Cyber Crime and IT Legislation

Author: Martin Voelk
November 27, 2014

As part of our Penetration Testing and forensic engagement with our customers, we often get asked: Can we not involve law enforcement to track down the hackers who attacked us and bring them to court? The answer is: It depends where the hackers are based!

We live in a networked world, but the world doesn’t have the same laws. In a recent forensic event the customer was all too happy that they thought the attacker has a European IP address. However upon investigation, a school server in Europe had been compromised and used as a relay. The school was happy to assist in our investigation. Analysing logs lead to the likely real source in China! That means game over.

We worked on a case where a customer website incl. Design etc. had been mirrored by a chinese firm. Intellectual property infringement. Nothing you can do. If the persons doing this reside in a non-Western country your chances are next to zero to take those people to court. After Romania and Bulgaria joined the EU, we seen good progress in the ability to involve local law enforcement but there are dozens and dozens of countries where this is not possible.

A lot of the hacks and frauds source from but are not limited to: China, Russia, South America, Middle East, Africa and Far East Asia. Often from countries where there is little or no IT legislation. In other words hacking is not a crime in some countries. Yes, you heard that right. We know those countries but won’t name them. Google Search knows them too.

The other problem is where countries have bad or no relations with each other. A few examples. Almost no Arab law enforcement agency cares about attacks against Israeli servers and vice versa. An Israeli hacker would likely not face problems at home for attacking an Iranian server. The current situation between the Ukraine and Russia and Russia and the West gives the same picture. Then in countries with war zones, no one can or will enforce hacking investigations, such as in Syria or Iraq.

We recently worked with a UK customer who got hacked. We were able to trace the real IP down to the source. It was in Argentina. Game over. Everyone knows that the relationship between Britain and Argentina is poor to say at least. Law enforcement in Argentina will not help investigating or even prosecuting an argentinian hacker who attacked a UK company, unless there is some public or national interest (maybe).

Hackers who know legislation know very well from where they can launch attacks and from where they can’t. In the West a lot of the Cyber Criminals hide in the TOR/Deep Web Network and try to disguise their real location. In some countries of the world there is no need to use TOR because hackers won’t face problems. A lot of the serious hacking boards are publicly hosted in Russia on the white web. Same goes for Chinese forums.

The issue is complex and difficult.

We can only recommend customers to get a Pentest to check their security before they got hacked! Tracing down hackers or even prosecuting them if they are based outside your home or western legislation is as good as impossible and will cause frustration for the victims.


Comments are closed.