New Zealand is no soft touch for electronic crime but lags other countries in setting up a specific body to tackle the activity, speakers told a forum on e-crime.
Panel members at the forum, held late last month in Wellington, suggested there was no evidence that New Zealand has a particularly high rate of online fraud. This is despite the country’s apparent laggardliness in work on e-crime and the contention of two US-based online credit-card payment agents that New Zealand has unusually high electronic fraud statistics (see NZ a fraud risk, say US online billers).
Police commissioner Rob Robinson says this impression may have been created by overseas fraudsters using this country as a staging post. One ring of credit card number thieves from Eastern Europe, for example, was detected using an Auckland database as temporary storage for the illicit data.
Robinson compares this to the Rainbow Warrior bombing; criminals used New Zealand as a staging post evidently because they thought it was a small and unsophisticated country where their activity would not be traced.
Chris Roberts of consultancy Deloitte told the forum that the US, UK, Canada, Australia and the European community had set up or were setting up a centralised interdisciplinary body involving law enforcement agencies, technological and forensic specialists and users, while New Zealand has yet to approach the question.
The previous week to the Wellington conference a “Global Forum for Law Enforcement and National Security” was held in the UK and New Zealand did not send a delegate.
The British, however, did not score much higher in that respect. A National High-Technology Crime Unit has recently been set up there, but declined to send representatives to the forum as its staff were still undergoing training, Roberts said.
Another objective of a unified e-crime body is simply to give the victims of computer crime someone to contact. A recent UK survey showed more than 80% of IT managers could not say whom they would contact first on suspicion that their company had been the victim of a computer-facilitated crime.
Interest appears high in forming such a collaborative body in this country. Exploring such interest was one of the objectives of the e-crime forum, organised as part of the annual conference of the New Zealand Security Association.
Such a body would co-ordinate co-operative action and pass information among the interested bodies – including user companies, law-enforcement agencies, technologists and lawyers.
“I would like to see the same thing happen with e-crime as with Y2K – nothing,” said Tom Hunwick of EDS. Y2K was a non-event because of the huge amount of co-operative work that had had been done on meeting the risks.
There are already international bodies that will share information to the benefit of New Zealand, Hunwick pointed out: the US Federal Bureau of Investigation, the NIPC, IT-ISAP.
Roberts said it was plain New Zealand was some way behind the leaders. We are only just beginning to get our law into order to recognise offences like hacking as crimes, he said. An estimated 35 out of 50 countries in one survey had not yet done this.
The police - normally be the first resort for reporting electronic crimes – are ill-equipped and short-handed, he said, and have to prioritise the increasing flow of cyber-crime that comes to their notice.
Meanwhile, electronic media allows the criminal to be more anonymous and the crime to be perpetrated far more speedily accumulating victims over a greater geographical range, said Brendan Boyle, head of the government’s e-government unit.
New Zealand does have some advantages in tackling e-crime, however, Roberts says. It has a single unified police force, not separated into states and counties, and is a small country with few major centres, making co-ordination easier. While we are late to the effort, this means we can learn from experience gained and mistakes made in other jurisdictions.
Too often, said Roberts, corporate users, and small-medium-sized enterprises have a poor idea of procedure in the face of an electronic invasion. In a panic reaction to protecting themselves against further intrusion, “they trample all over the evidence”. Information gathered and promoted by a unified body should include procedures for reacting in a controlled way to an apparent e-crime.