A McAfee report on cyber-crime advises international cooperation and a tightening of cyber-laws to fight threats on the Web. McAfee also calls on ISPs to aid in the fight against spammers and malware.
Cyber-criminals are getting better; law enforcement needs to as well.
That is the overall theme of the McAfee Virtual Criminology Report
"Cybercrime Versus Cyberlaw." The report paints a picture of poor
international cooperation and ad hoc police efforts-all of which allow cyber-crooks
to keep a step ahead of their pursuers.
The cat-and-mouse game requires both cooperation between countries and
strong enforcement of cyber-crime laws-messages McAfee's Pamela Warren
hopes U.S. President-elect Barack Obama heeds as he prepares to take office.
"We are fortunate that we have a new president-elect who 'gets it'-that
cyber-security is an important subject impacting us at all levels of our lives
and is changing the way we live," said Warren, cyber-crime strategist at
McAfee. "We must ensure an appropriate level of resources-manpower, training-at
all levels of law enforcement to be able to effectively pursue cyber-criminals ...
[and] we must reduce the complexity in our U.S.
law enforcement and make it clear to victims where to go for assistance."
While the Commission on Cyber Security advises Obama to take the lead on
cyber-security legislation and issues such as strong authentication, the McAfee
report also highlights the importance of putting pressure on other countries to
Cyber-criminals take advantage of countries without cyber-crime laws
whenever they can, Warren said. But
even more disturbing are those countries that look the other way entirely when
it comes to cyber crime.
"You can't force a country to change its ways-harboring any kind of criminal-but
we must continue to work with these countries on a diplomatic level to
encourage their active pursuit of cyber-laws where they don't exist, and to
enforce those laws where they do," she said. "In some cases, it may be a
lack of understanding of the magnitude of the problem, how to pursue such
crimes, etc., and we can help ensure these countries get the education they
need. The report indicates Nigeria
as an example of a country that had not prioritized cyber-crime and, in effect,
harbored cyber-criminals there. Now in Nigeria,
things are changing, so it can change."
Crafting cyber-crime laws is not a one-time effort, Warren
said. Even the "Convention on Cybercrime," an international treaty
aimed at addressing cyber-crime, is showing signs of age. Now 7 years old, the
treaty lacks any specific guidance on things such as phishing and identity
theft, according to the McAfee report.
Though the "Additional Protocol to the Convention on Cybercrime" was added
to criminalize the dissemination of racist and xenophobic material through
computers, there needs to be additional protocols added to cover emerging
security threats, the report reads.
"The challenge ... is that technology changes and therefore the
cyber-criminals' techniques," Warren
said. "We must be cognizant of that when we create our laws and try to write
them in ways that enable effectiveness regardless of when the law was written."
But the problem is not all elsewhere. In a separate study issued
Dec. 9 by Sophos
, the United States
is declared the host with the most for malware authors. According to the
report, the United States
hosted 37 percent of the malware on the Web, taking the No. 1 spot from China.
also relay the most spam, the report states.
Addressing that, security researchers have said, also means involving
non-law enforcement entities such as ISPs. As evidenced by the McColo and
Atrivo (Intercage) shutdowns, proactive ISPs can make a difference in the
battle against spammers and hackers.
Forrester Research analyst Jonathan Penn said Obama should consider working
with network infrastructure providers, utility companies and high-profile firms
such as eBay and Amazon to develop an early warning system for cyber-threats.
"Private-sector IT systems are already theaters of operation for
cyber-warfare," noted Penn. "Both
sectors [public and private] must come to the recognition that a collaborative
effort is in their mutual interest. The government should create outreach
initiatives to the private sector and also establish permanent vehicles for
cooperation and coordination."