Cybercrime Arrests: Heralding a New Era?
By Erika Morphy
NewsFactor Network

As the Feds continue to build up their expertise, the cyber community can expect to see even better enforcement and more savvy tactics in collecting evidence and preparing for the prosecution of cases, predicts Paul Robertson, director of risk at TruSecure.

The good news about the Federal Bureau of Investigation's high-profile mass roundup of accused cybercriminals, in an operations fittingly called Cyber Sweep, is that it was an exercise of near-unprecedented cooperation in the annals of cyber law enforcement. Participants included some 34 state attorney generals, the U.S. Postal Service, the Secret Service and local law-enforcement agencies.
It indicates a stepping up of federal agencies going after such crimes, Paul Robertson, director of risk at TruSecure, told NewsFactor. They are going after more people and getting better and better at it. Robertson also noted that the feds are garnering better and more coordinated cooperation from their international and foreign counterparts. That is a huge accomplishment as well, he said. So many of these crimes either start or end overseas.

Drop in the Bucket
The bad news stemming from the roundup? Only 125 individuals were netted in the sweep. Not everyone views this result as an indication that we have entered a new era in cybercrime enforcement. Enforcement has gotten better, and the Cybercrime Sweep does show a level of coordination, but we need to see more evidence before we can say there is a pattern forming among enforcement officials, Earl Perkins, Meta Group security analyst, told NewsFactor. The ultimate proof as to whether these activities are having an impact will be in the crime statistics.

Put that way, the Bush administration and law-enforcement officials do indeed have a high bar to clear. Cybercrime has been steadily increasing over the last few years. The Federal Trade Commission reported in January that identity theft topped the list of fraud complaints reported by consumers in 2002, for example, with a whopping 163,400.

Another discouraging statistic comes from the Internet Fraud Complaint Center, which reported that the monetary loss from fraud cases in 2002 increased by some US$17 million to $54 million for the year. These figures include identity theft and e-commerce related fraud, such as auction and shipping scams.

Representative Group

Indeed, the 125 people arrested in the cybercrime sting are representative of the wide range of fraud that is being perpetuated on the Internet. They include individuals charged with counterfeiting and software piracy, as well as a man who is accused of hijacking an Arabic-language news site and a person who allegedly hawked Congressional Medals of Honor online.

In perhaps the most colorful case in this batch, one man in Philadelphia is charged with launching e-mail spam attacks railing about the management of the Philadelphia Phillies baseball team.

All told, the investigation uncovered about 125,000 victims, with losses topping $100 million over the past several months.

Getting Better At It

Many of the 125 arrests were the culmination of old investigations, Robertson said. Ultimately, the mass arrests were, I believe, the result of somebody wanting to make a point. Traditionally, there hasn't been much visibility at the executive-government level surrounding enforcement of cybercrime laws, he said.

However, changes over the last year or so are beginning to have an impact, Robertson believes. He pointed to the organization of the Homeland Security Department, which freed the FBI to investigate crimes, leaving protection of the infrastructure to another agency.

Also, as the Feds continue to build up their expertise, Robertson predicts the cyber community can expect to see even better enforcement and more savvy tactics in collecting evidence and preparing for the prosecution of cases.

It is becoming increasingly clear that when such perpetrators are caught, they will use any number of defenses -- most of which will fall in what I call the 'dog ate my homework' category, he said. He cited a case that was decided two weeks ago in Great Britain where the defendant, accused of launching a denial of service attack against the Port of Houston, was found not guilty. His defense? He claimed that his computer was trojaned by someone else.

It is likely the my computer was hijacked defense will become a standard tactic as more arrests are made. But in response, I am seeing prosecutors trying to present evidence in a way to take this into account, Robertson noted. But that is not always easy to do, he said. The technical issues can be confusing to juries -- the challenge is similar to presenting complicated DNA evidence. But the feds and prosecutors are quickly learning on the job.

Source: NewsFactor