Working with Law Enforcement on the Cutting Edge of Cloud Security and Online Safety

Posted by Richard Boscovich
Sr. Attorney, Digital Crimes Unit

Eighteen years ago, when I first joined the Department of Justice as an assistant U.S. attorney in the southern district of Florida, the concept of cybercrime wasn’t on anyone’s radar. People might have heard the term “hacker,” but with the Internet still in its infancy, the idea that criminals might one day exploit digital technology to commit fraud and theft and to victimize people, including children, on a global scale was more science fiction than looming threat.

As I stated in a recent interview with the blog TechFlash, around 1995, the DOJ initiated a program to focus on computer and telecommunications crime and since that time, the need for law enforcement agencies, at every level and in every jurisdiction, to have the capacity to investigate and prosecute computer-enabled crime has only grown. That need is at the heart of Microsoft’s Digital Crimes Unit and it’s the sole purpose behind DCU’s annual conference, the Digital Crimes Consortium, being held this week in Montreal, Canada.

The Digital Crimes Consortium is a unique gathering of more than 300 law enforcement officials and members of the technology security community from around the world; they convene each year for frank discussions about the evolving cybercrime threat landscape and to share the latest technologies, techniques and thinking on combating digital crime. The event also serves as an opportunity for technical experts to provide training and share information and available resources with law enforcement officers.

The fight against digital crime relies on many lessons from traditional law enforcement, but there are important ways in which cybercrime is an entirely new beast. For one, it’s effectively borderless; the anonymity and portability of the web means that criminals can live in one country, pretend to operate in another, all while victimizing people in any number of other countries. In comparison, law enforcement agencies are bound by their local laws and regulations and limited by jurisdiction. They face real challenges in cross-agency collaboration, often lacking a common technical or legal framework to operate from.

Law enforcement is already doing admirable work today to combat cybercrime – such as the recent arrests in the Zeus banking scheme resulting from cooperation amongst authorities in the US, UK, Netherlands and Ukraine. However, law enforcement agencies, often under-resourced and tasked with protecting people from a wide range of threats, are continually challenged to keep up with the innovative modern digital criminal. That’s why one part of DCU’s mission has been to facilitate collaboration opportunities like the Digital Crimes Consortium and provide valuable technical training and innovative tools to combat cybercrime, such the Computer Online Forensic Evidence Extractor (COFEE) and the Child Exploitation Tracking System (CETS). COFEE is a simple, portable tool that lets law enforcement officers collect and preserve volatile digital evidence at the scene of the investigation without extensive training or specialized expertise; CETS is a software tool developed by international law enforcement officials and Microsoft to help battle child exploitation online.

The Digital Crimes Consortium is the annual culmination of the work that DCU does all year to help law enforcement agents keep pace with the evolving world of cybercrime, which, unfortunately, will probably remain in demand for the foreseeable future. That’s why we’re committed to innovating on all fronts: legal, technical and collaborative.

To stay informed on what Microsoft and others are doing to help make the Internet safer for everyone, you can follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

Comments (1)

  1. Alan G says:

    The only part I take exception to in this is the statement "…with the Internet still in its infancy…".  The Internet ceased to be in its infancy long before the World Wide Web came along. By the late eighties nobody had a count of how many systems or how many users were on the 'net.

    The Web brought the Internet to the masses, along with ISPs, browsers and consumer websites. It's the Web and the ISP industry that were in their infancy, and we are still a long way from seeing maturity in either. Thankfully, the days described by Clifford Stoll in his landmark book "The Cuckoo's Egg," when it was almost impossible to get law enforcement to take notice of computer crime, are now behind us, but many of the law-enforcement problems were in place (including child pornography, I have no slightest doubt — was the perennial top user of Internet bandwidth as early as the mid-eighties) and being thoroughly ignored long before there was a World Wide Web.

    The efforts of the DCU, COFEE and MARS are necessary and commendable, but the historical context should not be forgotten or misrepresented.

Skip to main content