Why does Internet crime remain a menace? These five reasons have enabled us to accept it -- but that complacency may not last I’ve been fighting Internet crime for more than 20 years. In the old days, the daily malware hot sheet was known as the Dirty Dozen — because it listed only a dozen malware programs. Today we have literally hundreds of millions of malware programs, thousands of professional hacking organizations, and tens of thousands bit players who steal hundreds of millions (if not billions) of dollars via the Internet every year.Though we have smarter online users, better detection tools, and a host of legal tools at our disposal, Internet crime is worse than ever. It’s been a long time since I’ve run into someone who hasn’t had his or her life impacted by Internet crime.[ Watch out for 11 signs you’ve been hacked — and learn how to fight back. Find out how in InfoWorld’s PDF special report. | Keep up on the latest threats and solutions for your systems with InfoWorld’s Security Central newsletter. ]How did we ever let Internet crime get so big? Why do we let Internet criminals get away with so much that it impacts and threatens nearly every transaction we commit over the Internet? Read on: 1. Internet criminals almost never get caughtThe world is full of malicious individuals who have no problem skirting rules and laws, as well as taking property that belongs to other people. Bad people exist — and the Internet is a very low-risk neighborood in which they can run amok. There are tens of thousands of Internet criminals, almost none of whom get caught or prosecuted. If you’re an Internet criminal, you have to be especially brazen for a long time — and make mistakes — before you get caught.You don’t have to be a mastermind or uber hacker. One of the most popular misconceptions is that you have to be hyperintelligent to get away with cyber crime. The exact opposite is true. Most Internet criminals I’ve met (and chatted with online) are not particularly smart. They couldn’t program a simple notepad application, and they certainly don’t have to be as smart as the average defender.They simply lack morals, buy programs from other, smarter programmers, and want to roll the dice and take the risk. But they aren’t taking any real risk, and that’s the central problem: You can get rich without much risk of getting caught. Until this equation changes, we will never see a significant decrease in Internet crime. 2. Indefinite legal jurisdictionMost Internet crime takes place across international borders. Law enforcement agencies are always limited to jurisdictional boundaries. For instance, a city police officer in Billings, Mont., can’t easily arrest someone in Miami, Fla. We have federal law enforcement agencies, which reach across city and state boundaries, but they can’t easily traverse international boundaries.The FBI can’t go to China and arrest someone just because they have legal evidence a crime being committed by a person there. They have to submit a request, which will likely be ignored, to Chinese authorities. But let’s not pick on the Chinese. It’s not like we’re going to arrest an American citizen and ship him off to Beijing anytime soon, either, regardless of the evidence. Sometimes law enforcement agencies of one nation work with another nation’s law enforcement, but these occasions are rare. Plus, the really big ones involved with the majority of the Internet crime, like Russia, China, and the United States, certainly don’t cooperate with each other. 3. Lack of legal evidenceAnother huge impediment to successful convictions is the lack of official, legal evidence. Most courts accept “the best representation” of evidence recorded during the commission of a crime. But most computer systems — and many networks in totality — don’t collect any evidence at all, much less evidence that might stand a chance of holding up in court. I’m still surprised by the number of computers I investigate that don’t, at a minimum, have event logging turned on.Even if more evidence was collected, most of it wouldn’t stand up to a decent lawyer, assuming it would even be allowed in court. Collecting and preparing good legal evidence takes planning and commitment. Few organizations have the dedication or expertise. 4. Lack of resourcesFew victims or victim advocacy groups have the resources, technology, or funding to pursue Internet criminals. I know many people who have lost tens of thousands of dollars to fraudulent transactions, including car sales, stock trades, bank transfers, and so on. Unfortunately, the amount lost usually pales compared to the cost of the resources that would be needed to recover the funds.Many victims are too ashamed of their own gullibility to report the crime. If they do, a report will be taken — and that’s that. Your local enforcement agency isn’t about to cross international boundaries to try and to recover your personal money. You can report it to the proper authorities, but rarely will they do anything to recover the damages or prosecute. 5. Cyber crime isn’t hurting the economy enough (yet)Lastly, the amount of Internet crime isn’t hurting economies enough to raise a global red alert. Sure, Internet crime probably results in the loss of hundreds of millions — or perhaps several billion — dollars each year, but that amount of crime has persisted for a long time, well before the Internet.Most of today’s Internet crimes are newer versions of crimes and scams that have been occurring for decades before the Internet was around. Take credit card fraud: Retail stores would once look up known fraudulent credit card numbers in little paper books that the credit card vendors handed out. Nigerian scams have been around, via paper letters, phone calls, or faxes, at least since the 1990s.Unfortunately, most Internet crime is seen as a necessary cost of doing business. As long as the majority of transactions are legitimate, the noise will be acceptable. The solution is right in front of usI’ve often wondered what it would take for our world to decide to diminish Internet crime substantially. We’ve had the means and technology to do so for a long time. We are not waiting for some fantastic new technology. Everything we need we already have, except for global consensus on how to do it and actually enabling the new features.Personally, I think it’s going to take a huge disaster. A digital catastrophe will happen eventually and bring down much of the Internet for a few days — or shut down financial markets for a few hours or more. Passive acceptance of Internet crime will no longer be tolerated. We’ll finally have to do something about it.I’ve been waiting for more than two decades. How about you?This story, “5 reasons Internet crime is worse than ever,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe