Upload
ngolien
View
217
Download
0
Embed Size (px)
Citation preview
WWW.IAP-ASSOCIATION.ORG/GPEN 1
Global Prosecutors E-Crime Network Newsletter Issue 34 –July 2016 Welcome to the July 2016 edition of the GPEN newsletter.
This month we the second
interview in the new Insight
series, looking at how
cybercrime units work around
the world. We are delighted to
welcome the Cybercrime Unit in
Mauritius who talk about the
way they work and the
challenges they face.
We also have a report from
Koen Hermans, Member of the
IAP and Vice Chair of the
Eurojust Taskforce on
Cybercrime about the European
Judicial Cybercrime Network
which has been founded by the
European Union Justice Ministers with the aim of providing a centre of expertise, supporting
prosecutors and (investigative) judges dealing with cybercrime.
Along with a roundup of this month’s cybercrime prosecution news from around the world, a list of
conferences and events and this month’s topic focus on Malware.
Don’t forget to book your place at the next webinar. On August 16th 2016 Stephen Mason will be
speaking about “A proposed Convention on Electronic Evidence - why now and how we shape it”. I
look forward to talking to you there.
Sarah Lennard-Brown GPEN communications team
If you have any information or articles for the newsletter or website please send it to
[email protected] or post on the GPEN forum – I look forward to talking to you there.
Join the GPEN community www.iap-association.org/Membership
WWW.IAP-ASSOCIATION.ORG/GPEN 2
News Facebook has a difficult month in Brazil and Israel
Facebook's bank account in Brazil, containing approximately $6
million has been frozen after a court order was issued relating to
access to encrypted data on the Facebook owned WhatsApp site.
The dispute, which started in January 2016 relates to an
international drugs investigation. The Brazillian federal police are
requesting access to encrypted WhatsApp files but both WhatsApp
and its parent company Facebook are claiming they do not have
access to the metadata or the message contained in the files. This is the latest court order which
started with a 48 hour block on the WhatsApp service last December followed by the arrest of
Facebook's Vice President in Latin America in March and another 72 hour block in May.
Law enforcement agencies in many jurisdictions across the world have been protesting against the
use of end-to-end encryption of data arguing it is unacceptable to use end-to-end encryption as it
cannot be accessed by states. However WhatsApp CEO and co-founder Jan Koum has previously said
the company has no intention of “compromising the security of our billion users around the world”
by weakening its security systems in order to be able to comply with police authority requests for
data. What he is effectively saying is that by weakening the security to allow access to law
enforcement would weaken the system and potentially allow access to hackers.
Israel has also taken Facebook to task last month. Israel's Public Minister for Security Gilad Erdan,
claimed that Facebook was “sabotaging” the work of the Israeli police force. He also accused
Facebook founder Mark Zuckerberg of not doing enough to prevent incitement against Israel on his
platform, according to News Agency Reuters.
Israel has been suffering a number of fatal attacks on its Citizens the perpetrators of which have
been identified as Palestinan teenagers. As a result of this Israel has increased its surveilance of social
media and is drafting legislation that will enable it to issue takedown notices to social media
platforms concerning content that it feels incites hate or terrorism.
Facebook indirectly responded with a statement:
“We have a set of community standards designed to help people understand what’s allowed on
Facebook, and we call on people to use our report if they find content they believe violates these
rules, so that we can examine each case and take quick action.”
Find out more about Brazil’s problems with Facebook on the Tech Crunch website
Find out more about Israel’s complaints against Facebook on the Digital Trends website
What do you think? Are you having problems with Facebook’s encryption? Start a debate on the
GPEN Forum
WWW.IAP-ASSOCIATION.ORG/GPEN 3
USA Celebrity Phishing Campaign Man Pleads Guilty
Edward Majerczyk, of Chicago, United States of
America, has pleaded guilty to running a phishing
campaign which stole private pictures and videos
from USA television and film stars in 2014.
