Americas

  • United States

Asia

Oceania

roger_grimes
Columnist

5 reasons Internet crime is worse than ever

Analysis
Aug 05, 20146 mins
CybercrimeData and Information SecurityHacking

Why does Internet crime remain a menace? These five reasons have enabled us to accept it -- but that complacency may not last

I’ve been fighting Internet crime for more than 20 years. In the old days, the daily malware hot sheet was known as the Dirty Dozen — because it listed only a dozen malware programs. Today we have literally hundreds of millions of malware programs, thousands of professional hacking organizations, and tens of thousands bit players who steal hundreds of millions (if not billions) of dollars via the Internet every year.

Though we have smarter online users, better detection tools, and a host of legal tools at our disposal, Internet crime is worse than ever. It’s been a long time since I’ve run into someone who hasn’t had his or her life impacted by Internet crime.

[ Watch out for 11 signs you’ve been hacked — and learn how to fight back. Find out how in InfoWorld’s PDF special report. | Keep up on the latest threats and solutions for your systems with InfoWorld’s Security Central newsletter. ]

How did we ever let Internet crime get so big? Why do we let Internet criminals get away with so much that it impacts and threatens nearly every transaction we commit over the Internet? Read on:

1. Internet criminals almost never get caught

The world is full of malicious individuals who have no problem skirting rules and laws, as well as taking property that belongs to other people. Bad people exist — and the Internet is a very low-risk neighborood in which they can run amok.

There are tens of thousands of Internet criminals, almost none of whom get caught or prosecuted. If you’re an Internet criminal, you have to be especially brazen for a long time — and make mistakes — before you get caught.

You don’t have to be a mastermind or uber hacker. One of the most popular misconceptions is that you have to be hyperintelligent to get away with cyber crime. The exact opposite is true. Most Internet criminals I’ve met (and chatted with online) are not particularly smart. They couldn’t program a simple notepad application, and they certainly don’t have to be as smart as the average defender.

They simply lack morals, buy programs from other, smarter programmers, and want to roll the dice and take the risk. But they aren’t taking any real risk, and that’s the central problem: You can get rich without much risk of getting caught. Until this equation changes, we will never see a significant decrease in Internet crime.

2. Indefinite legal jurisdiction

Most Internet crime takes place across international borders. Law enforcement agencies are always limited to jurisdictional boundaries. For instance, a city police officer in Billings, Mont., can’t easily arrest someone in Miami, Fla. We have federal law enforcement agencies, which reach across city and state boundaries, but they can’t easily traverse international boundaries.

The FBI can’t go to China and arrest someone just because they have legal evidence a crime being committed by a person there. They have to submit a request, which will likely be ignored, to Chinese authorities. But let’s not pick on the Chinese. It’s not like we’re going to arrest an American citizen and ship him off to Beijing anytime soon, either, regardless of the evidence.

Sometimes law enforcement agencies of one nation work with another nation’s law enforcement, but these occasions are rare. Plus, the really big ones involved with the majority of the Internet crime, like Russia, China, and the United States, certainly don’t cooperate with each other.

3. Lack of legal evidence

Another huge impediment to successful convictions is the lack of official, legal evidence. Most courts accept “the best representation” of evidence recorded during the commission of a crime. But most computer systems — and many networks in totality — don’t collect any evidence at all, much less evidence that might stand a chance of holding up in court. I’m still surprised by the number of computers I investigate that don’t, at a minimum, have event logging turned on.

Even if more evidence was collected, most of it wouldn’t stand up to a decent lawyer, assuming it would even be allowed in court. Collecting and preparing good legal evidence takes planning and commitment. Few organizations have the dedication or expertise.

4. Lack of resources

Few victims or victim advocacy groups have the resources, technology, or funding to pursue Internet criminals. I know many people who have lost tens of thousands of dollars to fraudulent transactions, including car sales, stock trades, bank transfers, and so on. Unfortunately, the amount lost usually pales compared to the cost of the resources that would be needed to recover the funds.

Many victims are too ashamed of their own gullibility to report the crime. If they do, a report will be taken — and that’s that. Your local enforcement agency isn’t about to cross international boundaries to try and to recover your personal money. You can report it to the proper authorities, but rarely will they do anything to recover the damages or prosecute.

5. Cyber crime isn’t hurting the economy enough (yet)

Lastly, the amount of Internet crime isn’t hurting economies enough to raise a global red alert. Sure, Internet crime probably results in the loss of hundreds of millions — or perhaps several billion — dollars each year, but that amount of crime has persisted for a long time, well before the Internet.

Most of today’s Internet crimes are newer versions of crimes and scams that have been occurring for decades before the Internet was around. Take credit card fraud: Retail stores would once look up known fraudulent credit card numbers in little paper books that the credit card vendors handed out. Nigerian scams have been around, via paper letters, phone calls, or faxes, at least since the 1990s.

Unfortunately, most Internet crime is seen as a necessary cost of doing business. As long as the majority of transactions are legitimate, the noise will be acceptable.

The solution is right in front of us

I’ve often wondered what it would take for our world to decide to diminish Internet crime substantially. We’ve had the means and technology to do so for a long time. We are not waiting for some fantastic new technology. Everything we need we already have, except for global consensus on how to do it and actually enabling the new features.

Personally, I think it’s going to take a huge disaster. A digital catastrophe will happen eventually and bring down much of the Internet for a few days — or shut down financial markets for a few hours or more. Passive acceptance of Internet crime will no longer be tolerated. We’ll finally have to do something about it.

I’ve been waiting for more than two decades. How about you?

This story, “5 reasons Internet crime is worse than ever,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

roger_grimes
Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author