Law enforcement needs resources to fight electronic crime

National Institute of Justice

Although electronic crimes are increasing at an alarming rate, there is a lack of reliable statistics measuring the frequency, size and impact of such crimes and little scientific research being done to profile the perpetrators, experts say.

Edward Appel, president of the non-profit Joint Council on Information Age Crime, which supports public/private cooperation to prevent and respond to high-tech crime, said law enforcement officials need better capabilities and more resources to deal with electronic crime whether it is committed in cyberspace or traditional crimes involving digital devices.

But whether it’s cyberterrorism, Internet crimes against children, identity theft, intellectual property theft or fraud, he said there aren’t good statistics regarding the number and type of crimes.

Some businesses aren’t reporting cybercrimes to law enforcement, but instead handling them internally. With the advent of instant messaging, voice over IP and other communication technologies, there are legal issues of intercepting messages to determine whether a crime has been committed. And getting information about possible crimes from Internet Service Providers might also pose a problem.

The issue will only get worse as the use of personal computers, broadband activity, Internet domain hosts and the Internet and mobile telephone all grow, he said.

“Why is Internet activity attractive to criminals? Because that’s where the money is,” Appel said, a retired FBI special agent, during a panel discussion sponsored by the National Institute of Justice’s annual conference in justice research and evaluation July 18 in Washington, D.C.

Appel said there are several national efforts under way to help law enforcement understand the scope of the problem and provide them with skills and resources to combat the problem.

Currently, the Justice and Homeland Security departments are jointly surveying 36,000 businesses to examine the type and frequency of computer security incidents. The survey is expected to become an annual exercise and provide statistically relevant national data on cybercrime across all U.S. businesses, especially those in critical infrastructure sectors.

One way to address the problem is to profile cybercriminals to help law enforcement narrow the suspect pool and determine whether it’s a terrorist attack, information warfare or a other reason.

But Marcus Rogers, an associate professor at Purdue University’s computer technology department, said there is a lack of scientific peer-reviewed research in that area. Behavioral scientists have simply “dropped the ball” because they are afraid of technology, he said.

He has been researching whether traditional psychological profiling techniques are relevant to computer crimes. Just like at a physical crime scene, investigators at a cybercrime scene need to look for clues to learn whether the crime was committed by an individual or a group. They would also want to know the age, gender and other points regarding the perpetrators. But investigators also need to understand computer terminology, such as operating system, servers and database networks.

“You don’t need a Ph.D. in computer science to do this, but you do need a basic understanding,” Rogers said, a former police officer.

By profiling the perpetrators of a crime, it might tell an investigator the motivation behind the crime. There has been some research done on Internet child pornographers and criminal insiders, but there has been little done on Internet stalkers and predators, virus writers, cyber terrorists and hackers.

He said there has been many myths, stereotypes and media hype about hackers, which is really an umbrella terms for a large number of different behaviors, Rogers said.