Majerczyk sent fraudulent emails that looked like
security warnings from Internet Service Providers
which prompted targeted individuals to visit a
fraudulent website. The spoof website then stole
log in details and enabled Majerczyk to access 300
Apple, iCloud and Gmail accounts between 2013
and 2014. Around 30 of the accounts hacked
belonged to USA celebrities and data, including
private sensitive images of Rihanna and Jennifer Lawrence were later leaked to the Internet. The
Department of Justice said that they found no evidence linking Majerczyk to the leaking of these
images but that he was responsible for hacking the email accounts. Majerczyk faces a statutory
sentence of 5 years in jail.
Read more about the Celebrity Phishing case on the BBC website
Find out more about prosecuting crimes involving Phishing on the GPEN website
Guyana Police receive additional cybercrime training
Guyana is making progress in capacity building to deal
with cybercrime. Stakeholder consultation on the draft
Cybercrime Legislation took place in March this year. The
completed draft, which addresses identity theft, online
child abuse and cyber bullying, will be laid before
parliament later this year.
As part of Guyana's program to increase its ability to
prosecute cybercrime several police officers will attend
an Interpol sponsored training event in the Dominican
Republic in July.
Find out more about the Guyana cybercrime training on the Guyana Government website
You can find extensive cybercrime training material on the GPEN website
WWW.IAP-ASSOCIATION.ORG/GPEN 4
Tanzania Man charged for WhatsApp insult to president
A Tanzanian citizen is facing charges for
allegedly sharing comments calling President
John Magufuli an imbecile on the social media
site WhatsApp. The new cybercrime law was
enacted last year despite heavy criticism that
it would stop freedom of speech. Mulokozi
Kyaruzi is the second person to be charged
under the new law for insulting the president.
Find out more about the Tanzanian
Man who insulted the President on
the africa.tvcnews website
Tell us your experience of dealing with
legislation relating to social media on
the GPEN Forum
Intellectual Property Crime Unit launched in India
The Telangana Intellectual Property Crime Unit
was launched in Hyderabad, India this month.
The Unit is the first in the country to focus on
Intellectual Property Crime. The film industry in
India has been particularly badly affected by
the illegal copying of VHS tapes, DVD's and
online streaming. The Telangana Intellectual
Property Crime Unit (TIPCU) will operate under
the auspices of the cybercrime wing of the CID
to deal with complaints about online piracy.
Find out more about the new
Intellectual Property Crime Unit in
India from the New Indian Express
website
Join the debate about Intellectual Property on the GPEN Forum
WWW.IAP-ASSOCIATION.ORG/GPEN 5
GPEN Webinars
GPEN Webinars are supported by the UK Foreign and Commonwealth Office and the International
Association of Prosecutors.
Book your place for the next GPEN Webinar
To book a webinar place email: [email protected] - the webinars are free and certificates are issued
to everyone who attends.
August 16th - 'A proposed Convention on Electronic Evidence - why now and how we shape it'
Date and Time: 16th August 2016 11:00 British Summer Time (Greenwich Mean Time +1)
Presenter: Stephen Mason
September 22nd - Prosecuting digital crimes against children (title to be confirmed)
Date and Time: 22nd September 2016 15:00 British Summer Time (Greenwich Mean Time +1)
Presenter: Allison Dellandrea – Crown Prosecutor from Toronto, Canada who specialises in
prosecuting digital crimes against children.
