White Collar Crime News

Dispute between US and WikiLeaks / Julian Assange highlights the problems with cybercrime cases August 9, 2010

By now, you must have heard about the dispute between the WikiLeaks website and the US Government.   WikiLeaks and its founder Julian Assange have not only released classified US Government (I’m using “Government” in general, hence the capital G) documents but has threatened to release even more in the near future.  The appearance of an encrypted “insurance” file on its site has also sparked questions of how far the Government would go to stop WikiLeaks.  The file is huge at almost one and half gigs and is encrypted so that even the Government working for weeks and months may not be able to have enough computer power to crack it.  The thought is that the encryption key could be released if something happens to Julian Assange, anyone else associated with WikiLeaks, or the site itself thus keeping the Government away.

Thus, like something out of a spy novel, it is clear that the thought of the military or some other Government agency harming people and/or servers in an attempt to stop WikiLeaks has crossed the minds of many on both sides.  Such extreme action may be the only option since WikiLeaks is hosted in Sweden and mirrors in other countries would be easy to set up.  Thus, trying to go after the information on the Internet is extremely difficult, if not impossible.  Once its on the Internet, its out there. 

While I do not profess to be an expert on international law, the Government can clearly indict someone and have the person’s host country extradite them as long as they can be found and there is a treaty with the U.S.  While Julian Assange may be difficult to find as he reportedly tends to move around a lot, there is no indication that he is impossible to find.  I don’t see how his location (if he can be found) has anything to do with a possible prosecution (other than extradition).  I’ve seen some “experts” indicate that this could prevent prosecution but we have prosecuted people for attempting to blow up foreign airliners (see Ramzi Yousef).  However, there other issues that could complicate the Government’s fight.

The first issue is one of PR.  WikiLeaks didn’t hurt anyone and many people support them.  Thus, arresting someone associated with WikiLeaks could cause a lot of negative press that makes the story even bigger.

The bigger issue is one of evidence.  An overseas cybercrime investigation is tough.  Just look at all those “Nigerian scams” and other cyber-frauds that you see all the time.  Tracking these people down when they try to hide their identity and then finding the evidence to convict them is very tough.  For example, lets throw out the PR issue and lets say you find Julian Assange in some country; how do you convict him?  How do you prove that he actually hacked into a server or that he actually uploaded this information?  The reason sites such as WikiLeaks and thePirateBay (different type of site but running out of the same hosting company) can survive is because the countries they are in (in this case, Sweeden) allow them to.  As a result, the countries and the companies will not help provide any information. 

When it comes to child pornography, just about the whole world can agree that anyone having anything to do with it should be prosecuted.  However, when it comes to scams, pirated media and classified information, some countries don’t seem to care.  Countries like Nigeria and Russia have permitted organized crime to run cyber-scams from their countries for years.  What does the US do about it?  Little to nothing even though tracking money might be a little easier than tracking files.  Instead, they have turned a blind eye to its citizens getting ripped off for more than a decade.  Now that the US Government is feeling the pain, I don’t think anyone should feel too sorry for them.

So, in the end, the Government’s lax attitude towards cybercrime could come back to bite them as they run into the same roadblocks that many victims of cyberscams and cybercrimes have run into.  The question for the Government now is: how is this going to be handled not only in this case, but in the future?  When does cyberactivism cross the line into cybercrime?