Tech Risk & Security

I wrote about US Senate's approval of Council of Europe Cybercrime Convention . Recently, the Cybercrime Committee of Council of Europe released a guideline on how ISP and law enforcement agencies should cooperate in cybercrime investigations. Guidelines for law enforcement - service provider cooperation (adopted on 2 April 2008) From this document, it could be see that there is a large gap between law enforcement and ISP on obtaining evidences. Both sides need to formalise their procedures (either request or giving evidences). If there is no force from the government or other external factor, I could see no reason for them to incur additional resource in this process.

The Hong Kong district court heard a computer crime case on 18th June 2007. An African visitor had rented a flat and stole credit card numbers from his neighbor using wireless sniffing, then he used the credit card information to do online shopping. The charge was brought under HK Crime Ordinance Chapter 200 s116 . More detailed information will be available when the judgment is posted online. The 23-year old defendant was caught since he had used his home address for online shopping and the police were able to trace the delivery records. His ignorance of fraud detection systems and traceability of online shopping transactions seems to suggest that he is not a professional criminal. There are lots of ways to use stolen credit card numbers, buying cash coupons and delivering to an unoccupied house's mail box are common. According to statistics , credit card fraudis increasing and costs 3 billion USD in 2006, up from 2.7 billion in 2005. Different measures (like adding chips or usi...