October 26th Implementing the NOCAP (National Online Child Abuse Protection) process
Date and Time: 26th October 2016 time to be confirmed
Presenter: Stewart Gailey and the Cybercrime Scotland Team
Catch up with the GPEN Webinars
If you missed our webinars do not worry. You can listen to the webinar and access the associated
documents in the GPEN library. The webinars are available for members of the IAP (you need your
IAP username and password to access the website). www.iap-association.org/GPEN/GPEN-Learning-
Centre/Webinar
The European Cybercrime Network
Despite diverging national legislations every Cybercrime Prosecutor encounters similar challenges:
storage of evidence on servers located in unknown places or whose locations are unknown; the use
of special investigative powers on the Darknet; the lack of response from Internet Service Providers
WWW.IAP-ASSOCIATION.ORG/GPEN 6
(ISPs); the need to decrypt devices or communicate across borders; etc. Only by sharing information
will we be able to deal with these challenges more effectively.
On 9th June 2016, European Union (EU) Justice Ministers adopted two sets of conclusions setting out
practical measures to improve cooperation across the EU related to criminal justice in cyberspace.
One of these sets of conclusions formalised the long awaited European Judicial Cybercrime Network
(JCN), supported by Eurojust.
The JCN will provide a centre of expertise, supporting prosecutors and (investigative) judges dealing
with cybercrime. It will thereto facilitate and enhance cooperation between the competent judicial
authorities dealing with cybercrime, in particular by exchanging expertise, best practices and other
relevant knowledge and experience on the investigation and prosecution of cybercrime, including the
practical application of current legal frameworks and relevant case law and effective cross-border
judicial cooperation.
The JCN will also foster dialogue between the different agents and stakeholders in the field, such as
The European Cybercrime Centre (EC3), Eurojust, The European Agency for Network and Information
Security (ENISA), The European Agency for Law Enforcement Training (CEPOL), Interpol, The Council
of Europe (CoE) and the private sector, in particular ISP’s.
In order to enable this exchange of expertise, the JCN will provide access to, and disseminate
information via a special (secure) website. It will provide a forum for discussions of practical and legal
problems encountered by legal practitioners in the field of cybercrime, including the obstacles to
effectively obtaining and securing e-
evidence. In summary therefore, the
JCN will exchange information on
domestic legislation, relevant case law
and jurisprudence, international
cooperation and best practices
between Member States, and provide
tools for practitioners.
Koen Hermans, Member of the IAP
and Vice Chair of the Eurojust
Taskforce on Cybercrime
WWW.IAP-ASSOCIATION.ORG/GPEN 7
Topic focus - Malware
Malware is a piece of software which is introduced into a computer system to cause harm. Common
forms of malware include Trojans, viruses, ransomware, spyware, adware, scareware and worms. In
law malware is sometimes called ‘malicious software’ or ‘a computer contaminant’.
What are the different types of malware?
Trojans: A Trojan is a non-self-replicating malicious malware program that enters a system and sends
data from the host system to a third party. It may also
cause harm to the system.
Viruses: A Computer Virus is a type of malware which
replicates and spreads by attaching itself to a file and
inserting copies of itself into other computer programs
or systems as it travels around a system.
Ransomware: Ransomware is covertly installed malware
that encrypts computer files and then demands
payment of a ransom in return for the decryption key
needed to recover the files. This is sometimes called a
‘Crypto-virology’ attack.
Spyware: Spyware is software designed to gather information about a user’s computer use without
their knowledge. Sometimes spyware is simply used to track a user’s Internet surfing habits for
advertising purposes in an effort to match your interests with relevant ads. However, spyware can
also scan computer files and keystrokes, create pop-up ads, change your homepage and/or direct
you to pre-chosen websites. One common use is to generate a pop-up ad informing you that your
system has been infected with a virus or some other form of malware and then force you to a pre-
selected page that has the solution to fix the problem. Most often, spyware is bundled with free
software like screen savers, emoticons and social networking programs.
Adware: Adware is software designed to force pre-chosen ads to display on your system. Some
adware is designed to be malicious and will pop up ads with such speed and frequency that they
seem to be taking over everything, slowing down your system.
Scareware: Scareware is a form of malware that uses social engineering to causes shock or the
perception of threat and make victims download and pay for fake antivirus software to remove it.
