Inadequate response to
threat from cybercriminals
Paris, 9
November 1999 - Advances
in technology have created new vulnerabilities for companies engaged in electronic
commerce - but so far there has been only a feeble response from business and
law enforcement, Brian M. Jenkins, an authority on international crime and terrorism,
told the ICC World Council today.
Addressing the twice-yearly
meeting of the Council, Mr Jenkins said the brief history of cybercrime suggests
that it will grow as the Internet expands. According to one estimate, electronic
commerce transactions will reach more than one trillion dollars by 2003, he
added.
Stressing that estimates
of losses vary wildly, Mr Jenkins said it was clear that cybercrime was pervasive.
One survey showed that between of 50% and 64% of large firms were reporting
breaches of their information systems. Other studies suggested that a great
deal of cybercrime went undetected.
Mr Jenkins listed intrusions
into information systems, theft of intellectual property, disruptions and deliberate
denials of service among categories of cybercrime.
"We are also seeing an increasing
malevolence on the part of hackers whose activities are designed to cause serious
disruptions. Attacks from a multiplicity of locations are becoming more frequent,
so that the perpetrator is difficult to identify and sometimes operates in total
obscurity," Mr Jenkins told his business audience.
While acknowledging business
efforts to achieve self-regulation on the Internet, Mr Jenkins said: "Sooner
or later you have to call a cop. However, e-commerce is borderless while laws
end at frontiers." He noted a distinct reluctance on the part of prosecutors
to take action against cybercriminals and said convictions were rare.
He said ICC had made cybercrime
a priority issue, and had therefore set up a special cybercrime
unit as part of its London-based Commercial Crime Services. The unit's
functions include providing an early warning system, analysis of criminal methods,
and provision of expert advice on the security of information systems.