The U.S. government is teaming up with security industry leaders to reach
out to foreign countries and help them tackle the growing global problem
of cyber crime.
U.S. law enforcement agents and prosecutors have been working hard to
capture and prosecute virus authors, spammers and the people behind
online identity theft schemes here in the U.S. But that’s just taking a
bite out of a larger worldwide problem.
The U.S. only has jurisdiction over spam that originates on these shores
or virus writers who live here in the states. The countless other cyber
criminals who live outside the country are beyond the reach of U.S.
agents, who may only aid foreign investigations — when the assistance is
welcome.
That, some security experts say, is leaving U.S. corporations and users
more open to attack. And the danger is increasing as organized crime
increasingly becomes involved.
”There’s a lot to be done,” says one computer security investigator who
asked not to be named in this story. ”There’s a great need to get
diplomatic weight in dealing with these hackers. There need to be
bilateral agreements, extradition laws and legal agreements.
”Working together globally is absolutely critical,” he adds. ”You need
local assistance in these countries to get these guys. We can’t just fly
people over there to investigate and arrest people. We have to be able to
work together.”
And that’s exactly what is starting to happen, according to Chris
Painter, deputy chief of the Computer Crime and Intellectual Property
Section at the Department of Justice.
Painter, who also chairs the G8 High-Tech Crime SubGroup, says he has
been working with others in the U.S. government to reach out to foreign
governments and develop needed relationships. Painter points to the G8
and the Council of Europe, which worked together to formulate the first
Cyber Crime Convention that has been signed by 41 countries to date. It
is being considered for ratification in the U.S.
Painter says getting various countries to work together to define the
problem and discusse courses to take is a key first step in ultimately
sharing information and mutually aiding investigations and prosecutions.
”We’re working really hard to reach out to countries and help them draft
laws that will allow them to investigate these things and to punish these
kinds of crimes,” he adds.
Painter and various security leaders agree that it will take a joint
effort to stem the tide of cyber crime — especially now that hackers,
spammers and virus writers are teaming up together to make a living
instead of just making a name for themselves.
And to make matters even worse, industry observers say organized crime is
playing a much greater part in cyber crime than ever before.
”We’ve definitely seen organized crime groups involved,” says Painter.
”People are highly specialized in different parts of a scheme. They
gather together in the online world, where they didn’t have that
opportunity in the physical world.”
Part of the problem is that technically savvy people — whether they’re
hackers or code writers or phishers — have begun to work together. That
kind of cooperation only ups their sophistication and abilities.
But a bigger problem might be the fact that organized crime now is
involved. Where as crime families generally are known for being involved
with gambling, prostitution and money laundering, the cyber world now is
beckoning to them.
Criminal gangs simply will go where the money is.
”Oh, it’s already happening,” says the computer security investigator.
”Organized crime is acting as the overlords. The technical geeks are
managed by organized crime.”
The investigator says the Russian mob is highly involved, and has been
effectively using spam as a new revenue source.
Mark Sunner, chief technology officer of MessageLabs, a managed email
security company based in the U.K., says organized crime groups are using
old methods to make money off modern schemes.
”Organized crime comes in to play when it comes to money laundering,”
says Sunner. ”With phishing… a lot of the money winds up in Russia.
The laundering methods are old methods.”
Sunner also notes that criminals might feel safer running their schemes
from countries like Russia, where there’s less chance of prosecution.
”There’s a good basis of technical skills in these regions and the law
is protecting them there,” he says. ”Law enforcement knows who they are
and the criminals know they know. Either the law there has no teeth or
there is no law at all… And there’s an awful lot of corruption.”
Figuring out how law enforcement from different countries can work
together is critical, according to Sunner.
”We’re just starting to see spam legislation get in synch in certain
areas, and for ISPs to share data,” he adds. ”It’s a start.”