Some weeks back I had a conversations with amongst others – the legal minds, at the 2nd Annual South African Cybercrime Conference on the topic “Embed Cybercrime in an overall Cyber security Agenda”. The event discussed Cybercrime in South Africa and Africa as a region including the EU Convention on Cybercrime which celebrated its 10th year anniversary. Here are the topics discussed which I will allude to some in this blog:
- Exploitation of children and trafficking in human beings (Cyberbullying)
- Legislation and policies
- International cooperation
- Law enforcement – service provider cooperation in the investigation of cybercrime
- Financial investigations
- Training of judges and prosecutors
- Data protection and privacy
- Insurance Against Cyber Attacks
This conference came in the background of two reports:
The 2011 PwC Global Economic Crime Survey (GECS) addresses various forms of economic crime, but puts the spotlight on cybercrime. The South African edition of the GECS in its key findings noted that Cybercrime has emerged as a significant contributor to economic crime losses in South Africa and is now the fourth most common economic crime in South Africa and globally.
Gartner’s Top Predictions for IT Organizations and Users for 2012 and Beyond predicting that through 2016, the financial impact of cybercrime will grow 10% per year, due to the continuing discovery of new vulnerabilities.
The surveys and predictions are worth to note amongst other published documents and a proper analysis and planning need to be done to try and circumvent the high probability of cybercrime and secure the society.
Cyber-bullying is a fast growing trend that experts believe is more harmful than typical schoolyard bullying. Nearly all of us can be contacted 24/7 via the internet or our mobile phones. Victims can be reached anytime and anyplace. For many children, home is no longer a refuge from the bullies. “Children can escape threats and abuse in the classroom, only to find text messages and emails from the same tormentors when they arrive home”. Please watch as a father of a young man who committed suicide after being cyber bullied, tells his sons story and the pain he has to live with for the rest of his life.
Are these cases prevalent in South Africa? The Mail & Guardian carried an article on 21 January 2011 highlighting the dangers of cyber bullying and sexting, emphasizing that they are realities in our schools.
“In February/March 2006, three high school boys aged 15- to 17-years-old were charged with crimen iniuria after publishing an alleged defamatory image of the deputy principal of their school. One of the boys created the defamatory image electronically by attaching the heads and faces of the principal and deputy principal on to a picture of two naked men sitting next to each other in a sexually suggestive and intimate manner. The boy took the school badge from the school website and used it to obscure the men’s genitals. He then sent the image to a friend’s mobile phone, who forwarded it to other learners at the school. One of the accused printed the image and placed it on the school’s notice board.” – Le Roux and Others v Dey (Freedom of Expression Institute and Restorative Justice Centre as Amici Curiae) 2011 (3) SA 274 (CC).
“Two boys, aged 14- and 16-years-old, were arrested on 8 November 2010 for the alleged rape of a 15-year-old school girl. The alleged rape took place at the Jules High School in Jeppestown, and the boys had allegedly filmed the incident on their mobile phones.” – Jules High sex pupils in court
Investigation, Prosecution and legislation
A detailed summary of issues relating to offences, legislation, legal aspects and jurisdiction in cyber crime cases in South Africa has being well captured by the article “Cyber Crime In South Africa”. Most of the Cybercrime provisions in the Electronic Communications and Transactions (ECT) Act, 2002 (No. 25 of 2002) are noble endeavourers; however, their enforceability is still to be tested in our South African Courts. Responses to both cyber bullying and sexting are fragmented and rely on various pieces of legislation, common law definitions of criminal offences and civil law remedies in cases. CHAPTER XIII of the ECT Act is about cybercrime and talks to unauthorised access to, interception of or interference with data. Hacking including phishing, as it happens in South Africa (see Hackers hit SA web users) should clearly be confronted by this piece of legislation.
