Feedback from the 2nd Annual South African Cyber Crime Conference

This cybercrime conference was held at the Institute for Security Studies in Woodstock Cape Town on the 29^th and 30^th November 2011. Although we all see cybercrime as a separate division of law, it seems now that it is so large that various specialities within the main subject are emerging, making it difficult for law enforcement to curb the massive wave of cybercrime.

What I found refreshing at this conference was the fact that at the concluding phase of the conference, attendees and speakers were taking down action points to research and report back to the audience, so that there is a definite call to action to resolve topics to control cybercrime in South Africa.

The following points are taken from the speakers notes to give you an overview of the conference, but if more information is needed please contact Sizwe Snail, the event co-ordinator at ssnail@Snailattorneys.com or call him on 012 362 8939.

Speaker:
Maicibi Nok Alhas, General Secretary of ACCP, Kampala

Topic:
Africa, My Africa:  Modern Tech And Cybercrime In Perspectives

Says that the only way forward is to address the following aspects:

• Training
  • Acquisition and exchange of knowledge
  • Enhancement of existing practices.
• Regional cooperation
• Harmonisation of legislation
• Domestication of Conventions/protocols
• Collaborative research and sensitisations
• Include Cyber law in educational curriculum
• Re-orient and re-engineer cyber criminals
• Hi-tech crimes is an evil we must love despite posing worldwide threats, the response to the threats should be global, practical and dynamic in legislation and technology.
• Hi-tech crime is a new global epidemic, requiring massive and continued mobilisation of resources that is only possible when there is a strong political will.
• Based on its uniqueness, Africa needs its own pool of experts on cyber threats, such as Computer Incident Response Teams(CIRT). Therefore, conferences such as this is not an option. The ACCP comes handy here.
• Like the Convention on WMD, there should be one for Technology Pace Regulation [TPR].
• It is high time we walk the talk. Too much of workshops without work outcome.

Speaker:
Annette Hübschle, Research Associate at the Institute for Security Studies & Researcher and Doctoral Fellow at the Max Planck Institute for the Study of Societies

Topic:
Virtually advanced: How criminal networks navigate cyberspace in Southern Africa

In conclusion Hübschle wrapped up by saying:

• Social networks have become powerful tools of communication and vehicles for social change and activism.
• They function like watchdogs, monitoring government violence, corruption and inaction.
• Twitter was used to document the Arabian Spring, Youtube hosts numerous video clips of governmental violence, corruption and abuses of power, and Facebook is home to a variety of groups and networks dedicated to uncovering and sharing information about specific human rights abuses. Wikileaks has provided an explosive insight into the workings of US overseas diplomacy and foreign politics.
• Unfortunately, criminal networks have discovered the virtues of virtual communication too. It is therefore not surprising that several governments in the region and beyond are attempting to restrict or control Internet access and censor the free flow of information it enables. We need to keep a watchful eye on such attempts, to retain the socially beneficial, but reject the negative aspects.

Speaker:
Professor Frans Marx, Private Law, Nelson Mandela Metropolitan University

Topic:
Cyberbullies or Cyber criminals?

"Girls are particularly good at this kind of emotional warfare. We call it social bullying.” Social bullying -- roughly defined as psychological, emotional or physical harassment -- seems to be fuelled by social networking. (Mail & Guardian 21 Jan 2011)

Problem with electronic bullying

The solutions

Speaker:
Professor Daniel van der Merwe, Criminal and Procedural Law, UNISA

Topic:
Cyber-crime: it’s genesis and future

Future of (International?)Cyberlaw

• The days of Frank and Jesse James are past when you just had to make it over the “state line” to be safe
• Thanks to cyber-treaties, which are really contracts between states to deal with cybercrime, criminals are extradited
• The problem areas are really “data havens” (I won’t name and shame them)

Application to Europe (and?)

• Existing Cybercrime Treaty really designed for Europe
• Nevertheless, a major country such as the United States has subscribed to it
• South Africa has referred to it in passing but has not yet fully subscribed
• The ideal would be a world-wide treaty
• Why?

Application to Africa

• South Africa has been the pioneer with its ECT Act, but this status is slipping
• Despite efforts by the SA Law Commission which released a recent (2^nd) report on this topic, nothing much is happening
• What ever is done in Africa needs to gain the widest possible acceptance

Recommendation

• Adapt all local legislation in (at least Sub-Saharan) Africa to comply with the EU Cybercrime Treaty (Budapest, 2001)
• This treaty makes recommendations both with regard to substantive as well as with regard to procedural law
• Criminal Law in SA would probably already comply with such substantive requirements, but procedurally we are still lagging behind (24-hour contact centre)

Speaker:
Iain Campbell, Critical Identity -  Data Protection & Forensics Expert

Topic:
From Sony to EasyPay: Data Breach Notification in South Africa

What is the cost of a Data Breach?

