Criminals are winning when it comes to combating cybercrime

http://www.thetechherald.com/article.php/200850/2593/Criminals-are-winning-when-it-comes-to-combating-cybercrime

The criminals are winning the game of cybercrime vs. cyberlaw.(IMG:J.Anderson)


In the new Virtual Criminology Report (VCR) from McAfee, there is a comment in the Foreword that paints a grim reality for practitioners of the security art. Despite all that has been done to combat cybercrime, the criminals have the upper hand. While you would expect this outlook from a security vendor, looking back on 2008, there is a lot of truth to that statement.


In the past three installments, the McAfee VCR has mostly been a trending report on cyber threats. This year痴 report instead looks at how cybercrime is winning the battle over cyberlaw. To back that train of thought, the McAfee report lists three findings that came to light.


The first was that cybercrime is simply not a top priority for many governments. Political attention is diverted to other matters when you consider the economy and the other risks such as terrorism (i.e. kidnappings, hostage taking, and massive amounts of destruction -- not the let's take away your shoelaces and bottle of water kind).

Mary Kirwan, international lawyer and former cybercrime prosecutor in Canada, sums it up by saying: "The bad guys will inherit the earth, and we will be left swinging in the wind."

"The Achilles heel of the technology sector is the same vulnerability that has the financial services sector currently on its knees: a wealth of arrogance. Complexity is worshipped as an end in itself, and simplicity is scorned. There痴 no understanding of critical interdependencies, through lack of communication," she added.

"We致e a poor grasp of what glues the Frankenstein monster we致e created together, and what can just as equally tear it all apart. But the bad guys are in the know, and they are ready to exploit the demonstrable lack of big picture thinking in the sector."

Another finding is that there is little to no cross-border law enforcement against criminals who commit crimes online. No international efforts mean that criminals in China will continue to victimize people in Europe or America with little done to catch them.

Eugene Spafford, Professor of Computer Sciences at Purdue University and Executive Director of the Center for Education and Research in Information Assurance and Security (CERIAS) in the U.S., explains:

"Criminal behavior is still receiving political cover. For example, in the case of the Myanmar denial of service attacks, they took place with local Eastern European and Russian support. Russia and China are especially reluctant to cooperate with foreign law enforcement bodies for reputation and intelligence reasons."

Finally, the report says that, on every level, law enforcement is ad hoc and ill-equipped to cope with cybercrime. "While there has been progress, there is still a significant lack of training and understanding in digital forensics and evidence collection as well as in the law courts around the world," the report says.

"There are mountains of digital evidence out there; the problem is that there aren稚 enough well-trained investigators, prosecutors and judges to use it effectively. With PC and broadband penetration increasingly high, direct, and indirect evidence is easy to find from machines. Few criminals have the technical ability to avoid leaving or wiping digital traces," commented Peter Sommer, Visiting Professor at the London School of Economics・Information Systems Integrity Group and Visiting Reader at the Open University.

Clearly the resolution for the problems listed in the McAfee report is information and training. The problem is that since most law enforcement offices and investigators are trapped by political red tape, information is a rare commodity.

The criminals instantly share information on a global scale, and laws mean nothing to them. With that in mind at this stage of the game, none of the major players in the cybercrime arena are taking steps to move the scales back to center, leaving law enforcement out in the cold.

Training, on the other hand, is readily available yet rarely taken advantage of. Add the economy into the mix, and more political hurdles, and law enforcement is second or even third rate when it comes to investigating crimes.

From the report, a comment that demonstrates this point came from a reformed criminal called Matthew Bevan.

"I don稚 think law enforcement is equipped to deal with cybercrime, and this has always been the case as people that love IT and have the right skills go into IT jobs, not a law enforcement role," he offered.

"It is extremely rare that an IT specialist would join the police. Therefore, law enforcers lack the right skills to interpret cybercrime and know what to look for. A simple example could be a new USB stick that looks like a torn cable but actually holds 4GB worth of data -- the police wouldn稚 recognize this."

McAfee痴 report centering on cybercrime couldn稚 come at a better time. Also released this week is a report from the Center for Strategic and International Studies that urges President-elect Obama to create a White House department aimed at protecting U.S. cyber interests from attack by foreign agents.

Titled Securing Cyberspace for the 44th Presidency, the CSIS report says: "The United States must treat cybersecurity as one of the most important national security challenges it faces."

Maybe with a new political climate on the U.S., and the growth of Internet-related crimes, there will be a shift in power and cyberlaw will move to match, if not beat, cybercrime during 2009.