http://www.cio.com/article/118500/CIOs_Look_Beyond_Cops_for_Help_Fighting_Cybercrime By Christopher Koch CIO June 11, 2007 When the website of the Central Florida Educators’ Federal Credit Union was attacked by phishers last August, CIO and VP of Marketing Kevin Dougherty’s first instinct wasn’t to call the police. Though he did eventually contact the FBI, “unless you can say you were hit with some very large dollar amounts I don’t think they have enough people to deal with this,” he says. And so CIOs like Dougherty are assembling crime-fighting coalitions from among consultants, vendors and telecom providers. There’s a historical parallel, says Peter Cassidy, secretary general of the Anti-Phishing Working Group. When banks opened up 150 years ago, there wasn’t an FBI, “so banks hired private law enforcement like the Pinkertons,” he says. One day there will be routine cyber-investigations, “but for now we are still in the Wild West.” Law enforcement faces several challenges. First is the nature of cybercrime: global and independent of geography. Hackers in Russia can steal money from a bank in the United States using a computer in France quickly, cheaply and with no human intervention required. And their fingerprints—the IP addresses of the computers that initiate the attacks—can be made to disappear before investigators can track them, according to Ron Plesco, director of the Privacy and Special Projects Group for consultancy SRA International. Internet service providers keep logs of every connection but can’t afford to hang on to the piles of data for more than a few days without overwhelming their storage systems. There’s also a shortage of computer expertise among the FBI and Secret Service, which investigate cybercrime, and the U.S. Department of Justice, which prosecutes it. Given the manpower shortages, investigators need to limit themselves to cases with big losses. Unfortunately, the majority of cybercrimes are committed by small operators, says Uriel Maimon, senior researcher in the Office of the CTO of security provider RSA.“There aren’t many $250,000 frauds,” he says, but there are a lot of $2,000 cases—a big-enough haul for a criminal in an impoverished country. Finally, there is the complexity of fighting crime across different countries, many of which lack laws that specifically target cybercriminals. Experts speculate that we could someday see the rise of a new global organization specifically targeted at cybercrime, much as the FBI was created to take on the automobile-fueled rise of interstate crime in the 1920s and ’30s. Painter is skeptical. “What we need to do is connect the dots rather than create a new über-organization,” he says. Painter chairs a G8 committee that has agreements with 48 countries, which have identified cyber-investigators whom they make available to the network 24/7, he says. © 2007 CXO Media Inc. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 12 2007 - 23:23:54 PDT