Report: Cybercrime is Winning the Battle Over Cyberlaw
Law enforcement agencies worldwide are losing the battle against cyber crime at a time when criminals are increasingly using the global economic downturn to make headway in recruiting more computers and computer users to further illegal online activities, a scathing new report from security vendor McAfee concludes.
McAfee's annual "Virtual Criminology Report" (PDF) notes that the number of compromised PCs used for blasting out spam and facilitating a host of online scams has quadrupled in the last quarter of 2008 alone, creating armies of spam "zombies" capable of flooding the Internet with more than 100 billion spam messages daily.
In an increasing number of cases, those missives are playing on public fears over the battered economy, pitching recipients on too-good-to-be-true job offers aimed to enlist them in cybercrime operations, McAfee said.
"Cybercriminals are cashing in on the fact that the economic downturn is causing people worldwide to increasingly turn to the Web to seek the best deals and jobs, and to manage their finances," the report charges. "They are preying on fear and uncertainty and taking advantage of the fact that consumers are often more easily duped and distracted during times of difficulties. In fact, opportunities to attack are on the rise."
At the forefront of this worsening problem are so-called "money mule" scams, in which criminals make use of third parties -- often unsuspecting consumers -- to launder stolen funds. Mule recruitment is an integral part of many cybercrime operations because money transferred directly from a victim to an account controlled by criminals is easily traced by banks and law enforcement.
The mules, therefore, serve as a vital buffer, making it easier for criminals to hide their tracks. However, criminals tend to view money mules as expendable resources, because those unwitting accomplices usually either are confronted by authorities or lose money as a result of their participation in the scams.
In most cases, money mules are recruited via online job postings touted in spam. McAfee said that some 873 money-mule recruitment Web pages were detected in Britain alone in the first half of 2008, a 33 percent increase over the first half of 2007. That data was gathered by APACS, the United Kingdom's payment-industry trade group.
An investigation by washingtonpost.com earlier this year into a money mule network uncovered a database of thousands of U.S. citizens who had responded with interest to a single money mule scam e-mail campaign.
And there are ample signs that the criminals behind these scams are taking notice of those who would call attention to their methods. Bob Harrison, one of the individuals I interviewed in that story who spends a great deal of time tracking these scams at his Web site, had his site recently targeted by a prolonged distributed denial of service (DDoS) attack, assaults typically launched by the same hordes of hacked PCs sending spam, but instead aimed at swamping a targeted site with so much junk traffic that it can no longer accommodate legitimate visitors.
McAfee's report quotes dozens of experts all driving home some very obvious points about how we are losing the battle against cyber criminals. Still, this is some of the most strident language I've seen about the scope and causes of that battle, and so I think they bear repeating here.
From the key findings:
Cybercrime is not yet enough of a priority for governments to allow the fight against it to make real headway. Added to that, the physical threats of terrorism and economic collapse are diverting political attention elsewhere.
Cross border law enforcement remains a long-standing hurdle to fighting cybercrime. Local issues mean laws are difficult to enforce transnationally. Cybercriminals will therefore always retain an edge unless serious resources are allocated to international efforts.
Law enforcement at every level remains ad hoc and ill-equipped to cope. While there has been progress, there is still a significant lack of training and understanding in digital forensics and evidence collection as well as in the law courts. The cyber-kingpins remain at large while the minor mules are caught and brought to rights. Some governments are guilty of protecting offenders in their own country. The findings suggest there is an ever-greater need to harmonise priorities and coordinate police forces across physical boundaries.
Pamela Warren, McAfee's chief cybercrime strategist, put it succinctly. "Law enforcement really needs to step up to the plate," she said.
December 9, 2008; 10:44 AM ET
Categories: Cyber Justice , Economy Watch , Fraud , From the Bunker , Latest Warnings , U.S. Government , Web Fraud 2.0
Save & Share: Previous: A Scary Twist in Malware Evil-ution
Next: Microsoft Plugs at Least 28 Security Holes
Posted by: TarunGupta | December 9, 2008 1:30 PM | Report abuse
Posted by: e-victims | December 10, 2008 6:56 AM | Report abuse
Posted by: mibrooks27 | December 10, 2008 10:35 AM | Report abuse
Posted by: mark51 | December 10, 2008 12:09 PM | Report abuse
Posted by: ekatherine | December 12, 2008 10:22 AM | Report abuse
Posted by: JohnEarnhardt | December 15, 2008 12:52 PM | Report abuse
The comments to this entry are closed.