Worms: A worm is a type of computer virus that can spread around networks on its own. Worms are
often able to replicate themselves thousands of times within a particular system and then email
WWW.IAP-ASSOCIATION.ORG/GPEN 8
themselves out to other computers. Worms can be used by outside agents to gain access to
computer systems.
What are the resources in the GPEN library?
The GPEN library has a small but select collection of documents relating to the prosecution of crimes
involving malware. These include:
International Instruments
Budapest Convention on Cyber Crime Guidance Note 7 Malware (June 2013)
Demonstrates how the Articles of the Convention on Cyber Crime apply to new forms of malware.
Attacks against Information Systems
Council of Europe Directive 2013/40/EU of 12 August 2013 on attacks against information systems
replacing Framework decision 2005/222/JHA of 24 February 2005
Guides and Manuals
Best Practice to Address Online and Mobile Threats (2012)
A good introduction to the subject of Online and Mobile threats including a section on best legal
practice.
London Action Plan and The Messaging, Malware and Mobile Anti-Abuse Working Group
The Cyber Espionage Blueprint: Understanding Commonalities In Targeted Malware Campaigns
(2013)
This report focuses on the totality of cyber espionage attacks rather than on any specific campaign or
attacker. The resulting "blueprint" that has been derived reflects the common methodologies,
specifically related to malware most often used in Cyber Espionage campaigns.
Author: Alex Cox, Principal Research Analyst,
Databases
Computer Misuse Act Casework Database - United Kingdom
Database detailing cases prosecuted in the United Kingdom under the Computer Misuse Act 1990
Cases(1993-2013) compiled and maintained by Michael J L Turner
Articles
In the Dark - Crucial Industries Confront Cyber-attacks (2010)
McAfee second annual critical infrastructure protection report. Written with the Centre for Strategic
and International Studies (CSIS) including a report about the impact of Stuxnet
Author: Stewart Baker, Natalia Filipiak, Katrina Timlin
WWW.IAP-ASSOCIATION.ORG/GPEN 9
Reports
European Union Agency for Network and Information Security (ENISA) Evolving Threat
Environment Report
A regularly published report detailing the latest cyber threats. Updated regularly
Webinars
Online Business Models Infringing Intellectual Property Rights through Phishing, Malware
Dissemination and Other Fraudulent Means
Erling Vestegaard, 14th July 2016
Please share your own cyber prosecution materials relating to malware (any language) on the GPEN
forum or send your resources to [email protected] . Please note: you need to be logged into the IAP
website using your IAP username and password to access the forum.
Insight
Insight interviews will focus on the work of cybercrime teams and units around the world. The aim of
the series is to examine how different countries around the world approach the organisational issues
around policing and prosecuting cybercrime. We would like to interview cybercrime units from
across the globe and share the successes and challenges of different team structures and working
environments. If you are a member of a cybercrime team and would like to be featured in the
GPEN newsletter, or if you have any feedback please email: [email protected]
This month Insight examines
the work of Mauritius
Cybercrime Unit. Pravin
Harrah is Principal State
Counsel from the Office of
the Director of Public
Prosecutions who works with
the Cybercrime Unit. I asked
him….
What is the structure of the unit?
The Office of the Director of
WWW.IAP-ASSOCIATION.ORG/GPEN 10
Public Prosecutions (ODPP) is responsible at a national level to institute and undertake criminal
proceedings before any court of law in terms of Section 72 of the Constitution of Mauritius.
The Cybercrime Unit of the ODPP is a specialised unit dealing with cases involving cybercrime. The
Unit is composed of Principal State Counsel, State Counsels, State Attorneys and Legal Research
Officers who work under the supervision of the Director of Public Prosecutions. The unit works in
close collaboration with the Police IT unit and Police Cybercrime Unit, which are under the command
of the Commissioner of Police.
This collaboration enables each unit of the Law Enforcement Agencies to complement each other in
terms of skills and knowledge with a view to better fight cybercrime.
