IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Google Ads



Juergen Maurer
Detective Chief Superintendent
German Federal Police Office

before a hearing 
of the

Subcommittee on Government Management, 
Information, and Technology

July 26, 2000

Computer Security: 
Cyber Attacks - War without Borders


Ladies and Gentlemen,

I am very pleased and sincerely honored to receive the opportunity to address the members of this honorable committee.

My name is Jürgen Maurer, I am a Leitender Kriminaldirektor of the German Federal Criminal Police Office, or Bundeskriminalamt.

After high school and military service I finished my college and university education with academic degrees in economics and social sciences.In July 1981 I started working with the German Federal Criminal Police. Aside my work in the field of white collar and organized crime I was sent as the senior police liaison officer to our German Embassy in Washington DC and served there from September 1997 untill March 2000.

Since then, I am the head of the Subdivsion Central Services within the German Federal Criminal Police Office and among others responsible for the under cover program and the foreign liaison program of the Bundeskriminalamt.

In this context let me allow to give you some short back ground information about our office:

The Federal Criminal Police Office, BKA or Bundeskriminalamt was founded in 1951. The work of the BKA is based on the BKA-law in the version of 1997. In Germany , based on our constition, police work is in general within the jurisdiction of the federal states. The BKA-law constitutes an excemption from this principle.

As a result, the BKA is

the central police agency for the exchange of information,

the German national central bureau of Interpol,

the first agency in the field of international drug cases and smuggling of weapons, counterfeiting of currency and other serious cases of international organized crime and terrorism,

the responsible office for the physical protection of the members of the German government and of foreign dignitaries.

The BKA has its headquarters in Wiesbaden, Hessia, and regional offices in Bonn and Berlin. As of the end of 1998, around 4,800 people were working for the BKA. In that number are included the 1,500 BKA-police-officers. The BKA is the strongest investigative agency in Germany and has sent around 60 police liaision officers abroad.

Our answers concerning the questions of the House Subcommittee on Government Management, Information and Technology are as follows:

Can you estimate what percentage of your cases have an international component?

Since the BKA is responsible for processing international communications in its capacity as National Central Bureau of I.C.P.O-Interpol and as the central c.i.d. agency in Germany, the bulk of cases handled by the BKA has an international component. A special reporting system has been set up for ICT Crime (Information and Technology Crime) wich includes strictly German cases as well as cases with an international component. The percentage of ICT cases with an international component is estimated at about 50 per cent.

How would you rate your cooperation with the Federal Bureau of Investigation (FBI)/National Infrastructure Protection Center (NIPC) on cyber intrusion cases?

Co-operation with partner agencies from abroad is mainly through the 24-Hour Contact Points for International High-tech and Computer-related Crime established by the G8 countries. In addition, there are contacts with the United states using our BKA liaison officers at our embassy in Washington, DC, or the FBI liaison officer posted to Frankfurt/Germany on a case-to-case basis.

Contact with the National Infrastructure Protection Center (NIPC) on a case-to-case basis has occurred only once. In connection with the "distributed denial of service attacks" in February this year, a request for information was forwarded to the NIPC via the German liaison officer in Washington, DC. However, co-operation proved highly problematic. The case showed, that there is the urgent need to establish a more efficient and effective way of exchanging information.
In late June this year representatives of the BKA and NIPC discussed possibilities to enhance the cooperation.
Also in 1999, a BKA officer attended the International Computer Crime Conference hosted by NIPC.

Could you comment on any past investigations which you worked with the FBI/NIPC?

There have been no past investigations in which we worked with the NIPC. However, the investigative co-operation of BKA and FBI has a long tradition and has proved very succesful. We worked together in a significant number of organized crime and white collar crime cases. There has also been a very succesful cooperation with the FBI concerning fugitive cases.

What measures would be useful to you as investigators regarding record keeping by Internet Service Providers or by victims of cyber intrusions?

Victims of cyber intrusions as well as Internet Service Providers (ISP) should keep and make available log files providing information about the IP adresses used by the criminal or other information that may help identify the criminal.
It would also assist investigtors if the ISP created technical perequisites for the surveillance of online communications (comparable to telecommunications interception) for them to be conducted straightaway if required by law.
The data available should be forwarded to the requesting law enforcement agency without having to overcome major bureaucratic obstacles.

Regarding training, what training can be done on a national or international basis to improve international response to cyber intrusions?

There is already a variety of training and advanced training courses organised on international level. For instance, Interpol's European Working Party on IT-Crime organises two training sessions per year which meet with a good response on the part of the participating countries. Unfortunately, the number of training sessions has to be limited to two per year for two reasons: there are only few police experts available to run such courses, and limited funds which do not permit to draw on external resources. However, more training of this type could be provided on an international level if more countries would be prepared to participate in this initiative in an active manner.

Can you please discuss your working relationship with the private sector in your nation in cases where they are the victims of or unwitting participants in a cyber intrusion?

Many victimised companies in Germany are hesitant to file a criminal complaint with law enforcement agencies because they fear a loss of prestige. However, if they opt to make a complaint, most of them are found to be co-operative. For the benefit of law enforcement it is important to forge co-operation partnerships with the system administrators of the victims to obtain the required information more quickly.

Can you discuss current or proposed legislation in your nation for addressing cyber instrusions?

Cyber Intrusions constitute a criminal offence pursuant to sections 202a - data spying -, 303a - alteration of data - and 303b - computer sabotage - of the German Penal Code. The Council of Europe is currently discussing uniform legislation for addressing this phenomenon.

What means can you suggest for improving the process of obtaining evidence internationally - protected seizures, transborder search and seizure, computer forensics, etc. ...?

We would like to suggest the following means for improvement: create uniform training standards for investigators at international level and - many countries have done this already - establish points of contact for partner agencies from abroad to guarantee a quick information flow. In urgent cases (extortion and danger to live and limb), access to the required data should be possible without having to go through the time-consuming standard formalities under international law.

What can you suggest to improve our capabilities to locate and identify criminals, and specifically the preservation of critical transactional data and other information that must be shared quickly?

Some types of computer crime, and cyber intrusions in particular, require an immediate response by the law enforcement community, since data needed in evidence are usually stored for a short period of time only. Reverting to traditional means of legal assistance would cause long-term delays. Preservation orders may assist in the timely preservation of critical data relating to intruders who have made their way into a victims computer via several other computers by ensuring that the data at the previous point of entry are not deleted. However, data disclosure/transfer is not covered by the preservation order, which means that often necessary follow-up enquiries with other ISP are delayed or even prevented altogether as a result of lengthy legal assistance procedures.

Based on your own national experience, what can you suggest to other nations regarding governmantal organization to detect, warn of, and respond to cyber intrusions?

There is a need to set up special communication channels which should be open 24 hours a day to process urgent and critical cases. In addition, there should be a central agency empowerd to take immediate action which is crucial to the entire investigation.

IWS Mailing Lists

Mailing Lists Overview