I've been fighting Internet crime for more than 20 years. In the old days, the daily malware hot sheet was known as the Dirty Dozen -- because it listed only a dozen malware programs. Today we have literally hundreds of millions of malware programs, thousands of professional hacking organizations, and tens of thousands bit players who steal hundreds of millions (if not billions) of dollars via the Internet every year.
Though we have smarter online users, better detection tools, and a host of legal tools at our disposal, Internet crime is worse than ever. It's been a long time since I've run into someone who hasn't had his or her life impacted by Internet crime.
[ Watch out for 11 signs you've been hacked -- and learn how to fight back. Find out how in InfoWorld's PDF special report. | Keep up on the latest threats and solutions for your systems with InfoWorld's Security Central newsletter. ]
How did we ever let Internet crime get so big? Why do we let Internet criminals get away with so much that it impacts and threatens nearly every transaction we commit over the Internet? Read on:
1. Internet criminals almost never get caught
The world is full of malicious individuals who have no problem skirting rules and laws, as well as taking property that belongs to other people. Bad people exist -- and the Internet is a very low-risk neighborood in which they can run amok.
There are tens of thousands of Internet criminals, almost none of whom get caught or prosecuted. If you're an Internet criminal, you have to be especially brazen for a long time -- and make mistakes -- before you get caught.
You don't have to be a mastermind or uber hacker. One of the most popular misconceptions is that you have to be hyperintelligent to get away with cyber crime. The exact opposite is true. Most Internet criminals I've met (and chatted with online) are not particularly smart. They couldn't program a simple notepad application, and they certainly don't have to be as smart as the average defender.
They simply lack morals, buy programs from other, smarter programmers, and want to roll the dice and take the risk. But they aren't taking any real risk, and that's the central problem: You can get rich without much risk of getting caught. Until this equation changes, we will never see a significant decrease in Internet crime.
2. Indefinite legal jurisdiction
Most Internet crime takes place across international borders. Law enforcement agencies are always limited to jurisdictional boundaries. For instance, a city police officer in Billings, Mont., can't easily arrest someone in Miami, Fla. We have federal law enforcement agencies, which reach across city and state boundaries, but they can't easily traverse international boundaries.
The FBI can't go to China and arrest someone just because they have legal evidence a crime being committed by a person there. They have to submit a request, which will likely be ignored, to Chinese authorities. But let's not pick on the Chinese. It's not like we're going to arrest an American citizen and ship him off to Beijing anytime soon, either, regardless of the evidence.
Sometimes law enforcement agencies of one nation work with another nation's law enforcement, but these occasions are rare. Plus, the really big ones involved with the majority of the Internet crime, like Russia, China, and the United States, certainly don't cooperate with each other.