Targeting and confiscating proceeds of cybercrime involves the approaches of cybercrime, financial and money laundering investigations, and the seizure of electronic evidence. International cooperation is important in combining these investigational elements.
Investigating proceeds of crime from cyber offences often also reveals the offence of money laundering. Money laundering allows criminal organisations to benefit from their illegal activities and maintain their operations. The money laundering process often begins online, and organised crime groups utilise various methods including laundering proceeds through overseas properties. This makes investigation very complicated for the relevant authorities.
Effective investigation of cybercrime and the related proceeds requires cooperation across borders and within different jurisdictions. The institutions involved can include cybercrime units, financial investigation units, Financial Intelligence Units (FIUs) and prosecution services.
Mutual legal assistance
Mutual Legal Assistance (MLA) is considered as the primary method to enforce court orders and to gather evidence abroad. This can be a lengthy procedure that presents significant obstacles to the investigation, and the use of joint investigations might help to address some of the challenges.
How is electronic data physically seized?
There are various possibilities for seizing computer data:
- seize physically a computer system;
- make and retain a copy of those computer data, which is important where physical removal is impossible (e.g. data stored on a major server), and also when physical seizure would interfere with the rights of others who legitimately require access (e.g. to a company’s server);
- maintain the integrity of the relevant stored computer data; and
- render inaccessible or remove those computer data in the accessed computer system.
What legislation compels the provision of data upon request?
Article 18 of the Budapest Convention states that each Party must adopt legislative measures to empower its law enforcement authorities to give production orders. These orders can be issued by law enforcement agencies to individuals as well as Internet service providers, ordering them to provide the relevant authorities with electronic data or subscriber data.
Seizing electronic evidence – what are the challenges?
The investigation of cybercrime and the related proceeds involves the collection of electronic evidence, which can present numerous challenges.
Evidence located outside jurisdiction
Electronic evidence may be located outside of the jurisdiction.
Data size and formats
A typical hard drive can store an enormous amount of data. There are significant challenges due to the volume of evidence and the fact that the seized data may contain both evidential and non-evidential records.
It may also not be apparent which sources of evidence will be relevant. For example a child pornography suspect may store data on USB keys rather than a PC. A long time may be spent investigating the PC and no offending material will be found.
The use of remote storage presents additional challenges in identifying relevant electronic evidence, and can prevent seizure of the suspect’s computer hardware by law enforcement agencies.
Encryption is being used by criminals with increasing frequency, and creates significant challenges for law enforcement in accessing the encrypted information.
Investigating and confiscating proceeds of cybercrime can be a very complex process that involves multiple jurisdictions, and effective investigations will typically involve international cooperation and mutual legal assistance. These avenues may help to overcome the challenges in identifying and seizing electronic evidence, ultimately leading to prosecuting the offender/s and confiscating the proceeds of crime.
Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations.
Contact us if you require assistance.