• United States



They fought the law, the law won

News Analysis
Jul 26, 20154 mins

An overview of recent arrests and convictions of online criminals from around the world

europol darkode Europol

Reading the headlines relating to cyber-security you would not be blamed for thinking we are in a losing battle against relentless foes. The breaches at OPM, Ashley Madison, Target, Sony, and many others highlight criminals are consistently looking for ways to breach our defences. It is understandable then why many CISOs may look nervously at their networks wondering if they will be the next victim, or worse, are they already a victim without knowing it.

Even if you detect and repel a cyber-attack against your systems there is the added complication of whether or not to involve law enforcement in the case. For many this brings more work for potentially little return given the difficulty, especially in cross jurisdiction cases, law enforcement can have in attributing the attack, arresting those behind the attack, and for the courts to sentence them. So many companies decide to simply deal with the attack, clean up their systems, and continue with business as usual. For many, involving law enforcement is a timely exercise which may not result in those responsible being brought to justice.

However, recently I’ve noted a subtle addition to many of the news stories seen in various publications over the past number of weeks. These stories give a glimmer of hope that all is not lost and that cyber-criminals may not be as untouchable as they thought.

Over the past number of weeks we have seen a series of arrests, court cases, and convictions where those who have been involved in cyber-crime have been brought to justice, these include;

While the number of arrests and convictions is very welcoming to see, for me there is more behind the headlines that gives cause to celebrate. In particular, those cases involving multiple police forces working across different jurisdictions. The cooperation demonstrated in these international operations is heartening to see. In addition, the lessons learned from them can be brought to bear on future operations to increase their likelihood of success. Each arrest in many cases will also provide a treasure trove of intelligence and data that law enforcement can use to identify other criminal gangs.

Working in information security can lead us to often look at the negative aspect of the business. Sometimes though, it is good to look at the positive side and enjoy the victories that do arise. 

brian honan

Brian Honan is an independent security consultant based in Dublin, Ireland, and is also the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor on Internet Security to Europol's Cybercrime Centre (EC3), and an adjunct lecturer on Information Security in University College Dublin. He is the author of the book "ISO 27001 in a Windows Environment" and co-author of "The CSA Guide to Cloud Computing" and "The Cloud Security Rules". He is a regular speaker at major industry conferences. In 2013 Brian was awarded SC Magazine Information Security Person of the year for his contribution to the computer security industry"

More from this author