Cyber-criminals are getting better; law enforcement needs to as well.
That is the overall theme of the McAfee Virtual Criminology Report "Cybercrime Versus Cyberlaw." The report paints a picture of poor international cooperation and ad hoc police efforts-all of which allow cyber-crooks to keep a step ahead of their pursuers.
The cat-and-mouse game requires both cooperation between countries and strong enforcement of cyber-crime laws-messages McAfee's Pamela Warren hopes U.S. President-elect Barack Obama heeds as he prepares to take office.
"We are fortunate that we have a new president-elect who 'gets it'-that cyber-security is an important subject impacting us at all levels of our lives and is changing the way we live," said Warren, cyber-crime strategist at McAfee. "We must ensure an appropriate level of resources-manpower, training-at all levels of law enforcement to be able to effectively pursue cyber-criminals ... [and] we must reduce the complexity in our U.S. law enforcement and make it clear to victims where to go for assistance."
While the Commission on Cyber Security advises Obama to take the lead on cyber-security legislation and issues such as strong authentication, the McAfee report also highlights the importance of putting pressure on other countries to pass cyber-laws.
Cyber-criminals take advantage of countries without cyber-crime laws whenever they can, Warren said. But even more disturbing are those countries that look the other way entirely when it comes to cyber crime.
"You can't force a country to change its ways-harboring any kind of criminal-but we must continue to work with these countries on a diplomatic level to encourage their active pursuit of cyber-laws where they don't exist, and to enforce those laws where they do," she said. "In some cases, it may be a lack of understanding of the magnitude of the problem, how to pursue such crimes, etc., and we can help ensure these countries get the education they need. The report indicates Nigeria as an example of a country that had not prioritized cyber-crime and, in effect, harbored cyber-criminals there. Now in Nigeria, things are changing, so it can change."
Crafting cyber-crime laws is not a one-time effort, Warren said. Even the "Convention on Cybercrime," an international treaty aimed at addressing cyber-crime, is showing signs of age. Now 7 years old, the treaty lacks any specific guidance on things such as phishing and identity theft, according to the McAfee report.
Though the "Additional Protocol to the Convention on Cybercrime" was added to criminalize the dissemination of racist and xenophobic material through computers, there needs to be additional protocols added to cover emerging security threats, the report reads.
"The challenge ... is that technology changes and therefore the cyber-criminals' techniques," Warren said. "We must be cognizant of that when we create our laws and try to write them in ways that enable effectiveness regardless of when the law was written."
But the problem is not all elsewhere. In a separate study issued Dec. 9 by Sophos, the United States is declared the host with the most for malware authors. According to the report, the United States hosted 37 percent of the malware on the Web, taking the No. 1 spot from China. U.S. computers also relay the most spam, the report states.
Addressing that, security researchers have said, also means involving non-law enforcement entities such as ISPs. As evidenced by the McColo and Atrivo (Intercage) shutdowns, proactive ISPs can make a difference in the battle against spammers and hackers.
Forrester Research analyst Jonathan Penn said Obama should consider working with network infrastructure providers, utility companies and high-profile firms such as eBay and Amazon to develop an early warning system for cyber-threats.
"Private-sector IT systems are already theaters of operation for cyber-warfare," noted Penn. "Both sectors [public and private] must come to the recognition that a collaborative effort is in their mutual interest. The government should create outreach initiatives to the private sector and also establish permanent vehicles for cooperation and coordination."