This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; charset=UTF-8
By Christopher Koch
June 11, 2007
When the website of the Central Florida Educators=E2=80=99 Federal Credit Union
was attacked by phishers last August, CIO and VP of Marketing Kevin
Dougherty=E2=80=99s first instinct wasn=E2=80=99t to call the police. Though he did
eventually contact the FBI, =E2=80=9Cunless you can say you were hit with some
very large dollar amounts I don=E2=80=99t think they have enough people to deal
with this,=E2=80=9D he says.
And so CIOs like Dougherty are assembling crime-fighting coalitions from
among consultants, vendors and telecom providers. There=E2=80=99s a historical
parallel, says Peter Cassidy, secretary general of the Anti-Phishing
Working Group. When banks opened up 150 years ago, there wasn=E2=80=99t an FBI,
=E2=80=9Cso banks hired private law enforcement like the Pinkertons,=E2=80=9D he says.
One day there will be routine cyber-investigations, =E2=80=9Cbut for now we are
still in the Wild West.=E2=80=9D
Law enforcement faces several challenges. First is the nature of
cybercrime: global and independent of geography. Hackers in Russia can
steal money from a bank in the United States using a computer in France
quickly, cheaply and with no human intervention required. And their
fingerprints=E2=80=94the IP addresses of the computers that initiate the
attacks=E2=80=94can be made to disappear before investigators can track them,
according to Ron Plesco, director of the Privacy and Special Projects
Group for consultancy SRA International. Internet service providers keep
logs of every connection but can=E2=80=99t afford to hang on to the piles of
data for more than a few days without overwhelming their storage
There=E2=80=99s also a shortage of computer expertise among the FBI and Secret
Service, which investigate cybercrime, and the U.S. Department of
Justice, which prosecutes it. Given the manpower shortages,
investigators need to limit themselves to cases with big losses.
Unfortunately, the majority of cybercrimes are committed by small
operators, says Uriel Maimon, senior researcher in the Office of the CTO
of security provider RSA.=E2=80=9CThere aren=E2=80=99t many $250,000 frauds,=E2=80=9D he says,
but there are a lot of $2,000 cases=E2=80=94a big-enough haul for a criminal in
an impoverished country.
Finally, there is the complexity of fighting crime across different
countries, many of which lack laws that specifically target
cybercriminals. Experts speculate that we could someday see the rise of
a new global organization specifically targeted at cybercrime, much as
the FBI was created to take on the automobile-fueled rise of interstate
crime in the 1920s and =E2=80=9930s. Painter is skeptical. =E2=80=9CWhat we need to do
is connect the dots rather than create a new =C3=BCber-organization,=E2=80=9D he
says. Painter chairs a G8 committee that has agreements with 48
countries, which have identified cyber-investigators whom they make
available to the network 24/7, he says.
=C2=A9 2007 CXO Media Inc.
Content-Type: text/plain; charset="us-ascii"
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com