The study by F. Cassim “FORMULATING SPECIALISED LEGISLATION TO ADDRESS THE GROWING SPECTRE OF CYBERCRIME: A COMPARATIVE STUDY” reveals that the inability of national laws to address the challenges posed by cybercrime has led to the introduction of specialised cyber legislation. He advocated that countries should amend their procedural laws to include intangible evidence of cybercrime, as opposed to tangible evidence of traditional crimes.
Judgements on cases involving cybercrime in South Africa reported by the media are dominantly on the evidence provided through usage on digital and internet applications like email, SMS, and video captured through cell/smart phones rather than conviction of cybercrimals who used methods like phishing, smishing or botnets. In my last blog “How safe are we on social networks?” I touched on typical cases in South Africa which earned themselves titles like “MXit child porn ‘horrific’” and “ “Facebook rapist” Thabo Bester was sentenced to 50 years imprisonment on Friday for raping and robbing two women”.
Here are some media abstracts about other cases:
“The witness, a sergeant who works in the Cyber Crime Unit, had downloaded the clip of the two cars believed to be Maarohanye and Tshabalala’s from the phone of an eyewitness who had taken the video” – Drama, anger at Jub Jub trial
“State prosecutor Ian Cooke read a series of emails and text messages which he said proved Sheryl Cwele was part of arranging for Tessa Beetge to collect drugs.” – Cwele case not dismissed
“Pretoria High Court judge Nkola Motata has lost a round in his drunken driving battle when the high court ordered that video recordings allegedly made on the scene where Motata crashed his car could be played in court during a trial-within-a trial to test their admissibility.” – Judge Motata’s bid to block recordings fails – South Africa | IOL …
Some of the issues the victims of cybercrime have with the justice systems that doesn’t have frameworks ready to implement legislation whenever it exist are:
- They don’t trust police and don’t have any faith that anything will be done if they do report it.
- They don’t want to spend even more of their time filling out forms and talking to law enforcement personnel and generally dealing with the “hassle factor” involved in reporting.
- They don’t think the crime is serious enough or significant enough or their losses large enough to warrant taking up the time of law enforcement.
- Or simply, they just don’t know where to report due to lack of awareness.
The Security and Exchange Commission in the US issued a new guidance requiring that companies disclose “material” cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a “description of relevant insurance coverage.” When this trend is adopted worldwide – the cost of the insurance might have to be passed to the consumers of services. The implementation of such legislation or regulatory frameworks will also require extensive training and clear audit processes.
Why clear audit processes? We do have issues around IT professionals within the private and public sectors and those from the civil society when they have being attacked or are victims of cybercrime:
- They don’t want to think of themselves as victims and are in denial.
- They don’t want others to know they were victimized because they think it makes them look weak; in the case of businesses, will cause them to lose clients because the clients won’t trust them to be able to adequately protect client data – this discussion “ The Disclosure Debate: When Should Companies Reveal Cyber Attacks?” allude to this fact; and we also have IT departments personnel in Government department that don’t want to loose their jobs.
- They blame themselves for not having bought that firewall or anti-malware program or for clicking on that link or visiting that web site or lowering their computer’s security settings to make it easier for them to access what they wanted.
As promised – there has being some continual activities on “Battling Botnets for Control of Computers”. The Microsoft Digital Crimes Unit (a worldwide team of lawyers, investigators, technical analysts and other specialists whose mission is to make the Internet safer and more secure through strong enforcement, global partnerships, policy and technology solutions) have done some excellent work with regard to bringing down botnets in collaboration with different governments agencies. This collaboration resulted in the second botnet (Rustock ) being brought down:
There is a lot of lessons to learn from this exercises as per this article: “Microsoft passes Rustock botnet baton to FBI – Take-down and command disruption reduces botnet by 74% since March”. The passing of the baton resulted in this government law enforcement agency bringing down Coreflood botnet: Botnet Operation Disabled – FBI Seizes Servers to Stop Cyber Fraud.