The Pomenom Institute, April 2011 (researched 38 UK breaches)

•          Study examines costs, from loss of Personal Info

•          Lowest cost per record was ~R600 (retail sector)

•          Average total cost = R25 million

7% abnormal customer churn rate

Criminal attacks are the most expensive cause!

Next Generation Attacks

29 March 2011

Australian PM’s computer hacked

other targets include Minister of Defence & Parliament

16 February 2011

Canadian Govt. targeted, including Treasury & Finance & Defence R&D

31 October 2011:

UK Govt. 600 cyber-attacks per day

1. November 2011:

UK to test banks with simulated cyber-attack (87 firms to participate)

How is this relevant to SA?

•       How do we identify related cases?

•       SAPS discarding “unrelated cases” because they have no way to determine their relationship

•       Critical identifiers could include specific types of malware present, processes in memory, log file patterns, or names & places IP’s

•       Critical steps:

•       Training First Responders

•       Standardised methods for collection & processing of media

•       Creation of centralised repository for analysing trends

Speaker:
Saidi M. Kalunde, State Attorney – National Prosecution Services - Tanzania

Topic:
Cybercrime in Tanzania – Implementing  the EAC Recommendations Phase 1 and II

East African Community Fast Facts:

• The Treaty Establishing the East African Community was signed on 30 November 1999 and entered into force on 7 July 2000 following its ratification by the original three Partner States – Kenya, Uganda and Tanzania. [The Republic of Rwanda and the Republic of Burundi joined effectively on 1 July 2007]
• EAC made up of five [5] countries
• Combined population of more than 140M people (2010), in a land area of 1.82 million sq

Challenges & Way Forward

• Absence of a robust legal regime on cybercrime
• Harmonization of Laws, Legal and Regulatory Frameworks
• Institutional Capacity vs. Capacity Building [AG, Police, Judiciary, Parliament]
• Policy issues vs. Legislative Priority
• Inadequate Funding
• Mobile Money Industry [Related VAS products]

Conclusion:

• What will be cyber crime in 2020?
• What is/ should be the capacity of law enforcement agencies?
• Octopus Conference Resolution 2007-[Regional and International Cooperation]
• 3P’s is the name of the game [Public Private Partnership]

Speaker:
Paul Louw, Deputy Director of Public Protections, National Prosecuting Authority

Topic:
The investigation of cybercrime

New UK Cyber security strategy 2011

•       The government classified cyber-security as a "tier one" national security priority in 2010

•       The United Kingdom will create a new cyber-crime unit within the National Crime Agency to deploy cyber-specialists with skills and experience solving cyber-crimes to police departments across the country to assist with investigations

•       The goals are ambitious. By 2015, the measures outlined in the strategy document will place the United Kingdom in a position “

–      where law enforcement is tackling cyber-criminals,

–      citizens know what to do to protect themselves,

–      effective cyber-security is seen as a positive for U.K. business,

–       a thriving cyber-security sector has been established,

–      public services online are secure and resilient, and the threats to our national infrastructure and national security have been confronted.

Lesson to be learnt for South Africa:

•       Old fashion investigating techniques always relevant

•       Modern approach to incident management: have a knowledgeable team available to react to a crime incident and apprehend the bad guy within hours rather than weeks

•       Case study: New Mexico Bank fraud

•       Do pro-active investigations rather than historic investigations

The challenges

•       Do we know how to secure digital evidence?

•       Mistakes made early in the investigation can be costly: The prosecutor will be under pressure

Cell phone money laundering

•       In Russia, most cell phone SIM cards are prepaid. One of the major Russian operators offers a legal service that allows anyone to transfer the prepaid amount of money from a SIM card to a bank account, a credit card, another cell phone number (via a text message) or to express money transfer service Unistream.

This particular service is heavily misused by cyber crooks who use it to launder money collected through ransomware campaigns, mobile malware and SMS scam campaigns.

