Cybercrime’s growing need for co-ordinated response
By Patricia Ariss
Today, in the age of Instagram, Snapchat, Kik, Whatsapp and the Internet of Things, information can be — and is — shared instantaneously. For police and other law enforcement partners, this instant dissemination doesn’t necessarily happen, however, and this is leaving the law enforcement community playing catch-up, even though the technology to share knowledge is the best it’s ever been.
By Patricia Ariss
Cybercrime continues to grow, year over year. In this piece, I will cite European statistics, as equivalent stats are not readily available in Canada. This, in itself is an issue. Statistics Canada did not have a category specifically for cybercrime in its 2016 police-reported crime statistics, released in July 2017. However, trends seen and documented across Europe seem to be consistent with anecdotal accounts in Canada.
Calgary Police Service (CPS) Sgt. Mike Lalande heads the Cybercrime Support Team and has seen how important interjurisdictional co-operation can be.
“At any given time, CPS is working with any number of international and national law enforcement agencies, border security agencies, local municipalities and financial crime departments,” he explains.
As is the nature of cybercrime, it is becoming increasingly uncommon to see a file confined to municipal or even provincial limits. Lalande believes co-operation needs to become an integral part of standard investigation procedures.
“There is a need for collaboration. Cyber has no borders and because of that, and the development of Dark Web markets and forums, it becomes more difficult to know where people exist and in which jurisdiction they fall,” he says. “Does that mean we don’t investigate? No.”
Europol agrees, noting in its 2017 report, the International Online Crime Threat Assessment (IOCTA): “Innovation, in terms of the pro-active and adaptive approaches and counter strategies employed, and collaboration, in terms of the involvement of all relevant partners, should be at the core of any response to tackling cybercrime…”
Europol says that co-operation cannot only be between law enforcement agencies. It also calls for early engagement with both the academic and private sectors.
The nature of crime is evolving. According to the same IOCTA report, “while many aspects of cybercrime are firmly established, other areas of cybercrime have witnessed a striking upsurge in activity, including attacks on an unprecedented scale, as cybercrime continues to take new forms and new directions.”1
Policing in the digital space is no longer something for which we can start to plan, agrees CPS Staff Sgt. Cory Dayley.
“We need to be at the forefront,” Dayley says. “The Internet has created a borderless, worldwide platform for all types of criminal activity and law enforcement needs to be positioned accordingly to police in this space.”
Dayley has been with the CPS cyber program for five years and now helms the Cyber/Forensics Unit. He recognizes that which is recognized globally — the technology allowing people to conduct business and social interaction 24/7 is the same technology allowing criminals to victimize people in ways never before possible.
As Dayley puts it, “from hacking, DDoS attacks, malware, ransomware and phishing, to identity theft, romance scams, financial crimes, online stalking and child pornography, the crime that occurs online has devastating impacts on victims around the world.”
These all need to be investigated, Lalande adds. “At what point do you share knowledge? We can’t say, ‘You can’t have this information because you’re not CPS.’ We are all in the same boat, now, and we’re looking at cybercrime equally.”
This burden is not only being seen at the level of specialized investigations, but on the frontlines, too. CPS Sgt. Andrew MacLeod, who heads the Cybercrime Investigations Team, says one of the biggest problems posed by the cybercrime boom is an increased number of assistance requests from patrol personnel.
MacLeod says these requests are no longer basic, but far-reaching, more technical requests. Because of that, MacLeod believes the roll-out of agency-wide training is more and more important.
“There are few crimes being committed that don’t involve some form of cyber element. We need to get the rest of the service caught up on techniques they can use on the street, however the training is long and arduous and by the time we get everyone trained on a certain technique, the technical aspect of cybercrime has moved on. We’re constantly playing catch up.”
This is yet another anecdote backed up by the IOCTA.
“Such issues require a co-ordinated and harmonized effort by law-enforcement, policy-makers, legislators, academia, civil society and training providers to effectively tackle them,” the IOCTA says, adding that adequate training of both law enforcement personnel and the general public could have a substantial effect on combatting cybercrime.2
Tackling the logistics of cross-border investigations is, to say the least, cumbersome. As Dayley points out, digital evidence is now housed all over the world and held, in many cases, by private industry. Production orders for many social media platforms have increasingly only provided information on whether or not the requested information resolves to the investigator’s jurisdiction. If it does not, it is likely that a Mutual Legal Assistance Treaty (MLAT) would be required. And then, even if provincial crown prosecutors approve the MLAT, it then needs to be approved by the provincial attorney general. If it passes this level of scrutiny it gets sent to the International Assistance Group in Ottawa. If it passes there, it gets sent to the original agency, which houses the requested information.
This is an arduous process that takes months, at minimum.3 Many investigations can’t wait that long.
Europol also recognizes the hurdles imposed by legislative changes, which make cyber enforcement much more difficult, stating: “The growing prevalence and sophistication of cybercrime requires dedicated legislation that more specifically enables law enforcement presence and action in an online environment.” 4
Recent Canadian case law, R. v. Jordan, and R. v. Marakah, show how the legislation is not enabling.
As far as it relates to municipalities closer to home, Lalande sums it up nicely: “Municipalities must have a response to cybercrime. The days are long gone that police and law enforcement can only deal with break-and-enters or violent crime. No longer can a police officer say, ‘I’m not a techy.’ Police have to step up and educate themselves in computer and Internet-related crime.”
The Calgary Police Service will be hosting a Cyber Summit in March 2018, which will explore the current trends in cybercrime. For more information, visit www.cybersummityyc.ca.
Patricia Ariss is a constable with the Calgary Police Service, Cybercrime Investigations Team. She has been with CPS for six years.