The Cybercrime Tide is Turning
In the grand scheme, not much ever seems to improve in computer security. No matter how much we hone our security-defense strategies, how many firewalls we deploy, how many remote-buffer overflows we reduce, and how quickly we patch our OSes, IT systems keep getting hit by malicious hackers. If the computer security industry was to measure itself on the ultimate question of whether we're doing a better job of protecting computer users, the answer would be a definitive no.
But the tide is turning, at least for the time being. I've noticed one long-term trend that's improving: Local, national, and international law-enforcement groups alike are tracking down and arresting more malicious cyber criminals. And not just the stupid and lazy ones -- some big fish have been stopped or apprehended.
[ Download Roger Grimes's new "Data Loss Prevention Deep Dive" PDF expert guide today! | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]
It's taken 20 years to see this improvement. The wheels of justice turn slowly, but we are making forward progress. For example, after decades of absolute invincibility, spam rates are finally dropping. Starting with the infamous McColo takedown, private citizens and companies are enjoying great success with locating and shutting down prolific spam originators. Although Symantec says spam still accounts for 73 percent of all email, the rate frequently drops far lower -- in the 40th and 50th percentiles -- as different botnets are taken down. And 73 percent is still less than the 80 to 90 percent we've lived with for the past five years. A few years ago, we could never stop a single botnet. Today we can crush them.
Fake antivirus software is also on the decline. Brian Krebs -- who has done a fantastic job in covering and discovering links in some of the Russian cybercrime syndicates -- has stories that speak to that trend.
Another important trend in the fight against cybercrime: High-profile attackers are being arrested. The days of guaranteed impunity are over for the most flagrant criminals. I've recently spoken with a half-dozen apprehended cyber criminals. They all told me they couldn't believe they got caught. But each made one or more mistakes along the way, enough to enable the authorities to collect evidence, obtain subpoenas, and arrest the perpetrators. What's more, the little fish and big fish are turning against each other in order to minimize their jail sentences, just like crooks do in the noncyber world.
Several factors are driving these changes. Among them, today's police forces -- even local police -- often have computer crime divisions with trained forensics investigators, thanks in part to the fact that IT security experts (including myself) have been teaching them over the past decade. Many police departments also require their workforce to attend basic cybercrime education where they receive instruction in how to handle computer evidence, what to look for, what laws to use, and what not to do. They now have gobs of good forensic software and cordoned-off forensic networks with teams of trained people. This is a far cry from the many years when I was given the single phone number for the one overworked law enforcement officer guy who might listen to me.
International cooperation is also improving: Many cybercrimes cross jurisdictional boundaries and require multiple law enforcement entities to cooperate with each other. Formal and informal cooperative agreements, along with lots of practice, allow the police to better work with one another in apprehending cyber criminals. I have friends and coworkers who routinely call their international colleagues to pass along subpoenas, information, court documents, and writs. What used to be an exception is standard business today.
Courts are better equipped to prosecute cyber criminals. The days of a criminal being found guilty but getting only a slap on the wrist are behind us. Cyber criminals are routinely given multiyear sentences and made to pay big fines. When the good guys can't identify the bad guys to file lawsuits and get court orders, the courts are willingly, and routinely, letting them file John Doe documents, in which the names are filled in when the criminals are later identified.
Governments aren't just pursuing cyber criminals on their own: They are pushing and supporting international cyber criminal law agreements. This makes it easier for different countries' law enforcement groups to work together; it also forces some of the biggest illegal contributing countries to better police their own.
Corporations, including software vendors, antimalware makers, ISPs, and major websites such as Facebook and Twitter, are aggressively pursuing cyber criminals. These companies have entire legal teams dedicated to national and international cybercrime. They are also taking down malicious websites and bot-spitting command-and-control servers, along with helping to identify, prosecute, and sue bad guys.
Some law enforcement agencies around the world are using -- or at least considering -- arguably overzealous tools for fighting cybercrime. They include forcing ISPs to hold customer data for long periods of time, implementing unwarranted wiretaps, and running private data aggregation centers (also known as fusion centers).
I'm a big proponent of freedom and privacy, so many of these supposed improved techniques disturb me. Unfortunately, it appears that nearly every civil society is wrestling with how to successfully catch cyber criminals in a way that still respects its citizens' rights -- and I'm being tactful here. Still, I'm for lawful improvements that respect the rights and privacy of law-abiding citizens while at the same time allowing the police to catch the bad guys who make it difficult for the rest of us to do our work and business on the Internet.
Until some big changes take place to make the Internet a significantly safer place, however, there will always be more cyber criminals than we can catch and prosecute. Still, serial criminals are more likely to get caught and prosecuted today than they were a decade ago. That marks another improvement notch on the belt of computer-security defenders.
Given that cyber criminals are getting caught more often and facing harsher sentences, I respectfully advise that anyone committing cybercrimes please stop. All the arrested people I've talked to wish they had not committed their crime. They miss their families, their friends, and their freedom. Take your skills and do something completely lawful that benefits us all.
This story, "The cybercrime tide is turning," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.