Interpol: Give us tools to fight cybercrime

The international police organization said Monday that a new global legislative framework was needed to deal with cybercrime, which has evolved dramatically since the current legislation was passed.

"With phishing and pharming, new technologies are being dealt with by old laws," said Bernhard Oputal, a crime intelligence officer with Interpol's financial and high-tech crime division.

"We need an integrated legal framework to exchange data. A lot of legislation doesn't consider a data stream as evidence, because the evidence is hidden behind 0s and 1s. We have to rethink the legislative framework," Oputal told ZDNet UK.

Many organized-crime gangs have turned to the Internet in recent years, using fake Web sites and e-mails to defraud users. According to experts, these gangs are based in countries such as Russia, China and the U.S. but target Internet users across the globe.

Interpol said it has experienced problems with the international transfer of evidence and said some Internet service providers were unwilling to provide data, a problem exacerbated by the speed with which phishing sites disappear after capturing information.

"I need a legal basis to get the data out of the service providers. The current system is protecting the offenders, not the victims," Otupal said. "There are different types of service providers--some who are willing to tackle the problem, and some who say, 'We are content providers; that's not our role.'"

A global framework for legislation should be provided by the Council of Europe's Convention on Cybercrime, according to Otupal. The Convention, ratified in 2001, is a European treaty designed to allow for a common criminal policy on cybercrime.

Following its announcement on Monday that it will bring prosecutions against suspected cybercriminals, Microsoft agreed that current legislation needed to be reformed in some countries. The software giant said it will prosecute more than 100 phishers over the coming year and said it's involved in lobbying for stronger antiphishing laws.

"There is basic legislation to enforce the law in most countries. Whether the sanctions are proportionate to the damage caused remains to be seen," Jean-Christophe le Toquin, an attorney for Microsoft in Europe, told ZDNet UK. "The Council of Europe Convention lets us use existing tools. We are pushing for stronger laws if (those tools) are not sufficient," le Toquin added.

Interpol admitted that it was limited in its power to stop phishers because of the lack of a cohesive global legal framework.

"Are these cybercriminals beyond the long arm of the law?" said Pat Cox, a former president of the European Parliament, speaking at the launch of Microsoft's Global Phishing Enforcement Initiative. "More or less, yes," Otupal answered.

"There are still some places in the world criminals move to where ISPs still permit phishing," Otupal later told ZDNet UK. "Criminals go to countries where this use of technology and movement of money across borders isn't criminal. Another big problem is that criminals (can operate in) many different countries--25 countries in a recent case," he said.

Otupal also wants to see "more trust between parties" in divulging information to their customers, and to the police. He said banking institutions are afraid their reputations will be damaged if their customers know that other customers have fallen victim to fake Web sites.

"Banks are not willing to admit they've been abused through cybercrime, and internal investigation doesn't necessarily work," he told ZDNet UK.

Tom Espiner of ZDNet UK reported from London.