Address to American Chamber of Commerce
Commissioner Mick Keelty APM
The West Australian Club, 101 St Georges Terrace, Perth
Monday 20 August 2007, 12.00pm to 2.00pm
(Check against delivery)
Penelope Williamson, General Manager, WA, American Chamber of Commerce in Australia
Glen Whistler-Carr, from Brooker Furniture, sponsor of the luncheon
Ladies and gentlemen
Thank you for the invitation to speak to you today. It is my great pleasure to be here with you in Perth. I’d like to begin by acknowledging the traditional owners of this land, the Noongah people, and acknowledge their elders both past and present and their connection with this land.
I don’t need to tell anyone here today that the world we live in is rapidly changing. As consumers of various technologies – we are buying the latest plasma screen TVs, mobile phones and even in-car GPS systems in greater numbers than ever before – we can barely get our minds around the pace of change. With the advent of the internet, communication has gone global. I can sit in my office in AFP Headquarters in Canberra and conduct a teleconference over the internet with the participants located anywhere on the globe, complete with sight and sound.
I wonder if there is anyone in this room who, twenty years ago, could have conceived of a world in which the internet would play a dominant role in all our lives? It was once the stuff of science fiction.
The internet has had positive effects on the world. Because of the internet we know more about the planet we all inhabit than at any other period in history. We have immediate, live and constant access to events and information from anywhere in the world. A student in remote Western Australia can use the internet to participate in lectures at the University of Western Australia. We can share knowledge – regardless of the topic – for the betterment of humankind. The future holds possibilities we haven’t even begun to imagine yet.
Last year, PricewaterhouseCoopers conducted a survey of large companies in the UK, and a staggering 84 per cent said they had suffered some form of malicious attack on their computers between 2004 and 2006.
We mustn’t lose sight of the fact that with these advancements come responsibilities and challenges – for governments, for law enforcement agencies, for corporations, for all citizens.
With the good unfortunately so often comes the bad. Criminals have wasted no time in taking advantage of the internet as a means of committing real world crimes. The internet has provided criminals with new ways of laundering money, for example. Identity fraud has become easier to commit – and harder to detect – when the internet is used to facilitate the crime.
The birth of the internet has seen the development of some creative new crimes, such as spamming, phishing, hacking, denial-of-service attacks and transmittal of viruses. Business, unfortunately, has often been the target of these types of crime and the financial impacts alone can be massive.
Phishing, for example, is a type of identity theft that is becoming more popular. Unsuspecting people often divulge personal information to phishers, such as credit card numbers, resulting in substantial financial loss.
In January 2004 the U.S. Federal Trade Commission filed the first lawsuit against a suspected phisher. The defendant was a teenager from California who had created a webpage designed to look just like the America Online website. He used it to trick people into supplying their credit card information.
Other countries have followed America’s lead of tracing and arresting phishers. In Brazil the phishing kingpin, Valdir Paula de Almeida, was arrested for leading one of the world’s largest phishing crime rings. Over two years he stole over $20 million US dollars.
Last year eight people were arrested in Japan on suspicion of phishing fraud, netting over 100 million yen.
Also last year the FBI’s phishing investigation, called Operation Cardkeeper, detained a gang of sixteen suspects in the U.S. and Europe.
Such a rapid pace of change brings with it public policy issues which lawmakers and law enforcement agencies will have to address in the future.
Regulation of such a dynamic area is becoming increasingly complicated and time-consuming. Technological advancements occur much faster than the ability of governments to provide a legislative response.
The challenges facing law enforcement are immense. It is difficult and time consuming to trail a suspect through the streets or place them under electronic surveillance via a court order, but it’s not an impossible task. The beauty of these kinds of physical activities is they produce a chain of evidence that a jury can examine and readily understand in a court room.
We now live in a world where criminals use cyberspace to assume multiple identities or use avatars – a gamer’s 3D representation of himself or herself within an online computer game – to plan real world crimes. Our ability to detect, undertake surveillance and gather a trail of evidence is severely challenged in cyberspace.
I’m sure you’ve heard recent media reports about paedophiles using online games and social networking sites to “groom” or develop relationships with children which can result in a meeting in the real world where abuse takes place.
Like police agencies right across the world, at the AFP we have expanded our patrols into cyberspace, monitoring the diverse array of crimes that are facilitated through internet technologies.
In March 2005, the AFP’s Online Child Sex Exploitations Team (OCSET) was launched. OCSET provides the AFP with national assessment and coordination capability for international and national referrals of child pornography.
Since it began, OCSET has been responsible for laying more than 170 charges against 64 people. OCSET is staffed by 35 specialist officers trained to evaluate and investigate online child exploitation matters, and across Australia a further 100 AFP investigators have been trained, increasing our capacity to fight this crime.
Just a couple of weeks ago the Prime Minister announced a new program to protect Australian families from online dangers.
From the $189 million Net Alert – Protecting Australian Families Online program, an additional $43.5 million over four years will go to OCSET and the AFP’s hi-tech crime units, enabling the deployment of 36 new staff in 2007-2008, rising to an additional 90 staff by 2009-2010.
Harm to children and predatory behaviour facilitated by the internet is on the rise. These extra resources will greatly assist the AFP to combat these types of online crimes.
The very systems upon which our economy, government and society are based are threatened when online criminals attack the national information infrastructure.
Even the threat of an attack can undermine public confidence in commerce. When criminals are successful in their attacks they can wreak havoc on a nation. They can shut down online services, they can disrupt emergency services and bring down lines of communication. Hackers might alter personal information held in an online database which could lead to the person being denied access to essential government services or to their banking facilities.
