Since 1999 the Slovenian Criminal Police have engaged in systematic investigation of cyber crime while developing their computer forensics capacity.
Over the past year, the Criminal Police underwent significant organisational alignment in special investigative policing areas and established a national Computer Investigation Centre along with four regional offices operating in Koper, Ljubljana, Celje, and Maribor. The workforce capacity is 45 posts. Of these, 32 have been occupied. With accelerated developments in information technologies, notably hardware and software, and emergence of new forms of cyber crime, the Slovenian force is upgrading its hardware and software and making sure its employees receive proper IT-training and improve their skills on a regular basis. The police employees receive regular training in cooperation with external authorities in Slovenia, and through professional exchanges with international authorities.
The Computer Investigation Centre and the regional offices have the following responsibilities:
- investigation of cyber crime (abuse of personal data, breach of material copyright law, computer/information system attacks and intrusions, manufacture and acquisition of instruments intended for perpetration of crimes);
- investigation of seized e-devices and e-data (computer forensics);
- supporting other specialized branches of policing (e.g. child pornography, internet fraud, racial hatred on the web, tax evasion, corruption, on-line banking frauds) etc.
Crime rates have been increasing year by year in all of the above lines of policing. Reported computer crime rates go up by roughly 60% to 110% per year. The first half of 2010 saw an increase of 107% percent in comparison to half-year data in 2009. The quantity of electronic devices seized during pre-trial investigations for analyses and investigation purposes has gone up by 35% to 50% in a year. In the first half of the year, the police secured digital forensic evidence and seized e-devices in 515 cases, representing a 49% increase on last year's figure (346). We have also observed an upward trend in internet crimes, in particular concerning the distribution of files/materials presenting child abuse, content inciting (racial) hatred and violence inciting, and internet fraud.
Cyber crime often affects internet users in several countries. This calls for international law enforcement and judicial collaboration. The Slovenian Criminal Police have been engaged in various international investigations into child pornography, computer fraud and computer system attacks. Such forms of cooperation are contained in the Penal Code and provided for by the Convention on Cybercrime based on which the act was adopted in 2004. The documents define general principles of joint international cooperation, mutual assistance, and exchange of information. The important fact in this particular case is that the United States initiated the case by sending a letter rogatory based on which an investigation was mounted Slovenia in May 2010. The key information came from FBI investigators with the assistance of the Spanish Guardia Civil. The Spanish police identified some purchasers and users of the software designed for stealthy operation in various systems, and enabling acquisition of pecuniary advantage in an illegal manner.
Following an official exchange of information the Slovenian police made a direct operational contact with the FBI investigators whose presence in Slovenia was important in the crucial phase of the investigation; they collaborated with the Slovenian investigators but did not exercise police powers in the territory of Slovenia or directly participate in investigation activities. Their role related exclusively to the exchange of information between the two police forces. The results of the investigation and the analysis of the material seized will be forwarded to the prosecution authorities and to the court of law that issued house search warrants, seizure orders and examination of digital data. The digital evidence secured by the Slovenian police will be communicated to the FBI in the form of a letter rogatory in compliance with the national law. It should be noted that the investigation in question was marked by excellent cooperation between the two police forces (this was the first time the two forces engaged in such collaboration), which served as a basis for the success of the investigation. One of the results of that fruitful cooperation is FBI's invitation extended to the Slovenian investigators to present the investigation in question at the international conference on cyber crime in New York next week.
Iserdo case
Further to a letter rogatory sent by the U.S. Department of Justice, the Slovenian police launched an investigation into the suspicion of manufacture of instruments to attack information system (offence to be punished by imprisonment of up to one year) and the suspicion of money laundering (offence to be punished by imprisonment of up to five years, or up to 10 years in case of a criminal association involved, or up to eight years in case of high value of property). On the basis of a court order in writing issued by the District Court of Maribor the police conducted 7 house searches in the territories of Maribor, Celje and Krško police directorates. Two persons (aged 23 and 24) were taken into police custody and a decision was issued by the District Court of Maribor confiscating the main suspect's assets on a temporary basis. The number of persons involved has not been determined yet and will depend on the findings of a review of the digital evidence seized. It is not possible for the time being to specify the number of computers infected; the results of the investigation in the U.S. and Spain show there are over 10 million computers infected all over the world. The number of computers infected in Slovenia has not been determined, either. The author of the malware sold his product to customers and gained pecuniary advantage. The price of the malware ranged from EUR 200 to 300 for individual customers. Direct damage to computer owners was caused by the users of the malware. According to foreign law enforcement agencies, the malware infected computers of financial institutions, corporations and individuals.
Seventy-five (75) items of computer equipment (including PCs, laptops, hard discs, data media) were seized during house searches, and digital forensic evidence was secured in accordance with the Criminal Procedure Act. Digital data will be inspected and analysed with a view to securing traces and evidence to be presented in further criminal proceedings. The pre-trial procedure is being steered by the District State Prosecutor's Officer in Maribor working in close cooperation with the criminal police.