NEW YORK CITY — Cybercriminals are still a step ahead of those trying to catch them, said top computer-security and law-enforcement professionals at a Feb. 17 presentation here.
“We’re constantly playing catch-up,” said Adam Palmer, lead cybersecurity advisor for the security firm Norton, at the “Tackling Digital Crime: Tales from the Trenches” panel.
Citing a Norton study that said 73 percent of Web surfers have fallen victim to cybercrime, Palmer said, “If this was a street and 73 percent of the people on it were robbed, you’d recognize this as a problem.”
Also on the panel was Christopher Stangl, an FBI agent with the bureau’s cyber branch in New York. Stangl said that what hinders enforcement agencies in bringing cybercriminals to justice are the very things that the Internet gives its users: global connectivity and communication.
Police and thieves
“With the Internet, the world turned upside down for law enforcement,” Stangl said. “Anybody who has access to a computer can participate in criminal activity.”
Stangl said partnerships between enforcement agencies across the world need to be established in order to battle cybercrime. As an example, he mentioned extradition laws that often make it difficult for U.S. agencies to bring foreign cybercriminals to trial in the U.S.
Without international cooperation, Stangl said it is virtually impossible to get a grasp on the evolving online threats and those who are perpetrating them.
Palmer agreed with Stangl, and offered a broader summary of the problem: “Cybercriminals move at the speed of light, and we move at the speed of law.”
Current legal practices – and lawyers themselves -- simply aren’t in step with speed of the Internet, Palmer said. “We’re still adapting brick-and-mortar laws to cyberspace.”
What’s a threat look like, anyway?
To that end, Dan Larkin, founder of the National Cyber-Forensics & Training Alliance, was on hand to detail efforts currently being made to bring law enforcement up to speed."
“We’re committing to training investigators and [the] next generation of prosecutors and judges so they’re comfortable using digital evidence,” Larkin said.
But what exactly is that next generation training for? The threats change so quickly and so often it’s difficult to know what they’ll look like tomorrow — let alone a year or two in the future.
“It’s changing all the time. If you don’t have a plan and continue to evolve, whatever lesson plan you put in place today, it’s going be obsolete by next week,” Larkin said.
Cybercriminals are humans, after all
Although the majority of the panel centered on tactics deployed in the digital world, Stangl reminded the audience that FBI still uses tried-and-true investigative methods to catch cybercriminals.
He mentioned several high-profile takedowns that occurred in 2010, including the November arrest of Oleg Nikolaenko, the Russian mastermind behind the notorious “Mega-D” botnet.
“Criminals are humans-- they make mistakes,” Stangl said. “A the end of the day, they get caught because of a human mistake.”