EU could turn to 'crowd sourcing' in cyber crime fight

**The Lawspeaker** · 12-18-2010, 11:15 PM

Millions of internet users across the EU could be encouraged to join the fight against cyber crime if a ground breaking experiment in "crowd sourcing" goes ahead.

The director of Europol told peers he wants to get net users directly involved in catching cyber crime gangs.

Rob Wainwright briefed a Lords EU sub-committee on plans for a European cyber crime centre.

He said the extent of the problem was often underestimated in the EU.
And criminal gangs were becoming more sophisticated in their use of technology, which was spreading into the world of "offline" crime such as drug and people trafficking and VAT fraud, which netted criminals in the EU 100bn euros (£85bn) last year alone.

Scams

Europol officials say criminals are increasingly communicating with each other through online phone services in the mistaken belief that they are untraceable.

They are also carrying out more "traditional" cyber crimes such as botnets, malicious software that can secretly steal credit card details, and phishing scams, in which people are tricked into handing over confidential details.

Mr Wainwright, a former senior official with the UK's Serious and Organised Crime Agency, said Europol was stepping up its fight against internet-based crime ahead of the opening of a planned cyber crime centre, funded by the European Commission.

Europol, an EU-wide police intelligence agency based in The Hague, already had a "dedicated intelligence project designed to identify the most significant cyber criminals operating in Europe", Mr Wainwright told the committee.

He said the next stage was to launch an "internet crime reporting online system".

This initiative, originally conceived by the French Presidency of the EU in 2008, would, for the first time, "collect all internet crime reported online at a national level, in a harmonised way across the EU," he told the committee.

'Empower citizens'

It would have the ability to alert police in the 27 member states to "connections between different investigations".

"For the first time the EU will have a comprehensive overview of reported cyber crime from within its own borders and this could even include, in the future, a component of direct engagement with the public," said the Europol chief.

Europol strategic analyst Victoria Baines later explained to BBC News that the organisation was interested in eventually using a form of "crowd sourcing" to gather examples of suspected cyber crime so it could build up a fuller picture of illegal activity.

This would involve concerned net users scouring the net for possible examples of crime and reporting it, possibly through a dedicated website.
It could operate along similar lines to America's Internet Crime Complaint Center (IC3), a joint venture between the FBI and the National White Collar Crime Centre, which for the past 10 years has allowed victims of cyber crime to make a complaint online.

But the Europol system could potentially go further because it would not be restricted to people who had themselves been the victim of cyber crime or who wanted to make a formal complaint to a law enforcement agency.

'Empower citizens'

Ms Baines said the idea was to raise awareness of crimes such as the "online solicitation of children", payment card transaction fraud or "social engineering", in which people are tricked into giving their passwords or other personal details.

And then "to empower citizens not only to look out for themselves but to report criminal activity".

But Mr Wainwright stressed in his evidence that Europol's first priority was to involve private industry and academia in the fight against cyber crime.

The crowd sourcing plan is in its embryonic stages, and will depend on the setting up of the European cyber crime centre, which is planned by 2014, if funding can be secured.

But Mr Wainwright told BBC News he was keen to "scope out" crowd sourcing and saw it as a potentially vital part of the the war on cyber crime.

The Lords EU Home Affairs sub-committee is investigating the EU's internal security strategy.

Source: BBC News (16 December 2010)

**The Lawspeaker** · 12-18-2010, 11:18 PM

Crowd sourcing the fight against cybercrime?

The European Union (EU) is examining a plan to use "crowd sourcing" to fight internet crime, allowing members of the public to connect directly with police and report internet security attacks and online scams.

The BBC is reporting that the millions of computer users across the EU could be galvanised into joining the fight against cybercriminals, with all data about internet crime collected and "reported online at a national level, in a harmonised way across the EU."

Those are the words of Rob Wainwright, director of Europol, who briefed a Lords EU sub-committee on plans for a European centre to fight cybercrime.

"For the first time the EU will have a comprehensive overview of reported cybercrime from within its own borders and this could even include, in the future, a component of direct engagement with the public," the BBC reports him as saying.

Certainly, greater co-operation between the various computer crime authorities in the 27 EU member states is no bad thing, and you can imagine the advantages that would bring in hunting down those responsible for sometimes complex and sophisticated crimes.

But I have to throw in a note of caution about the idea of members of the public scouring the net for evidence of cybercrime.

Although done with the best of intentions, I would hate to imagine that members of the public inexperienced in the ins-and-outs of computer security would become "Digital Miss Marples", attempting to uncover wrongdoing on the net.

Let's not forget that internet crime is often a more serious business than the graffiti, littering and dog fouling crimes that many neighbourhood watch schemes can deal with on a regular basis. Surfing from website to internet forum, piecing together clues to send to the police, may expose your computer to threats - such as malware infection or identity theft - unnecessarily.

Furthermore, with those behind internet crimes being no longer disaffected teenagers but serious hardcore criminals, you'd best watch out if they find you poking them with a stick.
Yes, I strongly believe that it should be simple for members of the public to report computer crime, but I would urge a note of caution that users also need to be advised to put the security of themselves and their computer as a priority rather than the hunting for clues.

Private industry (such as the computer security industry and financial services) can probably play an important role in helping the fight against cybercrime, but investigations into using crowd sourcing should not be rushed into before proper consideration of the safety issues are considered.

Source: Naked Security (17 December 2010)