Cybercrime Frontline Blog

Cybercrime costs $388 billion dollars in annual losses globally and it affected almost 7 in 10 adults last year.

Cybercriminals paying for police training and technology.  A success story  that truly highlights the power of smart local police work.

This might seem like a simple question, but it is actually a fairly common question.  Some persons define cybercrime broadly to include any crime committed using a digital device.  The more common question I receive is whether the broad range of new devices, like tablets and smart phones, are included within the current legal framework.

I recently had the chance to sit down with administrators at a large U.S. university and talk about the need for more cybersecurity professionals.  Companies are increasingly frustrated when looking for security professionals to hire.  There is a limited supply of qualified persons able to work on complex cybersecurity issues.  As I learned this week, in some cases, there are also limited civilian programs to help train qualified security experts.  Overcoming this challenge is critical to building a secure future in cyberspace.

This blog was originally created not only to raise awareness of cybersecurity issues, but also to highlight the great work that law enforcement is doing to fight cybercrime.  Two weeks ago I highlighted an investigation success with the arrest of almost 100 suspected cybercriminals in Romania.  This week I want to highlight the role of prosecutors in achieving a strong sentence in a recent cybercrime case.

Discussion of cybersecurity is often focused at the national or global level.  However, there are some important initiatives occurring right here in the U.S. at the state and local level.  This past week, I had the unique opportunity to learn more about a program in Texas to improve cybersecurity at the local city level.

Last week brought good news in the fight against cybercrime with the report of more than 100 arrests of cybercriminal suspects in the U.S. and Romania.   Often in this blog space, I discuss the importance of global cooperation.  The arrests last week illustrate the power of  effective cooperation.  These arrests resulted from the close cooperation between Romanian law enforcement and U.S. law enforcement.  This investigation is a great tribute to the dedication and professionalism of the law enforcement involved in this case.  It is also a reminder that cybercriminals utilize global networks to target victims in every country. 

Once a cybercriminal is caught, then how is the criminal brought to justice in the court system?  The answer to this question depends a lot on the country in which a case is brought and the type of crime.  There are, however, a few challenges that every cybercrime prosecutor faces in nearly every case. 

This past week I attended a cybercrime investigator conference in Madrid, Spain that brought together global law enforcement.  The conference provided a good opportunity to listen to the views on cybercrime of different country’s law enforcement.

Recent media headlines have focused on the dramatic expansion of new Internet “generic top level domain names” or “gTLD”. gTLD domain names are the names to the “right of the dot” in Internet addresses (for example: .com).  These will now be joined by many other new name domain extensions.  While most news stories have focused on the impact of this change on business and technology, the effect of these new domain names on security is also very important to understand. 

This past week the Norton Cybersecurity Institute sponsored a state prosecutor’s conference in the United States.  To effectively stop cybercrime we need more capable prosecutors and continued opportunities to train those who are still developing their skills.

The individual Internet user needs to follow good security practices not only for their own protection, but because of the critically important contribution that each individual makes to the security of the entire Internet eco-system.

This week I participated in a panel focused on cybercrime.  This panel of experts included investigators, prosecutors, and nonprofit groups.  One of the panelists described the personal shame felt by a cybercrime victim who risked having her personal information disclosed by a hacker.  The hacker threatened to disclose the victims personal photos in a way that caused her personal embarrassment.  In this case, the victim suffered a significant emotional impact and not just a financial loss.  This is a powerful example of how cybercrime can have a significant impact beyond even just financial losses.

This week I participated in a conference in Colorado that focused on improving cooperation to improve cybersecurity.  The issue most frequently discussed during the meeting was how to end the so called  “stovepipe” approach to cybersecurity.  The “stovepipe” problem refers to the harmful tendency of different groups to create separate security solutions.  Each group creates its own “stovepipe” of security solutions.  This approach results in each group “re-inventing the wheel” and not sharing expertise.  It is costly, unproductive,  and not an effective solution to improving security.

