BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 
Monday, 8 May, 2000, 15:23 GMT 16:23 UK
Hunting e-criminals

Cyber-crime may appear to be lawlessness at the cutting-edge of technology, but it's old-fashioned detective work which leads the authorities to the doors of hackers and virus writers.

The resources of police forces across the world have been mobilised to catch the person responsible for last week's e-mail "Love Bug".

Thanks to the efforts of Interpol and the FBI, the virus, which hit an estimated 45 million users, has been tracked to the Philippines.

Love Bug virus
Hard love: E-mail virus hit in 20 countries
Colin Rose, whose company Buchanan International helps trace illegal activities on the web, says like all criminals, cyber-attackers leave a trail of evidence.

"It's just like a burgling a house. You leave fingerprints."

In order to perpetrate a cyber-crime, an offender's computer has to communicate with a number of other machines to reach its intended target.

At each step in this chain of communications a record of the e-criminal's activity is logged.

With cyber-criminals bouncing their way across the internet, through numerous ISPs and servers, this log of information can be as daunting as it is valuable to detectives.

Broken record

"That's what makes the process so complex. There's so much information everywhere and it's gathering it that's the problem," says Mr Rose.

Laptop user
Hackers leave "fingerprints" in their wake
Mindful that their tracks can be followed with greater ease than many outside the computer world might think, seasoned hackers and virus writers endeavour to obliterate these records.

"It's the same as a burglar trying to rub away their fingerprints at a crime scene. But they never remove them all and you only need one or two."

It is not just the offenders themselves who can hamper an investigation. Information logs of ISPs and servers are "cache records", data retained for a very limited period in case it is needed in the short-term.

"Lots of the information gathered in these logs 'degrades'. You have to get to it in a few days to collect the relevant evidence before it disappears," says Mr Rose.

Finding the source

Fred Cohen, one of the world's leading experts on information protection, says the so-called "Love Bug" will be relatively simple to trace.

"Because of the rapid spread, records will likely still exist on many computers that will indicate the real source of this.

[Cyber-attackers] are foolish enough to think they are smarter than the rest of the world.

Fred Cohen, Sandia National Laboratory

"There are also a large number of leads, including the name in the file and other related information, the feedback mechanism that the virus used to get data back to its (presumed) creator, the places where the virus started to spread."

Other hacking attacks and viruses may present the authorities with a more difficult task.

Leaving traces

Mr Cohen, who works at the Sandia National Laboratory, the US government centre charged with defeating threats to the nation's economic and military security, says every hacking case offers different signposts.

"In many cases, the leads are a few bytes of residual data in a computer somewhere, or a credit card trail, or a tip from one of the perpetrator's friends, or an audit record from a phone company."
Internet user
The Love Bug left "leads" around the globe

With Sandia's technical staff simulating cyber-attacks using the latest malicious programs downloaded from the internet, the official response to such activities is far more effective than many of those hit by the "Love Bug" might imagine.

"You follow leads and see where they take you. Eventually, you secure the evidence, catch the bad guy, and cart them off for prosecution and punishment," says Mr Cohen.

Mr Rose says catching cyber-attackers is all down to the money and manpower available to throw at a problem.

Making an effort

"If they're slap dash or not very clever, it's quite easy to find a hacker given reasonable resources. The greater the harm done, the more high-profile the attack, then the more effort put into finding them."

Even the most careful cyber-criminal can make mistakes.
President Clinton
President Clinton wants to spend $2bn on computer defence

Mr Rose says an otherwise canny hacker in Singapore was apprehended when a satellite link they were using to route their activities via Thailand and Australia suffered a "freak termination".

"The hacker panicked and got out. If they'd waited they would have had time to erase their tracks."

Mr Cohen, who is credited with creating the first computer virus while a graduate student in the 1980s, says all the hiding techniques in the e-criminal's arsenal can be overcome.

"The thing that makes them catchable is the fact that they are foolish enough to think they are smarter than the rest of the world.

"After all, how smart can you really be if the most interesting thing you can think to do is to harm other people?"

Search BBC News Online

Advanced search options
Launch console
See also:

08 May 00 | Sci/Tech
Love Bug: Police raid home
04 May 00 | UK
'Love Bug' bites UK hard
15 Nov 99 | Sci/Tech
E-mail security bubble bursts
24 Feb 00 | Scotland
E-mail stalker jailed
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories