http://www.cio.com/article/118500/CIOs_Look_Beyond_Cops_for_Help_Fighting_Cybercrime
By Christopher Koch
CIO
June 11, 2007
When the website of the Central Florida Educators’ Federal Credit Union
was attacked by phishers last August, CIO and VP of Marketing Kevin
Dougherty’s first instinct wasn’t to call the police. Though he did
eventually contact the FBI, “unless you can say you were hit with some
very large dollar amounts I don’t think they have enough people to deal
with this,” he says.
And so CIOs like Dougherty are assembling crime-fighting coalitions from
among consultants, vendors and telecom providers. There’s a historical
parallel, says Peter Cassidy, secretary general of the Anti-Phishing
Working Group. When banks opened up 150 years ago, there wasn’t an FBI,
“so banks hired private law enforcement like the Pinkertons,” he says.
One day there will be routine cyber-investigations, “but for now we are
still in the Wild West.”
Law enforcement faces several challenges. First is the nature of
cybercrime: global and independent of geography. Hackers in Russia can
steal money from a bank in the United States using a computer in France
quickly, cheaply and with no human intervention required. And their
fingerprints—the IP addresses of the computers that initiate the
attacks—can be made to disappear before investigators can track them,
according to Ron Plesco, director of the Privacy and Special Projects
Group for consultancy SRA International. Internet service providers keep
logs of every connection but can’t afford to hang on to the piles of
data for more than a few days without overwhelming their storage
systems.
There’s also a shortage of computer expertise among the FBI and Secret
Service, which investigate cybercrime, and the U.S. Department of
Justice, which prosecutes it. Given the manpower shortages,
investigators need to limit themselves to cases with big losses.
Unfortunately, the majority of cybercrimes are committed by small
operators, says Uriel Maimon, senior researcher in the Office of the CTO
of security provider RSA.“There aren’t many $250,000 frauds,” he says,
but there are a lot of $2,000 cases—a big-enough haul for a criminal in
an impoverished country.
Finally, there is the complexity of fighting crime across different
countries, many of which lack laws that specifically target
cybercriminals. Experts speculate that we could someday see the rise of
a new global organization specifically targeted at cybercrime, much as
the FBI was created to take on the automobile-fueled rise of interstate
crime in the 1920s and ’30s. Painter is skeptical. “What we need to do
is connect the dots rather than create a new über-organization,” he
says. Painter chairs a G8 committee that has agreements with 48
countries, which have identified cyber-investigators whom they make
available to the network 24/7, he says.
© 2007 CXO Media Inc.
Received on Wed Jun 13 01:10:32 2007