Federal government falling short on cybercrime

By Dennis Fisher, Executive Editor 20 Feb 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

WASHINGTON—The federal government is falling farther and farther behind its fight against cybercrime and, despite an increase in the amount of resources being allocated to address the problem, it will continue to struggle without a lot of help from law enforcement agencies at the state, local and international levels, current and former government security officials say.

We need more trained law enforcement personnel at the state and local level ... The feds are swamped. We need a tiered approach. Jerry Dixon, former executive director, National Cyber Security Division at DHS

Currently, the vast majority of the work being done on cybercrime and national computer security issues is done at the federal level by agencies as diverse as the FBI, Treasury Department, Department of Homeland Security and Department of State. And while these agencies all have teams of highly trained security professionals, the sheer volume of investigations that they're asked either to run or assist with far outweighs the amount of time, money and personnel available. Jerry Dixon, former executive director of the National Cyber Security Division at DHS and current vice president for government relations for Infragard's National Member Alliance, said in a keynote speech at the Black Hat D.C. conference here Wednesday that the only way to help stem this tide is with a big shift in the way that lower-level law enforcement agencies deal with computer security cases.

"We need more trained law enforcement personnel at the state and local level," he said. "The feds are swamped. We need a tiered approach."

The default approach right now for most state and local agencies is to refer many, if not all, of their computer security cases to the federal agencies. Most of the state police departments and local forces have few officers with the kind of technical background to handle these complex cases. And, because computer cases often cross state or national boundaries, the federal agencies are better equipped to handle them. However, Dixon said that the changing nature of today's threats makes it impossible for even the well-funded and well-staffed agencies such as the FBI and Treasury to stay abreast of the problem.

Dixon, who also works with Team Cymru , a team of security experts, said that the group's current research shows more than 3.5 million active botnet command and control servers. Attackers are using this massive infrastructure to launch an increasingly complex and varied set of attacks against corporate, government and home-user machines, all with the goal of corralling as much personally identifiable information as possible.

"It's about people and crime now. The attackers are going after our information and identities," Dixon said. "There's a very low risk to the attackers because it's an international challenge. Attribution is still very difficult."

Cybercime investigations: Feds court infosec pros in fight against cybercrime: Federal law enforcement officials hope a more cooperative and less territorial approach will help convince private sector organizations to join the fight against cybercrime Proposed legislation would strengthen cybercrime laws A bill introduced in the U.S. Senate aims to close loopholes exploited by Internet criminals. Cybercrime forensics lab cinches high-profile cases: The Silicon Valley Regional Computer Forensics Laboratory pulls together evidence necessary to make a case in court.

Dixon and Andy Fried, a senior special agent with the Treasury Inspector General for Tax Administration's System Intrusion and Attack Response Team, emphasized that even with more help from other U.S. law enforcement agencies and tougher computer crime laws, the online crime problem will still be a major challenge because of the international nature of most attacks.

"We can create all kinds of laws in this country, but if we're not working with other countries, it's not going to work. The problem is global," Dixon said.

Fried, who works closely with agencies across the U.S. and around the world on phishing and other online scams, said that delays in getting pertinent data from international law enforcement agencies often cripple investigations.

"We have jurisdictional issues. A lot of time we don't get information for six to nine months. We need that stuff in six to nine minutes," he said.

For that reason, and myriad others, the number of successful prosecutions in computer crime cases is maddeningly low, Fried said.

"I can't stop anyone from doing anything. I can only respond after it's happened," he said. "If you took all of the successful prosecutions by the FBI it would equate mathematically to going out to the Beltway and writing 100 speeding tickets on one day. We're not making a dent."

Tags: Information Security Laws, Investigations and Ethics,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Emerging Information Security Threats Leverage Google Attacks to Improve Cybersecurity SCADA system, critical infrastructure security lacking, survey finds Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Information security podcasts: 2009 archive Hathaway calls for international cybercrime task force Active PDF attacks target Reader, Acrobat zero-day vulnerability Sites hit with massive automated SQL injection attack Cybercriminals invest in social networking attacks Best practices for (small) botnets

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary