CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Net crime poses challenge to authorities

Incidents of auction fraud, the sale of illegal items, and criminal trespassing are booming in the e-commerce market--showing that for some, crime does pay.

Incidents of auction fraud, the sale of illegal items, and criminal trespassing are booming in the e-commerce market--showing that for some, crime does pay.

Law enforcement officials have been scrambling to catch up with these kinds of criminals--hobbled by insufficient resources and a flurry of trained investigators leaving for the private sector, observers say. In addition, the nature of the Internet--and the ease of gaining anonymity on it--has made crime easy and catching criminals much more difficult. Just this week, an FBI representative testified before Congress about the growing number of attacks on computer systems.

"Unfortunately I don't think you're going to see law enforcement catch up with the curve," said Doug Rehman, president of the Florida Association of Computer Crime Investigators. "In many ways, it's easier to commit crimes in cyberspace then in the real world."

Only yesterday, a seller on Amazon's auction site was accused of bilking customers of $28,000, collecting payments from buyers but not shipping the goods. Amazon, which is investigating the case, says if it is true, it would be one of the worst cases of fraud on its auction site.

And last month, eBay closed an auction of 500 pounds of marijuana and battled a spate of auctions involving illegal sales of human organs--and even an unborn baby.

Some of these cases were simply hoaxes, but real e-commerce crimes have already been prosecuted. Earlier in the summer, for example, former eBay seller Robert Guest pleaded guilty to mail fraud. Prosecutors had accused Guest of collecting approximately $37,000 from bidders for items he never shipped.

Spam spawns fraud
But auction sites aren't the only places where fraud occurs. Rehman says spam, or unsolicited email, is one of the easiest ways to defraud Net users. Spammers can email thousands of Net users offering products they never intend to ship, expecting that at least a few of their recipients will respond to the scam. Because spam is often sent anonymously and can be difficult to trace, law enforcement officials may never catch up with the perpetrators, Rehman says.

"Spam fraud is the worse kind of fraud because people are too trusting when they get a direct message via email," said David Kennedy, director of research services for Icsa.net, a security company that advises Internet companies on how to improve their security.

Part of the problem is that although crime might pay, combating it usually doesn't. Most online fraud cases involve amounts small enough that authorities often won't investigate. Amazon, for instance, has its own team to investigate fraud on its auction site because it found that the authorities didn't know how to handle such cases.

"We were frustrated with law enforcement because a lot of these cases are small in monetary value," said Amazon spokeswoman Sharon Greenspan. "They wouldn't investigate because it didn't meet their criteria to open an investigation."

Rehman, who investigated high-tech crime for the Florida Department of Law Enforcement for ten years, said law enforcement's hesitation to combat such fraud has to do with the lack of tangible evidence and the amount of time it takes to investigate.

Compounding the problem, many law enforcement agencies are underfunded and undertrained. And the bright investigators they have often leave for better paying jobs in the private sector.

"There's a severe drain on government and investigative agencies of people leaving to go into the private sector," Rehman said.

Locations difficult to track
Last week, Michael Vatis, director of the National Infrastructure Protection Center, told the Senate Judiciary Committee that the main difficulty in catching cybercriminals is determining where and how the crime was committed.

"This difficulty stems from the ease with which individuals can hide or disguise their tracks by manipulating logs and directing their attacks through networks in many countries before hitting their ultimate target," Vatis said in a statement to the committee.

Vatis, who was reporting on the nation's Internet infrastructure, cited the case of a criminal group that ran a $50 million phone card scam and penetrated phone accounts of AT&T, MCI, and Sprint customers in 1994. Vatis also cited the case of Carlos Felipe Salgado Jr., a man who infiltrated a California Internet service provider and pilfered 100,000 credit card numbers worth over $1 billion.

"We expect to see an increase in hacking by organized crime as the new frontier for large scale theft," he said.

Kennedy said things will get worse before they get better.

"There are more prosecutions taking place all the time, but that still dwarfs the number of things that are happening," he said. "So even if the FBI had infinite resources, they can only report the crimes they know about."