WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
U.S. law enforcement agents and prosecutors have been working hard to capture and prosecute virus authors, spammers and the people behind online identity theft schemes here in the U.S. But that's just taking a bite out of a larger worldwide problem.
The U.S. only has jurisdiction over spam that originates on these shores or virus writers who live here in the states. The countless other cyber criminals who live outside the country are beyond the reach of U.S. agents, who may only aid foreign investigations -- when the assistance is welcome.
That, some security experts say, is leaving U.S. corporations and users more open to attack. And the danger is increasing as organized crime increasingly becomes involved.
''Working together globally is absolutely critical,'' he adds. ''You need local assistance in these countries to get these guys. We can't just fly people over there to investigate and arrest people. We have to be able to work together.''
And that's exactly what is starting to happen, according to Chris Painter, deputy chief of the Computer Crime and Intellectual Property Section at the Department of Justice.
Painter, who also chairs the G8 High-Tech Crime SubGroup, says he has been working with others in the U.S. government to reach out to foreign governments and develop needed relationships. Painter points to the G8 and the Council of Europe, which worked together to formulate the first Cyber Crime Convention that has been signed by 41 countries to date. It is being considered for ratification in the U.S.
Painter says getting various countries to work together to define the problem and discusse courses to take is a key first step in ultimately sharing information and mutually aiding investigations and prosecutions.
''We're working really hard to reach out to countries and help them draft laws that will allow them to investigate these things and to punish these kinds of crimes,'' he adds.
Painter and various security leaders agree that it will take a joint effort to stem the tide of cyber crime -- especially now that hackers, spammers and virus writers are teaming up together to make a living instead of just making a name for themselves.
And to make matters even worse, industry observers say organized crime is playing a much greater part in cyber crime than ever before.
''We've definitely seen organized crime groups involved,'' says Painter. ''People are highly specialized in different parts of a scheme. They gather together in the online world, where they didn't have that opportunity in the physical world.''
Part of the problem is that technically savvy people -- whether they're hackers or code writers or phishers -- have begun to work together. That kind of cooperation only ups their sophistication and abilities.
But a bigger problem might be the fact that organized crime now is involved. Where as crime families generally are known for being involved with gambling, prostitution and money laundering, the cyber world now is beckoning to them.
Criminal gangs simply will go where the money is.
''Oh, it's already happening,'' says the computer security investigator. ''Organized crime is acting as the overlords. The technical geeks are managed by organized crime.''
The investigator says the Russian mob is highly involved, and has been effectively using spam as a new revenue source.
Mark Sunner, chief technology officer of MessageLabs, a managed email security company based in the U.K., says organized crime groups are using old methods to make money off modern schemes.
''Organized crime comes in to play when it comes to money laundering,'' says Sunner. ''With phishing... a lot of the money winds up in Russia. The laundering methods are old methods.''
Sunner also notes that criminals might feel safer running their schemes from countries like Russia, where there's less chance of prosecution.
''There's a good basis of technical skills in these regions and the law is protecting them there,'' he says. ''Law enforcement knows who they are and the criminals know they know. Either the law there has no teeth or there is no law at all... And there's an awful lot of corruption.''
Figuring out how law enforcement from different countries can work together is critical, according to Sunner.
''We're just starting to see spam legislation get in synch in certain areas, and for ISPs to share data,'' he adds. ''It's a start.''