Modernizing Authentication — What It Takes to Transform Secure Access
U.S. law enforcement agents and prosecutors have been working hard tocapture and prosecute virus authors, spammers and the people behindonline identity theft schemes here in the U.S. But that's just taking abite out of a larger worldwide problem.
The U.S. only has jurisdiction over spam that originates on these shoresor virus writers who live here in the states. The countless other cybercriminals who live outside the country are beyond the reach of U.S.agents, who may only aid foreign investigations -- when the assistance iswelcome.
That, some security experts say, is leaving U.S. corporations and usersmore open to attack. And the danger is increasing as organized crimeincreasingly becomes involved.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i ''There's a lot to be done,'' says one computer security investigator whoasked not to be named in this story. ''There's a great need to getdiplomatic weight in dealing with these hackers. There need to bebilateral agreements, extradition laws and legal agreements.
''Working together globally is absolutely critical,'' he adds. ''You needlocal assistance in these countries to get these guys. We can't just flypeople over there to investigate and arrest people. We have to be able towork together.''
And that's exactly what is starting to happen, according to ChrisPainter, deputy chief of the Computer Crime and Intellectual PropertySection at the Department of Justice.
Painter, who also chairs the G8 High-Tech Crime SubGroup, says he hasbeen working with others in the U.S. government to reach out to foreigngovernments and develop needed relationships. Painter points to the G8and the Council of Europe, which worked together to formulate the firstCyber Crime Convention that has been signed by 41 countries to date. Itis being considered for ratification in the U.S.
Painter says getting various countries to work together to define theproblem and discusse courses to take is a key first step in ultimatelysharing information and mutually aiding investigations and prosecutions.
''We're working really hard to reach out to countries and help them draftlaws that will allow them to investigate these things and to punish thesekinds of crimes,'' he adds.
Painter and various security leaders agree that it will take a jointeffort to stem the tide of cyber crime -- especially now that hackers,spammers and virus writers are teaming up together to make a livinginstead of just making a name for themselves.
And to make matters even worse, industry observers say organized crime isplaying a much greater part in cyber crime than ever before.
''We've definitely seen organized crime groups involved,'' says Painter.''People are highly specialized in different parts of a scheme. Theygather together in the online world, where they didn't have thatopportunity in the physical world.''
Part of the problem is that technically savvy people -- whether they'rehackers or code writers or phishers -- have begun to work together. Thatkind of cooperation only ups their sophistication and abilities.
But a bigger problem might be the fact that organized crime now isinvolved. Where as crime families generally are known for being involvedwith gambling, prostitution and money laundering, the cyber world now isbeckoning to them.
Criminal gangs simply will go where the money is.
''Oh, it's already happening,'' says the computer security investigator.''Organized crime is acting as the overlords. The technical geeks aremanaged by organized crime.''
The investigator says the Russian mob is highly involved, and has beeneffectively using spam as a new revenue source.
Mark Sunner, chief technology officer of MessageLabs, a managed emailsecurity company based in the U.K., says organized crime groups are usingold methods to make money off modern schemes.
''Organized crime comes in to play when it comes to money laundering,''says Sunner. ''With phishing... a lot of the money winds up in Russia.The laundering methods are old methods.''
Sunner also notes that criminals might feel safer running their schemesfrom countries like Russia, where there's less chance of prosecution.
''There's a good basis of technical skills in these regions and the lawis protecting them there,'' he says. ''Law enforcement knows who they areand the criminals know they know. Either the law there has no teeth orthere is no law at all... And there's an awful lot of corruption.''
Figuring out how law enforcement from different countries can worktogether is critical, according to Sunner.
''We're just starting to see spam legislation get in synch in certainareas, and for ISPs to share data,'' he adds. ''It's a start.''