Arguably more important that this, hackers pose a fundamental threat to Australia’s national security. Earlier this year in Estonia hackers spent three weeks in sustained denial-of-service attacks on such sites as the one belonging to the presidency, government departments, the parliament, political parties, the mass media, as well as two of Estonia’s largest banks and communications companies.
The hackers orchestrated a strategy whereby the targeted websites were inundated with tens of thousands of simultaneous visits designed to overload the servers to a point where they crash, unable to cope with the volume of traffic.
Although Estonia only has a population of around 1.4 million people, they are world leaders in e-government, making them vulnerable to this kind of attack.
Although this attack brought the business of government to its knees for a while, the implications for the rest of the world are far more worrying.
NATO was so concerned about these events that it dispatched cyber-terrorism experts to Estonia to assist in rebuilding its systems and get them back online and to undertake an investigation into the source of the attacks.
It’s no secret that government websites are the recipient of attempts to orchestrate denial-of-service attacks. But what is alarming about the events in Estonia is that they were premeditated, sustained and targeted. This wasn’t a random attack, and we now have the situation where a crime has potentially become embroiled in affairs of State, threatening diplomatic and treaty systems that, in some cases, have taken centuries to create.
With the recent spate of terrorism around the world – from 9/11 to Bali and more recently in the UK – law enforcement and the criminal justice system have had to adjust and adapt to these modern and changing times.
Tackling terrorism is a major challenge for organisations like the Australian Federal Police. You might think something as innocuous as the internet would be a lot easier to deal with, comparatively. However, the internet poses many of its own challenges. In cyberspace, geographical boundaries tend not to determine and define a community. Geographical boundaries do not make it easier to limit criminal activity. Currently a man from Perth and another man from Sydney face charges of trying to groom a child from Canberra for sex using Next G mobile telephone technology.
The internet has facilitated the creation of many different types of communities which defy real world geographical boundaries. The challenge for legislators and law enforcement agencies is responding to the limitations imposed by laws and jurisdictions that are governed by physical, national boundaries.
One way the AFP is responding to this challenge is through the pursuit of cooperation with our international colleagues – by negotiating, for example, treaties and Memoranda of Understanding.
In recent times the AFP has increased its international activities. We have an international AFP network comprising 82 officers in 33 cities in 27 countries. Earlier this year we opened a new office in Bangladesh and in 2008 we propose to open offices in New Delhi, India, and in Vientiane, Laos, pending government approval.
The AFP’s international activities are not limited to the posting of officers in overseas locations. For example, in 2003 we established the Australian High-Tech Crime Centre. The AHTCC is hosted in Canberra by the AFP, however the Centre is staffed by AFP officers as well as representatives from private industry and government departments and the Centre works very closely with out State Police colleagues.
The AHTCC provides a national coordinated approach to combating serious, complex and multi-jurisdictional technology enabled crimes. In particular, the Centre is focused on those crimes that are beyond the capabilities of any one single jurisdiction.
The AHTCC is a founding member of the Virtual Global Taskforce – a group of law enforcement agencies that includes the United Kingdom Child Exploitation and Online Protection Centre, the Royal Canadian Mounted Police, the US Department of Homeland Security and Interpol. The Taskforce members work collaboratively to reduce the incidence and impact of online child exploitation. The advantages of such high-level international cooperation were clearly demonstrated in the recent case of a 10-month international investigation conducted across 35 countries which resulted in the conviction of the man behind the online UK-based paedophile network. More than 700 suspects have been identified as a result of this investigation and so far 31 children have been rescued from abuse or harm.
Global socio-economic and political dynamics are in a state of constant change as technology, the movement of people, information and money and the power of multi-national corporations expands.
At the AFP, we need to start looking 20 years or more ahead into the future. And we need to do it with the recognition that most technology becomes obsolete within 12 months. We need to step out of our comfort zone and find a whole new headspace – a completely new way of thinking about things.
When a case involving an online crime comes to trial, it tends to require expert witnesses due to the highly technical nature of the evidence. This presents further problems regarding the way in which this evidence is presented to a jury. Perhaps today’s jury members have watched too many episodes of Law and Order, but in a courtroom jurors expect to be shown evidence bags containing drugs or guns or similar. The difficulty with online crimes is the evidence is often data which has been criminally manipulated and it is not easy to understand, even to the most computer literate juror.
We often find that there are no fingerprints or other incriminating evidence which can place a suspect at the scene of a crime, making it even more difficult to link that suspect to the crime and demonstrate a causal relationship.
Australia introduced cyber crime laws in 2001, but, as I have mentioned already, the technological developments are outpacing the legislation.
To better understand the new security environment, the AFP has formed a relationship with the Business Government Advisory Group. This is a group of CEOs from most of Australia’s major corporations. Their representation includes, but is not limited to, the financial, primary industry, transport and tourism sectors. The objective of the Group is to create an environment of mutual trust in which information is shared, allowing the latest threats to be better communicated.
Ten years ago I wouldn’t have thought it possible that the police could be working so closely with the private sector. Today, I am convinced this is the way of the future.
I believe the key to establishing security now and into the future is to take the time to stop and understand it and learn from what we’ve done in the past. We need to be honest with ourselves and we need to build relationships – domestic and international – to overcome it.
The responsibility for preventing internet-based crimes lies with all of us. As business owners, as employees, as parents, as citizens.
I firmly believe parents need to make it clear to their children that they must respect the rights of others. If their friends are using the internet to steal music, movies, games or software, they need to be taught that they are not allowed to do it. I’d go so far as to suggest parents remove file-sharing programs from their computers. They are a security hazard, as well.
At the AFP we view internet crime as a law enforcement priority. With your help, together we can fight this crime.
Thank you.