We're losing the war on cybercrime

While we chase after two-bit malicious hackers, cybercrime syndicates remain untouchable

You may have read the reports: We have captured Albert Gonzalez, one of the "world's biggest malicious hackers." Big deal.

I've been fighting cybercrime for more than 20 years, so you'll have to excuse me if I'm a little jaded for thinking that this "huge" hacker is but another small-time player in the big-time world of cybercrime. In fact, I'm pretty sure that we still haven't captured a single major player -- the Pablo Escobars.

[ The Department of Homeland Security reports that the IT sector is resilient against serious cyberattacks. | Learn how to secure your systems with InfoWorld's free Security Central newsletter. ]

We know there are large, corporate crimeware gangs that steal tens (if not hundreds) of millions of dollars from unsuspecting Internet victims each year. They have corporate headquarters that would fit the mold of the Fortune 1000. They have extensive payrolls, pay millions in taxes, and enjoy business growth that would be the envy of Wall Street. Yet we haven't prosecuted a single person from any of these big online cybercrime syndicates, and I have no reason to believe that will change over the next few years. We are getting better at prosecuting cybercriminals in countries such as the United States, but these large organizations are based in other countries, protected by those nations' political leaders.

Professional organized cybercrime started with the "king of spam" corporate giants in the late 1990s. These organizations often made millions under the guise of legitimate Internet marketing while sending billions of illegal e-mails. Many of the owners became and remained rich. They bought large houses and outrageous cars, got new beautiful wives, and sent their kids to expensive private schools. Heck, spammers aren't even considered in the top 200 spammers unless they are sending out hundreds of millions of illegal e-mails per day.

Despite all the time we've have to deal with the spam giants, we've done a poor job in shutting them down. Yeah, we certainly manage to close down a few token shops each year and even eventually get some of the bigger guys back into court for the umpteenth time. However, spam is more widespread than ever, compromising 60 to 85 percent of all Internet e-mail in any given month. It's also more profitable than ever.

But the cybercrime giants of today make the old spam kings seem like island-owning fiefdoms. The Russian Business Network (RBN) is a representative example of today's new crimeware leaders. (You know you've made criminal history when your criminal organization has a three-page entry in Wikipedia.) The RBN operates on a massive scale, perpetrating nearly every form of illegal online crime available. Nothing is out of bounds. It participates in child pornography, huge denial-of-service attacks, spam, botnets, malware development, and it hosts perhaps the largest online criminal network. The RBN leads multilevel marketing platforms that rival the heady days of Avon.

1 2 Page 1
Page 1 of 2
Microsoft's very bad year for security: A timeline