Speaker:
Mr Pedro Verdelho, Member for Portugal in the Council of Europe Cyber Crime Committee

Topic:
The Budapest Convention on Cybercrime: - 10 YEARS

In conclusion, the Budapest Convention on CyberCrime helps:

·         Stronger and more harmonised cybercrime legislation worldwide

·         Consistent approach to criminalising conduct, procedural powers for law enforcement and international cooperation

·         More efficient international cooperation

·         More investigation, prosecution and adjudication of cybercrime

·         Global impact: 55 countries ratified, signed or were invited to accede; cooperation with 120 countries

·         A contribution to human rights and the rule of law in cyberspace

Speaker:
Mr Sizwe Snail, Snail Attorneys – South Africa , Chair of the AILCC – International Liason – ACCP – Kampala

Topic:
Preventing Cyber Crime in South Africa

What is Cyber Crime

Computer crime or commonly referred to as Cyber Crime or ICT Crime (D van der Merwe (2008 ) 61) is a new type of criminal activity which started showing it’s ugly head in the early 90’s as the Internet became a common place for online users worldwide.

Cyber crime or also known as computer crime can be defined as any criminal activity that involves a computer and can be divided into two categories .One the one the it deals with crimes that can only be committed which was previously not possible before the advent of the computer such as hacking, cracking, sniffing and the production and decimation of malicious code (Ibid).

The other category of computer crimes are much wider and have been existence for centuries but are now committed in the cyber environment such as internet fraud, possession and distribution of child pornography to name a few.

In modern times there is more focus from protecting the “container” of valuables (the computer is merely the modern equivalent of a bank vault, only instead of money or gold it contains data) to protecting the real valuables in most ICT crimes, namely the data contained in the computer , the cell phone’s GPS device and so on. (D van der Merwe (2008) 63). The question then usually arises as to what types of criminal offences may be committed online and what laws one must apply to charge an offender to successfully get a prosecution.

Lessons learnt from European Union and USA

European Union

In the European Union Cyber crime law is primarily based on the Council of Europe‟s Convention on Cyber crime (November 2001). South Africa has signed but did not ratify the Convention. Under the convention, member states are obliged to:

•criminalise the illegal access to computer system,

•illegal interception of data to a computer system,

•interfering with computer system without right, intentional interference with computer data without right,

•use of inauthentic data with intent to put it across as authentic (data forgery),

•infringement of copyright related rights online,

•interference with data or functioning of computer system,

•child pornography related offences (possession/distribution/procuring/producing of child pornography).

•The Convention‟s broad coverage of offences has drawn extensive criticism. Critics argue that it should limit itself to protecting the global information infrastructure by criminalizing “pure” cyber crimes. Fraud and forgery, they argue, are already covered in existing international agreements and should not be included in the Convention as “computer-related fraud” and “computer-related forgery.”[1]

•([1]Convention on Cybercrime: “Themes and Critiques” By Calvert Jones, Berkeley University http://www.cyberlawenforcement.com/)

Recommendations and conclusions

•Most of the Cyber crime provisions in the ETC are noble endeavourers; however their enforceability is still to be tested in our South African Courts.

•Given the borderless nature of the internet and the challenges it poses in terms of jurisdictional questions, international co-operation and uniformity it is of utmost importance that states learn from each other’s efforts to deal with Cyber crime and create an international Cyber crime code to be applied universally if any significant success is to be achieved in the combating Cyber crime.

Speaker:
Riana Smalberger, Digital Forensic Lab - Decision Intelligence International

Topic:
Forensic Investigation into Cloud Computing Environments

Overview:

Cloud Computing is arguably one of the most discussed information technologies today.

It presents many promising technological and economical opportunities.

However, many customers remain reluctant to move their business IT infrastructure completely to the cloud.

One of their main concerns is Cloud Security and the threat of the unknown.

Cloud Service Providers (CSP) encourages this perception by not letting their customers see what is behind their virtual curtain.

To date very few papers have been published on digital forensics into cloud.

Organizational Structure / CSP

To be able to investigate misconduct in cloud each organization should have the correct staff:

1.            Legal Advisors / HR

                Look and advise on legal issue

2.            Investigators

                Work closely with Law Enforcement and investigate the incident

3.            IT Professionals

                They will contribute to the investigation on a technical level.

4.            Incident Handlers

                They respond to unauthorized data access, IP theft, breach of confidentiality, malicious attacks etc.

Future Work:

• The rise of cloud computing is pushing digital forensics into a new horizon.
• Challenges:
  • Jurisdiction issues
  • Lack of international collaboration
  • Resources
  • ECT Act – Cybercrime Inspectors – or the lack thereof!!
  • No standards & Regulations in digital forensics in SA
• How to overcome that? 
  • Research what is best out there and adopt.