Cybercriminals operating worldwide are benefitting from ineffective law enforcement and a growing economic recession that could make jittery people more susceptible to cybercrime scams.
So concludes security firm McAfee in its new report, 'Virtual Criminology Report--Cybercrime vs. Cyberlaw.' published Tuesday. The report pulls together the opinions of about two dozen legal experts, academic researchers and security-response professionals working as far afield as Britain, continental Europe, the Baltic countries, Brazil, India, Japan, Australia, New Zealand and North America.
'There have been a few cases where cybercriminals have been promptly arrested, but they're usually responsible for the small attacks,' says Paulo Lima, a Brazilian lawyer specializing in computer-related crime. 'Those responsible for the large operations have never been arrested. The public sector has usually acted in a mitigating manner, attacking the symptom and not the illness -- there is an antiquated system and a completely unprepared law enforcement body.'
Lima's sentiment is echoed in Britain, India and elsewhere by those involved in trying to combat a worldwide cybercrime spree that includes phishing, denial-of-service (DoS) extortion rackets, botnets, spam, cyber-espionage and national attacks of a political nature.
'Cybercrime has become a big problem in India this year,' says Vijay Mukhi, president of the Foundation of Internet Security and Technology in India. 'However, politicians and judges do not understand how to deal with it, and in fact few of them ever use the Internet. Police are reluctant to register cases because they prove too difficult to prosecute.'
The view among some in the United Kingdom is only slightly more optimistic. Peter Sommer, a British professor and consultant whose main research field is the reliability of digital evidence, says there's some progress being made in how the U.K. courts address technology-related crimes, but the computer forensics piece of the puzzle is not yet complete. 'The Council for Registered Forensics Practitioners scheme to accredit experts is still not yet working,' he adds.
Anther problem is talent: In many places around the world, private industry is siphoning the cybercrime fighting talent from government, offering them more money to work in the private sector.
In addition, many worry that the growing economic recession and banking fiscal crisis is being exploited by cybercriminals to prey upon jittery consumers.
'We are seeing rounds of phishing e-mails which purport to be from banks responding to the crisis,' says Philip Virgo, secretary general of London-based EURIM, a group whose membership includes high-tech vendors, businesses and British and European legislators focusing on IT policy issues. 'We are also seeing a round of phony CV [resume] sites, whose main aim is to collect personal details.'
Politics is also an issue. China, Russia and Moldova are often blamed as international sources for all kinds of cybercrime, and the McAfee report takes up the issue of whether there are places around the world where prosecution of cybercrime is thought to be especially lax.
'Criminal behavior is still receiving political cover,' says Eugene Spafford, professor of computer sciences at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security in the United States.
One example Spafford cites is the July cyberattack on Web sites protesting the Burmese military regime, in which the government in Myanmar was thought to have had a hand.