Hacking across borders and eras
Despite the overwhelming tendency to plug the holes rather than to track the hackers, the cornerstone of cyber security remains the legal framework that enables the prosecution of cyber criminals.
Des Berwick, researcher for the Australasian Centre for Policing Research (ACPR), underlines the importance of technology neural legislation that targets the illegality of the act itself.
-We have to write legislation which covers technology that hasn't been invented yet," Berwick said. -Cybercrime isn't limited to illegal access either, we need to cover the full gamut of fraud, espionage, child pornography, cyber stalking and even releasing malicious viruses."
And while increasing prevalence of unwanted interruptions to corporate and home computer systems in Australia has lead to governments at both the state and federal level implementing a raft of legislation, some are concern the reaction has been poorly planned.
According to eSec's Neil Campbell the Cybercrime bill recently enacted in NSW displays some serious flaws.
-I am not convinced that they have thought the whole ramifications through," Campbell said. -It is far to broad and will allow people to be convicted without actually having committed an offence. Not only that but it is the equivalent of creating a law which convicts people for 'going equipped to steal', and most people have the tools necessary to hack into a computer system on the computers, even if they don't know how to use them."
Campbell's major concern is that the NSW law was based on Federal legislation that is to be debated following the November election. While parliament draws on a series of forums such as Berwick's ACPR for advice, politicians cannot help but be effected by the sense of urgency created suspected cyber criminals go untried because of a failure due to the legislature.
A lack of understanding of the complexities of cybercrime and IT generally is not the only trap open to legislators in Australia. The stateless, borderless world wide web enables potential cyber criminals to launch attacks from countries where legislation fails to recognise their misdemeanours as such.
For this reason not only is ACPR working to advise parliamentarians, it is also designed to develop working relationships with its counterparts in other countries. With the backing of groups like the United Nations, Interpol the G8 and APEC, the Australasian Computer Crime program is working with police forces throughout the Asia Pacific region to establish a cross-border legislative framework to prosecute cyber criminals.
Proof of the successful collaboration of such groups will come however, next time an Onel de Guzman unwittingly unleashed a virus, or a Phoenix purposefully hacks into a corporate system from a remote pacific island, and obtains your credit card number.
