BOSTON—His title may be the first assistant United States Attorney for the Northern District of Ohio, but Craig Morfords work fighting cyber-crime touches nearly every corner of the globe.
Morfords responsibilities include the prosecution of federal terrorism, organized crime, public corruption and corporate fraud, and one of the issues he spends much of his effort on today is battling the growing use of computing networks to help carry out those felonies.
At a security conference organized by imaging giants Xerox here on May 12, Morford blew away attendees with some of the anecdotes and examples of the types of struggles the government and private industry have encountered in trying to stop the flow of proprietary information into the hands of criminals.
eWEEK Senior Writer Matt Hines sat down with Morford at the event held in the vault of the Boston Stock Exchange to see what sort of progress is being made to that end.
One of the big questions we hear from business leaders is who they should to turn to first when trying to report and investigate IT-related crimes. Who should these people call for help?
From what were seeing, the FBI and Secret Service are actually the best places to start, as both have major growing cyber-crime sections tailored to specifically addressing these types of offenses. In some cases were seeing one or the other, and sometimes were seeing both organizations working together. Companies shouldnt be afraid to call these guys up if they have a serious problem to report, its something that the Department of Justice is attuned to, and committed to in terms of addressing a growing need.
Youve obviously got experience in fighting organized crime in the offline world, but as we know theres a huge element of criminal networks backing a lot of the IT-oriented attacks were seeing today. How are organized crime groups adapting to utilize IT systems to carry out their schemes?
Well, you have to understand that this is an almost entirely new type of organized criminal, and that you can define organized crime in a lot of different ways.
It used to be that when people used the term, they were referring to what we typically thought of as organized crime, a family network with some sort of ethnic ties that has bosses, caporegimes and soldiers that work primarily within some specific community.
But what were dealing with in cyber-crime is something different, a community of criminals that is changing and adapting over time. Its a guy in his twenties in a rundown apartment in Ukraine or somewhere else in Eastern Europe who has a network of computers on which theyre communicating with thousands of other people who he has never met in person, and who could be in any country around the globe. And these people are involved in a web of criminal activity. This is something we havent had to deal with before.
One of the critical issues in fighting any sort of crime is what sort of budget you have to support those efforts. Should private businesses and government law enforcement officials be pooling their resources to have a broader impact?
Theres absolutely an opportunity for that type of collaboration, and its one of the many things that were trying to do to help solve this problem. The Secret Service and FBI are both actively reaching out to business, and to law enforcement worldwide for support, education and to help more people understand the threats that are out there.
People need to invest with each other and learn to trust each other, and because of the international nature of the crimes being committed, everyone needs to reach out to foreign governments. If people can establish evidence-sharing treaties and form cooperative arrangements with law enforcement, along with forming partner relationships between corporations and federal investigators, a lot can be achieved.