Forensics, Protection and Prevention
Constant knowledge and training on digital forensics is key to an information security strategy. It gives assurance to the consumers/citizens that they can be protected through solid evidence proof type of investigations and be protected from future attackers including the “insider”. Electronic evidence discovery (EED), and the use of third-party computer forensic experts has gained wide-spread use in most forms of litigation, see Forensic Lifecycle and the following articles:
- The Need for and Contents of a Course in Forensic Information Systems & Computer Science at the University of Cape Town
- Live Memory Acquisition for Windows Operating Systems: Tools and Techniques for Analysis
- Computer Forensics
- Windows Forensics and Incident Recovery by Harlan Carvey (Addison-Wesley).
You can learn how Family Safety can help you manage your children’s computer activity, including websites, games, and programs through Windows Live Family Safety 2011. Here is a government site for Child Online Protection and a community site “Cyber bullying: When all else fails” in South Africa. Parents can do the following to protect their children from cyberbullying: (www. stopcyberbullying.org)
- Bing your child
Make sure that the cyberbully isn’t posting attacks online. When you get an early warning of a cyberbullying campaign, it is essential that you keep an eye on your child’s screen name, nick names, full name, address, telephone and cell numbers and Web sites.
- Block the sender
Someone who seems aggressive, or makes you uncomfortable and does not respond to verbal pleas or formal warnings should be blocked. This way, they will not be able to know when you are online or be able to contact you through instant messaging. Even if the communications are not particularly aggressive or threatening, if they are annoying, block the sender. (Most ISPs and instant messaging programs have a blocking feature to allow you to prevent the sender from getting through.)
- “Warn” the sender
If the cyberbully uses another screen name to avoid the block, otherwise manages to get through or around the block or communicates through others, “warn” them, or “notify” the ISP. (This is usually a button on the IM application.) This creates a record of the incident for later review, and if the person is warned enough, they can lose their ISP or instant messenger account. (Unfortunately, many cyberbullies use “warning wars” or “notify wars” to harass their victims, by making it appear the victim is really the cyberbully. This is a method of cyberbullying by proxy, getting the ISP to be an unwitting accomplice of the cyberbullying.)
- Report to ISP
Most cyberbullying and harassment incidents violate the ISP’s terms of service. These are typically called a “TOS violation” (for a “terms of service” violation, and can have serious consequences for the account holder. Many ISPs will close a cyberbully’s account (which will also close their parents’ household account in most cases.) You should report this to the sender’s ISP, not yours.
An article “Legal responses to cyber bullying” suggest the legal responses to cyber bullying and sexting. Its recommendations focuses mainly on the way in which role players in the criminal justice system (CJS) can contribute to dealing with these behaviours including amongst:
“Cyber safety, education and awareness raising
about cyber bullying and sexting
should form part of the school
curriculum. The Department of Basic
Education should ensure that schools
have clear policies on how to deal with
Efforts to enable judges and prosecutors to prosecute and adjudicate cybercrime and make use of electronic evidence through training, networking and specialisation are on-going and there is a project of cybercrime for judges currently funded by contributions from the Government of Romania, Microsoft and McAfee (through the Silicon Valley Community Foundation) which complement Council of Europe funding. Here is a training document you can download: “Cybercrime training for judges and prosecutors: a concept”
Project MARS (Microsoft Active Response for Security) disrupted botnets and began to undo the damage the botnets have caused by helping victims regain control of their infected computers. We can learn from this project, adopt and improve according to our countries present level of readiness.
If you believe your computer may be infected by Rustock, Coreflood or other type of malware, we encourage you to visit support.microsoft.com/botnets for free information and resources to clean your computer.
Sooo…, we have crime cutting across almost all forms of our normal societal lives through the technological means existing to enhance our potential for a better living. It is time that we (in particular governments) start collecting incidents (through National CERTs amongst other means) and measuring the impact of this crime and report it regularly as part of the Crime Report/Statistics – whenever it is reported (Weekly, Monthly, Quarterly or Yearly). In terms of addressing cybercrime, the “Take Back the Tech” campaign (www.takebackthetech.net) is one excellent example of civil society taking up the initiative to educate the civil society about protecting themselves from cyber violence.