day, and stores more than 3,000 paper documents on CD-ROM servers.
