Cybercrime fight hurt by apathy, law enforcement hurdles

Congressional hearing outlines challenges cybercrime fighters face

General public apathy and collaboration with the law enforcement community assure that cybercrimes of all sorts will continue to rise.

That was one of the conclusions from a congressional hearing this week called "Hacked Off: Helping Law Enforcement Protect Private Financial Information."

A big problem we are facing in the fight against financial crimes is that the criminal complaint has almost disappeared. Even when a police report is filed, it is often "so the bank will give you your money back. Case closed," said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

General public apathy and collaboration with the law enforcement community assure that cybercrimes of all sorts will continue to rise.

That was one of the conclusions from a congressional hearing this week called "Hacked Off: Helping Law Enforcement Protect Private Financial Information."

A big problem we are facing in the fight against financial crimes is that the criminal complaint has almost disappeared. Even when a police report is filed, it is often "so the bank will give you your money back. Case closed," said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham.

MORE SECURITY NEWS: Despite controversy, federal, state wiretaps on the rise

"The understandable hesitation of law enforcement to 'work a case' in these areas has led to an unfortunate form of apathy by the consumer as well as the financial institutions. Large banks lose millions of dollars each year to phishing and malware, but they reimburse the cost to customers and structure the losses into the cost of doing business. Consumers have been trained that if they experience financial losses they should contact their financial institution rather than the police. If they have had their money returned by their financial institution, there is little incentive to share that information with law enforcement," Warner stated.

These activities make it less likely consumers will ever report their victimization in a way that lets intelligence-driven policing Internet crimes occur. "Without a mechanism to gather basic complaint data into a data mine, it becomes very difficult to understand the scope and nature of the crimes we are facing," Warner testified.

Warner added: "Website owners hosting their small business and personal websites in the United States, have had their servers hacked for use by phishing criminals more than 40,000 times so far in 2011. At the present time, I am unaware of a single situation where the hacker was arrested. Because of the experience of the crime 'going overseas' many law enforcement officers are hesitant to take these cases and local law enforcement officers question whether it is even appropriate for them to be involved in a case that is potentially international."

Warner noted that the Federal Trade Commission (FTC) collects consumer complaints from a large number of sources, including the Internet Crime and Complaint Center, the Better Business Bureau, the U.S. Postal Inspection Service, and many state attorney general's offices.

"But there is still an enormous amount of unreported crime. The most recent FTC Consumer Sentinel Report indicates 1.3 million complaints were received from consumers, however the best estimates indicate that there are now more than 11 million identity theft victims per year in the United States. One of the challenges is how to make sure these additional victims can have the crimes against them documented. If even the minor cases are documented properly, data mining of the complaint data can lead to significant cases being brought by linking the smaller cases together," he stated.