The Cybercrime Unit of the ODPP, the Police IT Unit and the Police Cybercrime Unit operate
independently and work separately from each other.
What is the role of the different specialists that make up the unit?
(a) The role of the Cybercrime Unit of the ODPP is mainly advisory and prosecutorial.
The Cybercrime Unit consists of 10 Counsels and Attorneys who have undergone the following
trainings:
the Basic and Advance Training of Train the Trainer (TOT) on Cybercrime and Electronic
Evidence organised by the Council of Europe and the Institute of Judicial and Legal Services
of Mauritius, under the Global Action on Cybercrime (GLACY) Project.
At the Ecole Nationale de la Magistrature, (ENM)France
Criminal Investigation Bureau (CBI) India.
The State Counsels provide legal advice during investigation, advise and prosecute the cases before
the Court.
State Attorneys together with State Counsels assist the Investigative Agencies with the procedural
measures with regard to:
preservation order,
disclosure of preserved data,
production order,
search and seizure,
real time collection of traffic data and
deletion order.
The Cybercrime Unit of the ODPP also assist in training and awareness programmes for stakeholders
in the criminal justice system.
WWW.IAP-ASSOCIATION.ORG/GPEN 11
Also, the Cybercrime Unit of the ODPP is part of the GPEN network which is a global network that
improves international cooperation among cybercrime prosecutors and participates actively in the
Webinars as part of capacity building programmes.
(b) The Cybercrime Unit of the Mauritius Police Force (MPF) investigates cybercrime, while the IT
Unit in addition to providing technical support for technical infrastructure also provides all digital
forensic services to the MPF.
Investigators and forensic examiners of the MPF work separately, with separate responsibilities to
ensure independence of the forensic process. All staff in the IT Unit are police officers with diploma,
certification or extensive knowledge in IT.
The 24/7 Network, under Article 35 of the Budapest Convention to which Mauritius is a signatory,
point of contact is the Police IT Unit.
How do you work together on a day to day basis?
We work as a team supporting and
drawing from the specific expertise
and skill of one another.
This cross fertilisation enables the
team to better understand the
subtleties of cybercrime with a view
to ensure that cybercrime is
detected, investigated and
prosecuted in a more efficient way.
Files are forwarded to the Supervising Officer of the Cybercrime Unit of the ODPP who then channels
the files to officers based on the complexities of the case. The Unit meets as and when required (to
discuss complex legal issues where relevant, before advising cases.
In the event that support is needed on technical issues, the Police IT Unit or the Police Cybercrime
Unit is consulted.
What sort of cybercrime do you mainly deal with?
Cases of cybercrime dealt with mainly involve:
(a) Offences against the confidentiality, integrity and availability of computer data and systems -
Such as unauthorised access and unauthorised interception of computer data.
WWW.IAP-ASSOCIATION.ORG/GPEN 12
(b) Computer related offences -Such as unauthorised modification of computer material and
damaging or denying access to computer system and electronic fraud
(c) Content related offences
Cybercrime has grown exponentially over the years starting from the number of cases reported in
2004 from 8 to 400 in 2015 which is quite significant for a small jurisdiction like Mauritius.
What are the pros and cons of this sort of unit structure in the fight against cybercrime?
The need to balance flexibility to consult each distinct unit involved in the fight against cybercrime
has to be balanced with the fact that at the same time each unit operates separately and
independently so that the quality of evidence and the testimony of investigators and forensic
examiners is not compromised.
Stakeholders of the criminal justice system have undergone training on Standard Operating
Procedures and Guidelines have been elaborated which will enable relevant organisations to
implement quality standards for the provision of services that meet national and international
requirements.
Are there any particular challenges you face?
