Reactions Mixed to Federal Fraud Sweep

While the Justice Department's crackdown on Internet crime is welcome news, it elicits calls for ongoing action-along with doubts that it will deter attackers.

Federal law enforcement may be heralding Operation Web Snare as the largest cyber-crime crackdown of its kind, but it is receiving mixed reviews on whether it will stymie the rise in Internet fraud.

While some legal and online fraud experts view the operations 103 arrests and 53 convictions as a critical first step in deterring online crooks and spammers, others say it is too little, too late.

The Department of Justice this week announced the joint operation, which began June 1 with the cooperation of other federal and international agencies. It has targeted a range of online crimes, including fraud schemes, identity theft through activities such as phishing, spam, computer hacking and piracy.

"Operation Web Snare is the largest and most successful collaborative law-enforcement operation ever conducted to prosecute online fraud, stop identity theft and prevent other computer-related crimes," Attorney General John Ashcroft said at a news conference Thursday.

Those words gave little comfort to intellectual property attorney Glenn Peterson, of McDonough, Holland & Allen PC in Sacramento. He welcomed the action but feared that federal officials are prematurely claiming victory when the extent of their steps pale in comparison to the problem.

"That news is more scary than it is encouraging," Peterson wrote in an e-mail interview. "It shows that the DOJ has not dedicated anything close to the resources necessary to deal with computer-related crime, especially spam and identity theft.

"Frankly, I think this news should be heartening to online crooks. It reinforces the notion that drives many of them to begin with—that pure statistics favor them not getting caught."

The statistics on Internet fraud continue to rise, particularly in "phishing" schemes where perpetrators lure consumers into providing personal information such as credit card numbers through e-mails and Web site that purport to be from legitimate companies such as banks.

/zimages/5/28571.gifClick here to read more about how phishing schemes are becoming harder to detect.

The Anti-Phishing Working Group reports that phishing attacks are growing at an average of 52 percent a month. In June alone, the number of new attacks rose to 1,422, a 19 percent increased from May, the industry group said in its report, here in PDF form.

To other industry and legal observers, the Justice Departments sweep is a significant step because it shows that federal agencies are taking Internet fraud and crime seriously by seeking and receiving indictments and convictions.

"Hopefully the practical impact will be to remove wrongdoers from the Web and to make it safer to conduct business over the Internet," Michael Graham, a partner with Chicago law firm Marshall, Gerstein & Borun LLP, wrote in an e-mail interview. "This campaign is also important symbolically by demonstrating the seriousness with which our law enforcement authorities take these crimes."

/zimages/5/28571.gifWhat about Europe? Click here to read more about new anti-spam legislation there.

To make a bigger impact, though, federal law enforcement agencies must make sure their efforts are ongoing and follow this weeks operation with other wide-scale prosecutions of spam and phishing, said Anne Mitchell, president and CEO of the Institute for Spam and Internet Public Policy and a professor at Lincoln Law School in San Jose, Calif.

"There needs to be a one-two punch, and this is the first one," Mitchell said. "This is the one that will cause other spammers and phishers to say, Theres a new law, but Im sure they cant catch me.

"When [federal officials] do it again, thats when people will really take notice because it says that they take [prosecution] seriously, and this was not a flash in the pan."

The extent to which Operation Web Snare is prosecuting spammers is uncertain. The Justice Department offered few details on spam cases, though the Direct Marketing Association announced that an anti-spam program it has funded played a role in the effort.

But federal officials did specifically cite phishing, which is often conducted through unsolicited e-mails. Ashcroft also said he directed the U.S. Attorneys Offices and heads of sections of the Justice Department to become familiar with the new Identity Theft Penalty Enhancement Act. The law does not directly address phishing but does add stiffer prison terms for the types of identity theft crimes that could occur in a phishing scheme.

/zimages/5/28571.gifRead more here about the new ID theft law and its impact.

The focus on phishing is significant because it brings more attention to what remains a common source of online fraud for consumers, said Jonathan Wilson, chairman of the American Bar Associations Internet Industry Committee. Attackers are able to lull consumers into responding to as many as 5 percent of phishing attempts, according to the Anti-Phishing Working Group.

"By prosecuting [phishers], they bring the issue to the attention of consumers," said Wilson, also vice president and general counsel at Web hosting company Interland Inc. "If youre an Internet user and now you know what a phishing scam is, then youll be able to identify it more easily."

/zimages/5/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

/zimages/5/77042.gif

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page