Cybercriminals are getting away with it

Gaps in national criminal laws mean that cybercrime is unpunished in many countries worldwide, a survey has revealed.

According to a report backed by the World Information Technology and Services Alliances (WITSA) - a worldwide consortium of 41 IT industry associations - only nine of the 52 countries analysed in the report have extended their criminal laws into cyberspace to cover most types of cybercrimes.

Bruce McConnell, president of consulting firm McConnell, which conducted the research, said: "The long arm of the law does not yet reach across the global internet. Organisations must rely on their own defences for now."

The report said the lack of updated laws means that cybercriminals around the world believe they will not be punished for their crimes. It said the laws of most countries do not clearly prohibit cybercrimes, and existing laws against physical acts of trespass or breaking and entering often do not cover their 'virtual' counterparts.

Web pages such as the ecommerce sites recently hit by widespread distributed denial of service attacks are not covered by outdated laws as protected forms of property. "New kinds of crimes can fall between the cracks," the report warns.

"Governments, industry and civil society must work together to develop consistent and enforceable national laws to deter future crime in cyberspace," said McConnell.

Thirty-three of the countries surveyed have not yet updated their laws to address any type of cybercrime.

Of the remaining countries, 10 have enacted legislation to address five or fewer types of cybercrime, and nine have updated their laws to prosecute against six or more of the 10 types of cybercrime identified by the survey. Of those countries, only one, the Philippines, indicated that updated legislation is in place to prosecute a future perpetrator of all types of crime.

Graham Cluley, senior technology consultant and UK-based antivirus company Sophos, said: "Very few people are ever punished for theses types of crime. The writer of the Melissa virus, David Smith, has still not been sentenced despite being found guilty a year ago.

"In a lot of countries these laws are largely untested. For instance, I don't think there has ever been a virus writer who has denied guilt and had to be punished on the basis of these laws."

He added: "There is a definite problem. In fact, the people who commit these crimes are even seen as national heroes. It would be good to see laws tightened up."