Given that new trends in cybercrimes are emerging at all time and criminals are exploiting the speed,
convenience and anonymity of the internet to commit criminal activities which knows no borders,
WWW.IAP-ASSOCIATION.ORG/GPEN 13
there is a need to carry out proper investigation and prosecute offenders in this highly technical and
complex area. This can only be done through capacity building and constant updating of the skills and
knowledge of the investigators, prosecutors and judiciary.
Also, it is quite challenging to obtain digital evidence, ‘cloud’ evidence and evidence from
communication service providers in respect of cross border investigation even though the 24/7 point
of contact is being used. International Cooperation is not fully operational.
What is your unit’s approach to the need to educate Juries about difficult concepts?
Cases involving Cybercrime are mostly heard before the Intermediate Court and not before Juries,
while the procedural provisions in respect of the judges’ order are administered by the Judges of the
Supreme.
The procedures for the application and issue of judges’ orders for access to data requires some
improvements so that volatile data are preserved.
Judicial Officers (comprising of Magistrates and Judges) have undergone training and awareness
sessions on cybercrime. There is ongoing training on emerging issues on cybercrime organised by the
IJLS and the Council of Europe for judicial and Law Enforcement officers.
A Glossary of technical terms is being prepared to help stakeholders understand the technical terms.
A Cybercrime Strategy for Mauritius is being developed which aims to:
provide a more effective legal framework for investigating and prosecuting cybercrime
enhance the capacity of the judiciary to deal with cybercrime and digital evidence
work with international counterparts to improve cooperation on cybercrime
Events
Protecting Privacy - Domestic and International Criminal Justice Responses to Crimes against Personal Privacy and the Balance between Individuals Privacy and Collective Security
Date: 24th – 28th July 2016
Place: Halifax World Trade and Convention Centre, Halifax, Nova Scotia, Canada
Conference will be run by the International Society for the Reform of Criminal Law. Visit the Privacy
Conference website.
WWW.IAP-ASSOCIATION.ORG/GPEN 14
Cyber Security Conference
Date: 25th – 28th July 2016
Place: New York, United States of America
The Federal Bureau of Investigation and Fordham University will host the Sixth International
Conference on Cyber Security (ICCS 2016) on July 25-28, 2016, in New York City. ICCS is an
unparalleled opportunity for global leaders in cyber threat analysis, operations, research, and law
enforcement to coordinate their efforts to create a more secure world. Find out more at the
conference website.
4th Interpol -Europol Cybercrime Conference
Date: 28th – 30th September 2016
Place: Singapore
LawTech Europe Congress 2016
Date: 7th – 8th November 2016
Place: Brussels, Belgium
Find out more at http://www.lawtecheuropecongress.com, Register for the conference:
http://www.cvent.com/d/sfqm63/4W . We have a special deal with Law Tech Europe which means
that GPEN members can have a special 30% discount if they use the code: LTEC-3TCR
Octopus Conference 2016
Date: 16th-18th November 2016
Place: Palais de l’Europe, Council of Europe, Strasbourg, France
The conference will provide an opportunity to interface for cybercrime experts from public and
private sectors as well as international and non-governmental organisations from all over the world.
Participation is free of charge but subject to registration. Find out more at
Registration will be open from 15 September to 15 October 2016 at www.coe.int/cybercrime
International Conference on Cyber-law, Cybercrime
Date: 17th and 18th November 2016
Place: New Delhi, India
Call for Papers - Submit Your Entries At: [email protected]
Find out more about this conference at: www.cyberlawcybercrime.com
WWW.IAP-ASSOCIATION.ORG/GPEN 15
If you know of any conferences or events you think would be useful for Cybercrime colleagues
around the world please post them to the news section of the GPEN forum. You can find more
information in the Events section of GPEN. Please note that to view this information you need to be
logged into the website with your International Association of Prosecutors username and password.
Find out how to become a member of the IAP.
This newsletter is published by the Global Prosecutors E-Crime Network (GPEN) part of the
International Association of Prosecutors - Hartogstraat 13, The Hague, The Netherlands