WASHINGTON—The federal government is falling farther and farther behind its fight against cybercrime and, despite...
an increase in the amount of resources being allocated to address the problem, it will continue to struggle without a lot of help from law enforcement agencies at the state, local and international levels, current and former government security officials say.
Currently, the vast majority of the work being done on cybercrime and national computer security issues is done at the federal level by agencies as diverse as the FBI, Treasury Department, Department of Homeland Security and Department of State. And while these agencies all have teams of highly trained security professionals, the sheer volume of investigations that they're asked either to run or assist with far outweighs the amount of time, money and personnel available. Jerry Dixon, former executive director of the National Cyber Security Division at DHS and current vice president for government relations for Infragard's National Member Alliance, said in a keynote speech at the Black Hat D.C. conference here Wednesday that the only way to help stem this tide is with a big shift in the way that lower-level law enforcement agencies deal with computer security cases.
"We need more trained law enforcement personnel at the state and local level," he said. "The feds are swamped. We need a tiered approach."
The default approach right now for most state and local agencies is to refer many, if not all, of their computer security cases to the federal agencies. Most of the state police departments and local forces have few officers with the kind of technical background to handle these complex cases. And, because computer cases often cross state or national boundaries, the federal agencies are better equipped to handle them. However, Dixon said that the changing nature of today's threats makes it impossible for even the well-funded and well-staffed agencies such as the FBI and Treasury to stay abreast of the problem.
Dixon, who also works with Team Cymru , a team of security experts, said that the group's current research shows more than 3.5 million active botnet command and control servers. Attackers are using this massive infrastructure to launch an increasingly complex and varied set of attacks against corporate, government and home-user machines, all with the goal of corralling as much personally identifiable information as possible.
"It's about people and crime now. The attackers are going after our information and identities," Dixon said. "There's a very low risk to the attackers because it's an international challenge. Attribution is still very difficult."
Dixon and Andy Fried, a senior special agent with the Treasury Inspector General for Tax Administration's System Intrusion and Attack Response Team, emphasized that even with more help from other U.S. law enforcement agencies and tougher computer crime laws, the online crime problem will still be a major challenge because of the international nature of most attacks.
"We can create all kinds of laws in this country, but if we're not working with other countries, it's not going to work. The problem is global," Dixon said.
Fried, who works closely with agencies across the U.S. and around the world on phishing and other online scams, said that delays in getting pertinent data from international law enforcement agencies often cripple investigations.
"We have jurisdictional issues. A lot of time we don't get information for six to nine months. We need that stuff in six to nine minutes," he said.
For that reason, and myriad others, the number of successful prosecutions in computer crime cases is maddeningly low, Fried said.
"I can't stop anyone from doing anything. I can only respond after it's happened," he said. "If you took all of the successful prosecutions by the FBI it would equate mathematically to going out to the Beltway and writing 100 speeding tickets on one day. We're not making a dent."