The Cybercrime Tide is Turning
International cooperation is also improving: Many cybercrimes cross jurisdictional boundaries and require multiple law enforcement entities to cooperate with each other. Formal and informal cooperative agreements, along with lots of practice, allow the police to better work with one another in apprehending cyber criminals. I have friends and coworkers who routinely call their international colleagues to pass along subpoenas, information, court documents, and writs. What used to be an exception is standard business today.
Courts are better equipped to prosecute cyber criminals. The days of a criminal being found guilty but getting only a slap on the wrist are behind us. Cyber criminals are routinely given multiyear sentences and made to pay big fines. When the good guys can't identify the bad guys to file lawsuits and get court orders, the courts are willingly, and routinely, letting them file John Doe documents, in which the names are filled in when the criminals are later identified.
Governments aren't just pursuing cyber criminals on their own: They are pushing and supporting international cyber criminal law agreements. This makes it easier for different countries' law enforcement groups to work together; it also forces some of the biggest illegal contributing countries to better police their own.
Corporations, including software vendors, antimalware makers, ISPs, and major websites such as Facebook and Twitter, are aggressively pursuing cyber criminals. These companies have entire legal teams dedicated to national and international cybercrime. They are also taking down malicious websites and bot-spitting command-and-control servers, along with helping to identify, prosecute, and sue bad guys.
Some law enforcement agencies around the world are using -- or at least considering -- arguably overzealous tools for fighting cybercrime. They include forcing ISPs to hold customer data for long periods of time, implementing unwarranted wiretaps, and running private data aggregation centers (also known as fusion centers).
I'm a big proponent of freedom and privacy, so many of these supposed improved techniques disturb me. Unfortunately, it appears that nearly every civil society is wrestling with how to successfully catch cyber criminals in a way that still respects its citizens' rights -- and I'm being tactful here. Still, I'm for lawful improvements that respect the rights and privacy of law-abiding citizens while at the same time allowing the police to catch the bad guys who make it difficult for the rest of us to do our work and business on the Internet.
Until some big changes take place to make the Internet a significantly safer place, however, there will always be more cyber criminals than we can catch and prosecute. Still, serial criminals are more likely to get caught and prosecuted today than they were a decade ago. That marks another improvement notch on the belt of computer-security defenders.
Given that cyber criminals are getting caught more often and facing harsher sentences, I respectfully advise that anyone committing cybercrimes please stop. All the arrested people I've talked to wish they had not committed their crime. They miss their families, their friends, and their freedom. Take your skills and do something completely lawful that benefits us all.
This story, "The cybercrime tide is turning," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.