Computer crime

With virus programs, data theft, and credit card fraud ever more present – cybercrime in Germany is constantly increasing.

That's the conclusion of a new joint study published Monday by the German information technology trade group, Bitkom and the Federal Criminal Police Office, also known by its German acronym, BKA.

Phishing in Germany on the rise

According to their new study, the two groups estimate that there will be around 5,000 phishing cases in Germany by the end of the year. Phishing occurs when Internet users are fooled into giving up personal information, usually on fraudulent websites designed to look like legitimate platforms. They add that this represents a 70 percent increase over last year.

The study also states that the average financial loss for each phishing incident is around 3,500 euros and that the total sum of money lost to phishing for the whole country in 2010 will be about 17 million euros.

Despite these alarming figures, Dieter Kempf, a Bitkom board member, said that this data can be deceptive.

"The fear of becoming a victim is usually greater than the actual risk," he said. "That said, two thirds of German web users have already had real-life experience with Internet crime. But it was mostly traditional virus attacks that were reported to us."

Despite the increase of these kinds of online attacks, the president of the Federal Criminal Police Office, Joerg Ziercke, expects that smartphones and social networks such as Facebook or Xing will also become targets of future criminal activity.

"The perpetrators expect mail attachments opened in social networks will have more success because the recipients think that they are coming from a known sender," he said.

Law enforcement hampered

But beyond clever tactics, German authorities say, there's another big reason why the fight against computer crime is tough.

A German court ruled earlier this year ruled that national laws designed to comply with the European Union Data Retention Directive were unconstitutional. The directive would require all member states to store telecommunications data for between six to 24 months, including the IP address and the times of every email, phone call and text message. So far, Romania and Germany are the only two of the 27 member states to declare it unlawful.

But law enforcement officials like Joerg Ziercke also stress the advantages of being able to hang on to this kind of data.

"Due to the fact that Internet providers are no longer required to store such data, there's a chance that police authorities will not be able to acquire relevant suspicious criminal data to conduct investigations," he said.

Ziercke called on German lawmakers to draw up new legislation based on these findings. But even if law enforcement did have better access to IP addresses - the individual number for a given device on the Internet at a given time - they're so fluid that it may not even make a difference.

"If you have a vehicle plate number, we can ask the Federal motor vehicle registry to determine who owns that vehicle. But in the world of IT crime, when we investigate an IP address, we can never know for sure who is behind that IP address."

Author: Marcel Fuerstenau and Cyrus Farivar
Editor: Sam Edmonds