By Leo Taddeo, Chief Security Officer, Cryptzone
Part 2 of a 2-part series
I recently wrote about the challenges around cybercrime reporting in the US. Organizations often fail to notify law enforcement after discovering a network intrusion – partly because of a reluctance on their part to admit having been a victim, but also because they may not be aware which agency has jurisdiction over their case.
The outcome of this is that a lot of cybercrime is never investigated by the authorities, and a lot of hackers – some of them extremely prolific – are never brought to justice. This makes it difficult for law enforcement to create a meaningful deterrent. The financial rewards of cybercrime are often very high; the risk of getting punished is very low.
However, it’s not just a lack of cybercrime reporting that feeds into this difficulty. There’s also the fact that while the US has had a lot of success in apprehending certain high-profile hackers, other wanted cybercriminals – individuals of similar, if not greater, stature – remain at large with little chance of arrest.
Some of these people are on the FBI’s most-wanted list. Bringing them to justice would act as a significant deterrent for other would-be hackers, and therefore do much to protect the networks of organizations in the US and elsewhere. But can they be stopped?
Apprehending Foreign Cybercriminals is Difficult
One of the key reasons the US has difficulty in stopping wanted cybercriminals is that many of them are located in China and Russia, which significantly hinders our ability to bring them to justice.
I’ve written before about the hacking threat from China and the 2014 indictment of five Chinese military officers for stealing intellectual property from American companies; naturally, those officers have never been extradited. And while President Xi and President Obama have since agreed not to “knowingly support” cybercrime, I would argue that this agreement is unenforceable. In all likelihood, China will continue to use hacking as a tool to further its global power.
Still, at least we’ve opened a discussion. No such dialogue has been sought with Russia, which means US authorities can’t rely on the cooperation of their Russian counterparts when it comes to cracking down on cybercriminal activity originating in that country.
Russian hackers have a long history of targeting financial institutions in the US, and – by all accounts – remain free to do so with relative impunity. Evgeniy Bogachev, one of the most prolific cybercriminals in the world, is a key example; despite having a bigger FBI bounty on his head – $3 million – than any other hacker, he’s reportedly treated as nothing less than a hero in Russia. One policeman in his hometown of Anapa told the British press in 2014: “I’d pin a medal on the guy.”
This is a man whose cybercriminal enterprise is believed to have stolen over $100 million from foreign banks. It’s hard to say for sure if being on the FBI’s most-wanted list has made him any less prolific, but is there any reason for him to stop what he’s doing?
US Organizations Must Act Now to Improve Security
As I said in my last blog post, law enforcement has a hugely important role to play in the fight against cybercrime. By gathering and sharing up-to-date threat intelligence, investigating network intrusions, and ultimately arresting and prosecuting hackers, agencies like the FBI make America a safer place to do business.
At the same time, issues like our inability to extradite wanted cybercriminals from Russia and China, as well as the fact so many cyber attacks go unreported, means no organization can rely on the government to protect it from this growing threat. Only by implementing the best possible controls – securing their networks, applications and data – can American companies truly defend themselves.
Don’t wait for the bad guys to be arrested; strengthen your defenses to stop the bad guys from getting in.