Highlights
– Over 400 individuals from 40 different countries gathered at an international cyber security conference to share information and develop professional contacts to fight cyber-terrorism and cyber-crime
– Cyber-spy shares expertise on tracking and eliciting information from would-be terrorists online
– More countries must implement or improve cyber laws
Over 400 individuals from 40 different countries gathered at Fordham University in New York City from January 6, 2009 through January 8, 2009 to participate in an international conference of cyber security experts that was hosted by the Federal Bureau of Investigation (FBI). At the International Conference on Cyber Security (ICCS) 2009, cyber security experts from Bulgaria, the Netherlands, China and the United States (US) spent three days exchanging information and ideas on the most effective means of addressing cyber-terrorism and cyber-crime – including identity theft, child pornography, and the underground cyber economy where passports, bank accounts and social security numbers are bought and sold.
Experts ranging from senior intelligence and law enforcement officials to a mother and former judge who began hunting terrorists online after teaching herself Arabic, presented their knowledge, experiences and suggestions on tracking and apprehending cyber-terrorists and criminals online and improving cyber laws worldwide.
A special agent with the FBI stated that the “Internet is a tool for recruitment, radicalization and raising money for terrorists,” and it was apparent to him that many of the countries participating in the conference currently do not possess the forensics hardware and trained personnel that many US law enforcement agencies have.
The overall goal of the conference was to begin to foster relationships, cooperation and information sharing between international intelligence and law enforcement agencies in the fight against cyber-terrorists and criminals. This type of international co-operation was displayed in May 2008 when the US Justice Department announced charges against 38 individuals for their alleged involvement in a computer and credit card fraud scheme that spanned the globe. The case was one the FBI could not have solved without close coordination with officials in Romania, as the international crime ring had significant operations based in Bucharest. The Justice Department’s deputy attorney general stated, “the Romania prosecution is a good example of our ability to deal with cyber-criminal activity cutting across national borders.”
The founder of the cyber-crime unit of the Dominican Republic’s national police stated that the key to international collaboration on cyber-crime is building relationships with foreign colleagues; exactly what the ICCS 2009 conference was designed to do. He stated, “the secret of international cooperation – and it’s a tricky part – is you have to know the person on the other side of the phone or e-mail.”
The conference highlights the recognition by countries that the threats posed in cyberspace are of an international nature that can only be effectively fought through strong ties between international intelligence and law enforcement agencies. In the long term, we expect the information shared and the relationships forged at the conference to help thwart future terrorist plots and help international law enforcement agencies apprehend hackers and other cyber-criminals operating across international lines.
Cyber-spy shares her expertise on tracking terrorists
One of the conference’s most unexpected presenters was a mother from Montana who is a former judge turned cyber-spy who shared her expertise and success stories hunting terrorists online by infiltrating websites and chat rooms using her Arabic speaking skills she learned after the September 11, 2001 terrorist attacks. Posing as more than two-dozen different Muslim militants from her home computer, she was able to gain information about planned attacks and help law enforcement map out terrorist cells around the world. Her investigations have led to two terrorism related convictions in the US, and she has provided intelligence in dozens of other international cases. By learning how to “act like them”, she was able to provide law enforcement with information that led to the 2007 conviction of Michael Curtis Reynolds, an individual accused of logging onto terrorist websites looking for money to blow up the trans-Alaska and transcontinental pipelines. Her information also led to the conviction of Ryan Anderson, a US National Guardsman embarking on an Iraq tour, who planned to sell US military secrets to Al Qaeda and kill US soldiers.
Another conference presenter, a senior investigator and private consultant for Global Terror Alert, showed how his research uncovered a new breed of cyber-terrorists that are using online forums to recruit people who support Al-Qaeda, while creating global networks of would-be terrorists. The cyber-terrorist researcher stated that many individuals hatching terrorist plots online never actually meet in person, but conspire online to launch both cyber-terrorist and physical terrorist attacks. He also stated that many young militants are learning how to code software, or are getting help from freelance experts, including those in Russia, and are using these programs to launch cyber-attacks or are spreading malware – software designed to infiltrate or damage a computer system without the owner’s informed consent – to help raise funds for terrorist related activities.
The work of these private citizens in gathering information in cyberspace about terrorists’ online activities highlights the need for more attention and focus to be brought to the realm of cyberspace by international intelligence and law enforcement agencies.
Countries Must Continue to Develop and Improve Cyber-Crime Laws
Cyber security experts agree that more countries need to implement cyber laws that are compliant with the Council of Europe Convention on Cyber-crime as this would provide significant progress in allowing countries to know that what is against the law in one country is also against the law in another country. The harmonization of cyber laws is important because countries with weak or no laws against cyber-crime, can be used as a haven or pass-through for cyber-crime and attacks. In the mid to long-term, we expect more countries to develop new or improve their existing laws on cyber-crime and cyber-terrorism as they recognize the shift of more criminal enterprises to online recruitment, exchanging of good and services, and the creation of terrorist plots against governmental and commercial entities that undermine a nation’s economic and national security interests.