Better collaboration between law enforcement, industry, and the Internet community is critical to improving cybersecurity.  This week I attended a conference that brought together leading investigators and industry staff to discuss strategy for fighting cybercrime.    One of the major issues discussed was improving collaboration.  This remains an ongoing challenge to understanding cyber threats and creating effective responses.

The most difficult challenge for law enforcement in many cybercrime cases is “putting a suspect at the keyboard”.   Recent news stories have highlighted law enforcement’s frustration with the lack of focus on the human elements of cybercrime.   Too often cybercrime is framed as a purely technical challenge.  The fact that real human criminals are behind these schemes can be forgotten.  A  specific individual must be identified to make an arrest and charge a crime. 

To succeed in fighting cybercrime we must first properly define the problem.  This requires identifying when there is a law enforcement capacity issue distinct from a military issue.  The solution, in many cases, is continuing to support increased law enforcement capability to successfully find and prosecute cybercriminals.

Today marked the launch of the Norton Cybersecurity Institute, a collaboration between law enforcement, consumer safety groups and security leader Norton. The Norton Cybersecurity Institute is a global initiative to support and win the fight against cybercrime by providing law enforcement with training, technical expertise, and improved global cooperation.

The increasing sophistication and complexity of cybercriminal tools, like SpyEye, means that law enforcement needs to quickly adapt to the latest threats and tools created by cybercriminals.

Last week, the U.S. Department of Justice announced “the most complete and comprehensive enforcement action ever taken by U.S authorities to disable an international botnet.”   Norton applauds the Department of Justice and the FBI for taking aggressive action against a known malicious cyber threat. 

On April 5^th Symantec released our annual Internet Security Threat Report  Internet Security Threat Report, Volume 16 (ISTR), which highlights how the volume and sophistication of threats skyrocketed in 2010.   The report is one of the most comprehensive sources of Internet threat data in the world. 

This week I begin work as the Norton on-site representative at The National Cyber Forensic Training Alliance (NCFTA).  Combining the expertise of Norton with the collaborative platform of the NCFTA provides a unique opportunity to advance the mission of fighting global cybercrime.

Often news stories focus on the harm caused by international cybercriminals who target the U.S., however, sometimes U.S. based cybercriminals target international victims.  Two recent cases highlight that cybercriminals can strike anytime and anywhere. 

Online ethics are important because they emphasize the need to apply the same good standards of ethical behavior in both the digital and physical world.  Unethical behavior online may at a minimum expose a person to a greater risk of becoming a  cybercrime victim.  At worst, unethical behavior online may be a felony level crime under U.S. law.  In either case, it is important to maintain good ethical standards online. 

The Internet is expanding!  There are currently only a handful of top level Internet domain names (.com, .info, .org, etc...) but this is soon going to change. 

The cybercrime battlefield is changing.   Cyberspace is now ruled by tablets, smart phones, Internet connected TV’s and a million other devices that all offer one thing----on demand content from the Internet.   One thing, however, remains the same. Cybercriminals will find ways to target your online life. 

This week I served as the chair of a discussion panel on social networking security issues at the Policing Cyberspace International Summit 2011 in Kuala Lumpur, Malaysia. I was joined by executives from social networking and consulting businesses.  The audience were members of the international law enforcement community and this topic created a strong interest from them.  All agreed that social networking is a fun and useful technology, but one that must be used safely.

This week I’ve had the honor to attend the Policing Cyberspace International Summit 2011 in Kuala Lampur, Malaysia.  It is reassuring to meet and talk with law enforcement from around the world who are helping to fight cybercrime and keep the Internet safe.  All of us share the same concerns to improve security and stop cybercriminals. 

This past week Norton hosted an educational panel at Fordham University in New York City. The panelists included experts from the FBI, Fordham University, the National Cyber Forensic Training Alliance (NCFTA), and myself.  Entitled “Tackling Digital Crime: Tales from the Trenches,“ the panel presented ideas and opinions about the fight against cybercrime.

Today Norton is announcing the release of the Norton Cybercrime Index.  This is a powerful new, free, tool to help consumers stay safe online and keep control of their digital life.