Cybercrooks are gaining an edge over Internet users and those seeking to stop the criminals—largely due to a “swiss cheese” of cybercrime laws worldwide, a lack of prosecutorial and law enforcement resources and low government prioritization. Such are the findings in the 2009 McAfee Cybercrime Versus Cyberlaw Virtual Criminology Report. The report, which is in its fourth year, includes input from over a dozen security experts, offering an in-depth analysis of the state of cybercrime. While the report highlights the many challenges we face, it also offers clear steps that we can and must take to improve the situation. The good news is we are heading in the right direction.
But before we examine the solutions, let’s take a look at the extent at which cybercrime is winning over cyberlaw and the cause of some of the problems. One of the first challenges before us is that some governments have not made cybercrime a high enough priority. Faced with an economic crisis and threats such as terrorism, fighting cybercrime can easily fall to the bottom of governments’ priorities. And unfortunately, while governments are focused on shoring up their economies, cybercriminals are taking advantage of the public’s anxiety about the recession. For instance, after a number of U.S. banks collapsed, fraudsters quickly sent out emails claiming to be from these banks, asking customers to reconfirm their bank account numbers and passwords. Cybercrooks are also preying on people looking for new jobs after layoffs by promoting get-rich-quick schemes and fraudulent work-from-home offers.
In addition to bolstering cybersecurity in our home countries, we need to improve cross-border cooperation, experts say. Traditional law enforcement still operates within the constraints of traditional physical boundaries, but borders don’t exist on the Internet. Cybercrooks can operate anywhere, making local law enforcement efforts difficult. By fostering international cooperation and information sharing, and by harmonizing our cyberlaws, law enforcement and prosecutors can more effectively find and prosecute criminals.
Our current law enforcement efforts continue to be siloed, the report says. Experts recommend that we set up a global task force dedicated to transnational cybercrime investigations. The task force would prioritize which crimes they would tackle and provide logistical support to law enforcement agencies in different countries.
The third issue concerning security experts is what’s happening in the “trenches” of law enforcement—a lack of sustained training and “feet on the street” with cybersecurity and digital forensics expertise. While cybercriminals evolve their tactics to take advantage of the latest technology, police on the frontlines cannot keep up because of high turnover and other issues.
Before we can improve the effectiveness of cyberlaw, we clearly have to deal with all of these issues. Fortunately, we are moving in the right direction on several fronts. In 2004, the Council of Europe Convention on Cybercrime established a common cybercrime framework. To date, 23 countries have ratified it so far, and more are slated to. The convention framework provides standard definitions of cybercrime, legal assistance and evidence exchange procedures across borders. Overall, it is meant to make extradition and prosecution easier. Just recently, the U.S. passed a new cyberlaw that gives victims of online crime a way to seek restitution for their losses and reduces the minimum damage required before prosecution of a cybercrime.
While these are strong steps, we recognize that the international cybercommunity has a ways to go before we enjoy any real advantage over cybercriminals. To that end, McAfee recently launched the McAfee Initiative to Fight Cybercrime—a way to do our part in the fight. (Read more about it here: http://www.mcafee.com/us/about/corporate/fight_cybercrime/index.html). The Initiative encourages open and active dialogue with a host of players in fighting cybercrime—across multiple industries, across country boundaries, and across public and private industry.
The Initiative focuses on equipping law enforcement, educating and assisting cybercrime victims, and seeking innovative solutions aimed at fighting cybercrimes. To support such efforts, McAfee has established an annual grant program to support concrete programs or solutions that can increase effectiveness in fighting these crimes. We have also have begun in earnest the establishment of the Cybercrime Response Unit (CRU)—aimed for Phase 1 completion in Q1 2009—to help victims of online crimes. And finally, we are pursuing an open dialogue with the law enforcement community worldwide to brainstorm new and innovative ways to assist that community. All of our efforts are aided by an ever-growing advisory council of experts who, like us, are passionate about fighting cybercrime and will lend energy and expertise to our cause. Our goal is not just to tip the scales in favor of justice, but for us to truly win the war against cybercriminals. We know it takes a community effort, and we must all do our part.
Consumers must protect their computers with up-to-date security software to prevent becoming part of the cybercrime problem. We hope that service providers, domain registrars, and money transfer agencies will cooperate with the security community and law enforcement agencies. And finally, it is our hope that businesses will report crimes to further our knowledge about the growing threat from these cybercriminals.
We are facing a multi-pronged problem, but we can fight it with a multi-pronged solution. Here at McAfee, we are dedicated to doing our part. Wouldn’t it be nice if next year’s Cybercrime vs. Cyberlaw report recorded more successes than failures?
No comments:
Post a Comment