If you do the cyber crime, expect to do the time

As I read the latest cyber crime news — at least 1.5 million Visa and MasterCard accounts have been compromised, perhaps many millions more — for once I don’t feel disheartened. There’s a decent chance that the criminals who pulled off this heist will go to jail.

Every public speaker and writer likes a good catchphrase or refrain that will grab the audience’s attention. One of mine: Whenever you read that a superhacker has been arrested, it’s never the superhacker. Even when we know who the superhackers are, we can’t arrest them. They operate with near impunity. Why stop if you can never be caught?

[ Also on InfoWorld: Robert Lemos outlines Microsoft’s whack-a-mole plan to take down criminal bot operators. | Learn how to secure your systems with InfoWorld’s Malware Deep Dive PDF special report and Security Central newsletter, both from InfoWorld. ]

For two decades, my pet rant was true — but the tide has turned. These days, some of the biggest fish are being arrested. My friend Brian Krebs from Krebs on Security has long been documenting the rise and, at last, the fall of Russian cyber criminal enterprises. For years, Brian collected (nonjudicial) evidence on how the Russian gangs operated, who ran them, and how much money they made. Brian was a major thorn in their sides, but they continued to operate. This year, however, most of Brian’s stories about the Russians have ended with shutdowns and arrests. Finally, the people who’ve been stealing tens of millions of dollars each year are being put behind bars.

It’s not just the Russian cyber crime gangs. Botnet operators around the world are getting taken down. Hacktivists who steal information and cause denial-of-service attacks are getting caught. Criminals are turning on each other in an attempt to reduce their sentences. Spam kings are being successfully sued and put behind bars. Scareware scammers are being identified and taken to court. All in all, the last six months have been hugely victorious for the good guys.

Hacker: A shift in public perception What changed? First and foremost, public opinion has shifted. Hackers are no longer perceived by the general public or court systems as the innocent, misguided, mischievous, teenagers that have been the stereotype since the 1983 film “WarGames.” This shift in public opinion is significant because the accused are often tried by a jury of their peers. Today’s malicious hackers are seen as criminals, pure and simple.

Years ago, if a kid was caught hacking his school’s computers, he’d get a stern lecture from the principal and probably end up working in the school’s computer lab. Today, that kid gets expelled and likely arrested. Years ago, spammers were slapped on the wrist when they had their day in court. Today, they spend time in jail. A decade ago, computer virus writers were almost celebrated. These days a malware writer, if caught, will almost certainly be arrested and probably sued in civil court. I’m not sure why it took so long for public opinion to change — perhaps it’s because so many of us have been inconvenienced or victimized. We’ve had enough.

OS and antimalware vendors are working better at tracking suspicious activities and shutting down botnets and command-and-control (C&C) centers. For example, just last week, Microsoft and several partners shut down several large Zeus botnets. This sort of operation is no longer unusual. Microsoft can point to at least three other recent botnet takedowns, and the FBI and other cyber crime fighters claim successful takedowns of the Kelihos spam bot, Spanish Mariposa botnet, Coreflood botnet, and DNSChanger.

Many observers are quick to note that when a big botnet is taken down, another jumps up into its place. In many cases, that is true. But the fact is most of these botnet takedowns resulted in criminal prosecutions, and the evidence seized in their takedowns led to more takedowns. It’s no coincidence that arresting more criminals lowers crime. It might take a while for the results to be felt, but we are seeing improvements.

Another big reason for more cyber arrests is the increasing sophistication of the police forces. For far too long, law enforcement was overwhelmed and undertrained. Now even the littlest, podunk police force has cyber crime specialists, most of whom are well trained and equipped with serious forensics software.

The court systems have moved along as well. Many judges are keenly aware of the cyber issues before them, and some jurisdictions even have special courts to decide heavily technical computer cases. Best of all, conviction penalties and the length of sentences are increasing. Not long ago, the court and justice system couldn’t even spell “InterWebs.” Now they’re finally catching up.

Along with increased police training across the board is the increased cooperation across jurisdictional boundaries. Years ago, if the case was international, law enforcement had to trick the cyber criminal into visiting the country to arrest them. Now, many far-flung nations are cooperating and arresting international cyber crime gangs across time zones. International cyber crime laws have improved, as have the formal and informal police channels needed to track criminals, obtain warrants, and arrest criminals across borders. Distance, long the principal refuge of the cyber criminal, becomes a thinner cloak every day.

Cyber criminal: We know who you are We’re also getting better at identifying the thieves. The news is full of stories in which a single mistake leads to the cyber criminal’s takedown — the LulzSec case is a good case study. Now we’re seeing independent groups using “bread crumbing” techniques to identify hackers by linking their online social media posts to their underground cyber fictional names. The Trident Breach case is one example, but there are many others. My favorite storylines are the ones that detail how the tracking groups end up unmasking the vermin that further complicate the lives of millions of people. The exposures of the Koobface gang and the Rustock author are two instances.

In 20 years of fighting cyber crime, I’d seen only a few pictures of the actual criminals — until recently. Now it’s almost commonplace. Today, if you hack big enough, you’re likely to have your criminal activities exposed to the world and your photo posted online under unflattering headlines for all of your friends and family to see.

It turns out that many of these notorious cyber criminals look like ordinary citizens. I don’t know why it’s surprising to me, but they have spouses and kids, and they take smile-filled family vacations. They’re now seeing less of their families, almost certainly without smiles. No matter what their sentences, it can’t begin to pay for all the suffering they’ve caused others. It’s a start.

Of course, we still aren’t catching most cyber criminals. The proportion escaping prosecution went from something like 99.999 percent to 99.997 percent — but I’ll take it. We’re finally making progress. The thieves are being identified more often, and the judicial evidence necessary for prosecution is being collected faster than ever. The pendulum is beginning to move in the right direction.

This story, “If you do the cyber crime, expect to do the time,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.