Usually, when a person causes billions of dollars of damage worldwide, he or she is arrested, charged with a crime or, at the very least, forced to apologize profusely.
Then again, inducing widespread economic chaos and ruining countless lives isn’t even a crime if one accomplishes it via computer virus — and lives in the right country.
“The most spectacular example is the ‘I Love You’ virus,” said Professor Abraham D. Sofaer, a Stanford law instructor and senior fellow at the Hoover Institution.
That virus, which caused worldwide havoc last year, attached itself in three places in the Microsoft Windows directory, corrupting files and sending the virus to those on one’s e-mail list. The suspect was traced to the Philippines.
However, “the Philippines’ attorney general made a formal ruling to not seek prosecution because there was no statute against what the young man had done. He caused billions of dollars in damage and lost productivity and there was no statute whatsoever to cover it. And that’s not uncommon, according to Sofaer.”
Along with Georgia Institute of Technology Professor Seymour Goodman, Sofaer, a member of Palo Alto’s Congregation Kol Emeth, is the co-editor of “The Transnational Dimenson of Cyber Crime and Terrorism,” a collection of scholarly works emanating from a 1999 Hoover Institution conference.
Pointing to instances in which hackers or thieves hailing from overseas escaped prosecution because of lax or nonexistent laws regarding cyber-crime, Sofaer feels strongly that the nations of the world must come up with uniform standards on what constitutes a crime and settle upon evidence-gathering and extradition agreements.
With its economy heavily dependent on the well-being of the high-tech industry, cyber-crime is no laughing matter in Israel.
“Israel’s economy relies on the Web and technology to a much heavier degree than the average country. So Israel has a tremendous interest in the security of the cyber-world,” said Sofaer who was the head U.S. negotiator in the Taba talks between Israel and Egypt between 1986 and 1989.
“And Israel is also the source of many cyber-attackers. A lot of Israeli kids think it’s a cool thing to be a cyber-criminal. I don’t know why.”
In fact, points out Sofaer, the perpetrators of the recent “Goner Worm” virus, which wreaked millions of dollars of damages worldwide, turned out to be a handful of Israeli teenagers.
Even more serious in coming years, however, is the possibility of state-sponsored cyber-terrorism. Sofaer believes many of “the usual bad guy” nations are already actively engaging in cyber-crime and terrorism, and, in the near future, may become much more destructive.
“Right now, we’re still living in a fairly protected world. If you don’t open an e-mail attachment, you’re pretty safe. My prediction is, that’s going to change,” he said with an ominous tone in his voice.
“People are going to figure out ways to penetrate into a computer without anyone opening an attachment. And that is going to create a tremendous crisis. You’re going to need server-level protection. We’ll need to have all messages go through a central source, where they’ll be screened.”
Spurred on by fears of increasingly potent computer viruses — and, Sofaer believes, the terrorism of Sept. 11 — the United States recently signed the Council of Europe cyber-crime treaty. While he believes this to be a start, the professor, lawyer and former New York judge said the treaty doesn’t come close to addressing the most pressing security threats.
Sofaer compares the world of cyberspace to the airways, pointing out that lax security in one airport can threaten people on the other side of the world.
“If you have planes landing in our country coming from a country that has inadequate security, not only were the planes insecure on their way here, they bring people here with things or plans that we don’t want,” he said.
“The agreement we have through the ICAO [International Civil Aviation Organization] is that all states will submit to standards and procedures adopted by ICAO through consensus.”
While nearly every nation capable of international aviation is a member of the ICAO, the recent cyber-crime treaty is largely limited to “Europe and a few of its allies.” This, Sofaer maintains, leaves the world as vulnerable as ever to cyber-crime emanating from countries with no laws on the books. Also, unlike the ICAO, the current treaty has no provision for financial and technical aid to its poorer members.
In the near future, argues Sofaer, extradition arrangements and a uniform agreement on what constitutes a cyber-crime will be necessary for nations like the United States and Israel to prosecute criminals currently threatening the world from the globe’s hinterlands.
“You can’t have a perimeter defense only, and that’s what the private sector is focused on,” said Sofaer, who notes that, by the year 2003, an estimated $7.4 billion will be spent on Internet security in the U.S. alone.
“But if you have only a perimeter defense, the attack will eventually overcome you. You have to get out there and find them and put them out of business — like Osama bin Laden.”