Detective Chief Superintendent
German Federal Police Office
Subcommittee on Government
Information, and Technology
July 26, 2000
Cyber Attacks - War without Borders
Ladies and Gentlemen,
I am very pleased and sincerely
honored to receive the opportunity to address the members of this honorable
My name is Jürgen Maurer, I am a
Leitender Kriminaldirektor of the German Federal Criminal Police Office,
After high school and military service
I finished my college and university education with academic degrees in
economics and social sciences.In July 1981 I started working with the
German Federal Criminal Police. Aside my work in the field of white collar
and organized crime I was sent as the senior police liaison officer to
our German Embassy in Washington DC and served there from September 1997
untill March 2000.
Since then, I am the head of the
Subdivsion Central Services within the German Federal Criminal
Police Office and among others responsible for the under cover program
and the foreign liaison program of the Bundeskriminalamt.
In this context let me allow to
give you some short back ground information about our office:
The Federal Criminal Police Office,
BKA or Bundeskriminalamt was founded in 1951. The work of the BKA is based
on the BKA-law in the version of 1997. In Germany , based on our constition,
police work is in general within the jurisdiction of the federal states.
The BKA-law constitutes an excemption from this principle.
As a result, the BKA is
the central police agency
for the exchange of information,
the German national central
bureau of Interpol,
the first agency in the
field of international drug cases and smuggling of weapons,
counterfeiting of currency and other serious cases of international
organized crime and terrorism,
the responsible office
for the physical protection of the members of the German government
and of foreign dignitaries.
The BKA has its headquarters in
Wiesbaden, Hessia, and regional offices in Bonn and Berlin. As of the
end of 1998, around 4,800 people were working for the BKA. In that number
are included the 1,500 BKA-police-officers. The BKA is the strongest investigative
agency in Germany and has sent around 60 police liaision officers abroad.
Our answers concerning the questions
of the House Subcommittee on Government Management, Information and Technology
are as follows:
Can you estimate what percentage
of your cases have an international component?
Since the BKA is responsible for processing international communications
in its capacity as National Central Bureau of I.C.P.O-Interpol and as
the central c.i.d. agency in Germany, the bulk of cases handled by the
BKA has an international component. A special reporting system has been
set up for ICT Crime (Information and Technology Crime) wich includes
strictly German cases as well as cases with an international component.
The percentage of ICT cases with an international component is estimated
at about 50 per cent.
How would you rate your
cooperation with the Federal Bureau of Investigation (FBI)/National
Infrastructure Protection Center (NIPC) on cyber intrusion cases?
Co-operation with partner agencies from abroad is mainly through
the 24-Hour Contact Points for International High-tech and Computer-related
Crime established by the G8 countries. In addition, there are contacts
with the United states using our BKA liaison officers at our embassy
in Washington, DC, or the FBI liaison officer posted to Frankfurt/Germany
on a case-to-case basis.
Contact with the National Infrastructure Protection Center (NIPC) on
a case-to-case basis has occurred only once. In connection with the
"distributed denial of service attacks" in February this year,
a request for information was forwarded to the NIPC via the German liaison
officer in Washington, DC. However, co-operation proved highly problematic.
The case showed, that there is the urgent need to establish a more efficient
and effective way of exchanging information.
In late June this year representatives of the BKA and NIPC discussed
possibilities to enhance the cooperation.
Also in 1999, a BKA officer attended the International Computer Crime
Conference hosted by NIPC.
Could you comment on any
past investigations which you worked with the FBI/NIPC?
There have been no past investigations in which we worked with the NIPC.
However, the investigative co-operation of BKA and FBI has a long tradition
and has proved very succesful. We worked together in a significant number
of organized crime and white collar crime cases. There has also been
a very succesful cooperation with the FBI concerning fugitive cases.
What measures would be
useful to you as investigators regarding record keeping by Internet
Service Providers or by victims of cyber intrusions?
Victims of cyber intrusions as well as Internet Service Providers (ISP)
should keep and make available log files providing information about
the IP adresses used by the criminal or other information that may help
identify the criminal.
It would also assist investigtors if the ISP created technical perequisites
for the surveillance of online communications (comparable to telecommunications
interception) for them to be conducted straightaway if required by law.
The data available should be forwarded to the requesting law enforcement
agency without having to overcome major bureaucratic obstacles.
Regarding training, what
training can be done on a national or international basis to improve
international response to cyber intrusions?
There is already a variety of training and advanced training courses
organised on international level. For instance, Interpol's European
Working Party on IT-Crime organises two training sessions per year which
meet with a good response on the part of the participating countries.
Unfortunately, the number of training sessions has to be limited to
two per year for two reasons: there are only few police experts available
to run such courses, and limited funds which do not permit to draw on
external resources. However, more training of this type could be provided
on an international level if more countries would be prepared to participate
in this initiative in an active manner.
Can you please discuss
your working relationship with the private sector in your nation in
cases where they are the victims of or unwitting participants in a cyber
Many victimised companies in Germany are hesitant to file a criminal
complaint with law enforcement agencies because they fear a loss of
prestige. However, if they opt to make a complaint, most of them are
found to be co-operative. For the benefit of law enforcement it is important
to forge co-operation partnerships with the system administrators of
the victims to obtain the required information more quickly.
Can you discuss current
or proposed legislation in your nation for addressing cyber instrusions?
Cyber Intrusions constitute a criminal offence pursuant to sections
202a - data spying -, 303a - alteration of data - and 303b - computer
sabotage - of the German Penal Code. The Council of Europe is currently
discussing uniform legislation for addressing this phenomenon.
What means can you suggest
for improving the process of obtaining evidence internationally - protected
seizures, transborder search and seizure, computer forensics, etc. ...?
We would like to suggest the following means for improvement: create
uniform training standards for investigators at international level
and - many countries have done this already - establish points of contact
for partner agencies from abroad to guarantee a quick information flow.
In urgent cases (extortion and danger to live and limb), access to the
required data should be possible without having to go through the time-consuming
standard formalities under international law.
What can you suggest to
improve our capabilities to locate and identify criminals, and specifically
the preservation of critical transactional data and other information
that must be shared quickly?
Some types of computer crime, and cyber intrusions in particular, require
an immediate response by the law enforcement community, since data needed
in evidence are usually stored for a short period of time only. Reverting
to traditional means of legal assistance would cause long-term delays.
Preservation orders may assist in the timely preservation of critical
data relating to intruders who have made their way into a victims computer
via several other computers by ensuring that the data at the previous
point of entry are not deleted. However, data disclosure/transfer is
not covered by the preservation order, which means that often necessary
follow-up enquiries with other ISP are delayed or even prevented altogether
as a result of lengthy legal assistance procedures.
Based on your own national
experience, what can you suggest to other nations regarding governmantal
organization to detect, warn of, and respond to cyber intrusions?
There is a need to set up special communication channels which should
be open 24 hours a day to process urgent and critical cases. In addition,
there should be a central agency empowerd to take immediate action which
is crucial to the entire investigation.