October 30, 2013, 8:38 PM — Law enforcement agencies should be allowed to hack into computers to identify cybercriminals and collect evidence, representatives from Europol and the Dutch National Police argued in front of a room full of security professionals at the RSA Europe security conference in Amsterdam.
The Dutch parliament is expected to start debating a legislative proposal introduced earlier this year that would give the Dutch police the right to break into computers to investigate crimes, gather evidence and even take disruptive measures to stop crimes in progress.
"We don't call it hacking, and we definitely don't call it hacking back, because we won't be waiting until we are hacked," said Peter Zinn, a senior cybercrime adviser for the Dutch National High Tech Crime Unit (NHTCU), during the Wednesday panel, "Hacking Back as a Law Enforcement Role." The more appropriate term would be "lawful intrusion," he said.
The technological methods used for such intrusions would be the same ones used by hackers, but the police would do this legally, he said.
The laws should keep pace with technology and law enforcement agencies should have, under strict conditions, the ability to lawfully intrude on computers, Zinn said. There have already been two cases in the Netherlands where existing laws were stretched to allow for this type of action, he said.
In one case, the Dutch police obtained a court order to take control of some computers at hosting provider LeaseWeb and reconstruct the command-and-control panel for the Bredolab botnet, an action that eventually led to the identification of the botnet's creator and his arrest in Armenia in 2010. In the other case, police obtained permission from a judge to hack into a large child pornography website that was only accessible through the Tor network in order to bring it down.
"Without having the possibility to use these methods, we wouldn't have been able to solve those cases," Zinn said.
Troels Oerting, the head of the European Cybercrime Centre (EC3) at Europol, also argued that police should receive computer intrusion powers as part of the same discussion.
There are fundamental differences between how the police will have to fight cybercrime and how they fight traditional crime, Oerting said. In the case of traditional crime, old-fashioned police work is effective because there's a crime scene and a perpetrator who had to be there in order to carry out the crime, he said.
Cybercriminals don't have to travel, they don't have to cross any borders, and they conduct their crimes against multiple victims while hidden abroad, Oerting said. "So the police cannot use the normal ways of obtaining evidence as it used to."