Cooperation Is Key
Despite the low percentage of attacks that are reported to law enforcement officials, the evidence needed to arrest the perpetrators is often available, says James Burrell, supervisory special agent of the Boston FBI's cybersquad. In labs like his, agents conduct high-level computer forensics on PCs, analyze malicious code, break encrypted files, and pore over server logs looking for clues.
"For us, it's all about traceability," Burrell says. The evidence the FBI needs may be available for only a short time, and it may be located on a server halfway across the globe. For these reasons, he says, it's vital that local, state, federal, and foreign agencies share information.
The FBI has 48 legal attache offices across the globe, and agents in those offices can assist with cybercrime investigations when leads take the case outside of the United States. The Justice Department says that cracking cross-boarder cases involves using international organizations like the G8 24/7 High Tech Point of Contact Group, whose member countries designate an always-available contact for providing investigative assistance in computer crime cases. Started in 1998 by eight highly industrialized nations, the group now consists of more than 40 countries that share data and coordinate field work.
When cases are cracked, international organizations like the International Criminal Police Organization (Interpol) help with extraditing criminal defendants across borders.
According to the U.S. Secret Service, its investigations take it outside the United States in about half of the botnet cases it pursues. Though the agency relies on existing relationships with foreign law enforcement agencies, it also works with the CERT Coordination Center, a federally funded computer security incident response team and with the International Botnet Task Force, whose members include private and governmental agencies.
Can They Be Stopped?
Despite some success, law enforcement officials say that cybercrime is extremely hard to get a handle on. That's because it thrives in countries like Russia and China that have weak computer crime laws or lax enforcement. In such cases, catching cybercriminals outside U.S. jurisdiction becomes nearly impossible.
When U.S. prosecutors do bring cybercrooks to justice, they increasingly file charges under updates to the federal criminal code. The Computer Fraud and Abuse Act, for example, provides for a maximum sentence of 20 years in prison. Still, some critics argue that too few computer crime laws exist and that the government underfunds cyber-security programs.
Congressman Dan Lungren, R-California, chairman of the Homeland Security Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity, says that U.S. business interests aren't the only thing at stake. Lungren worries that hackers who control botnets might attempt to carry out terrorist acts online to take down the nation's electric utilities or tamper with air traffic control systems.
"We have seen a progression from hackers to hackers with criminal intent," Lungren says. "We are naturally concerned with any hacker with terrorist intent."
Cyber criminals have been technologically two steps ahead of law enforcement for a long time. But that may be changing, according to Robert Villanueva, criminal investigator within the U.S. Secret Service. "Hackers used to think they couldn't be touched on IRC channels and using VPN networks," Villanueva says. "We know they are out there, and we are infiltrating their groups and taking notes," he says.
In the future, FBI special agent Nestor says, attacks will get more sophisticated. "It's a cat-and-mouse game. It always has been. As soon as we figure out who the bad guy is and how he operates, the cybercrooks come up with something new."