CIOs Look Beyond Cops for Help Fighting Cybercrime

CIOs Look Beyond Cops for Help Fighting Cybercrime
CIOs Look Beyond Cops for Help Fighting Cybercrime

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE 

By Christopher Koch
June 11, 2007 

When the website of the Central Florida Educators=E2=80=99 Federal Credit Union 
was attacked by phishers last August, CIO and VP of Marketing Kevin 
Dougherty=E2=80=99s first instinct wasn=E2=80=99t to call the police. Though he did 
eventually contact the FBI, =E2=80=9Cunless you can say you were hit with some 
very large dollar amounts I don=E2=80=99t think they have enough people to deal 
with this,=E2=80=9D he says.

And so CIOs like Dougherty are assembling crime-fighting coalitions from 
among consultants, vendors and telecom providers. There=E2=80=99s a historical 
parallel, says Peter Cassidy, secretary general of the Anti-Phishing 
Working Group. When banks opened up 150 years ago, there wasn=E2=80=99t an FBI, 
=E2=80=9Cso banks hired private law enforcement like the Pinkertons,=E2=80=9D he says. 
One day there will be routine cyber-investigations, =E2=80=9Cbut for now we are 
still in the Wild West.=E2=80=9D

Law enforcement faces several challenges. First is the nature of 
cybercrime: global and independent of geography. Hackers in Russia can 
steal money from a bank in the United States using a computer in France 
quickly, cheaply and with no human intervention required. And their 
fingerprints=E2=80=94the IP addresses of the computers that initiate the 
attacks=E2=80=94can be made to disappear before investigators can track them, 
according to Ron Plesco, director of the Privacy and Special Projects 
Group for consultancy SRA International. Internet service providers keep 
logs of every connection but can=E2=80=99t afford to hang on to the piles of 
data for more than a few days without overwhelming their storage 

There=E2=80=99s also a shortage of computer expertise among the FBI and Secret 
Service, which investigate cybercrime, and the U.S. Department of 
Justice, which prosecutes it. Given the manpower shortages, 
investigators need to limit themselves to cases with big losses. 
Unfortunately, the majority of cybercrimes are committed by small 
operators, says Uriel Maimon, senior researcher in the Office of the CTO 
of security provider RSA.=E2=80=9CThere aren=E2=80=99t many $250,000 frauds,=E2=80=9D he says, 
but there are a lot of $2,000 cases=E2=80=94a big-enough haul for a criminal in 
an impoverished country.

Finally, there is the complexity of fighting crime across different 
countries, many of which lack laws that specifically target 
cybercriminals. Experts speculate that we could someday see the rise of 
a new global organization specifically targeted at cybercrime, much as 
the FBI was created to take on the automobile-fueled rise of interstate 
crime in the 1920s and =E2=80=9930s. Painter is skeptical. =E2=80=9CWhat we need to do 
is connect the dots rather than create a new =C3=BCber-organization,=E2=80=9D he 
says. Painter chairs a G8 committee that has agreements with 48 
countries, which have identified cyber-investigators whom they make 
available to the network 24/7, he says.

=C2=A9 2007 CXO Media Inc.

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. 

Site design & layout copyright © 1986-2015 CodeGods