Listcrime tell you What is government doing about cybercrime?

LISTCRIME

YOUR ONE STOP CYBER CRIME INFORMATION SHOP

FEDERAL GOVERNMENTS RESPONSE TO CYBERCRIME

Listcrime is a one-stop-shop for reliable, up-to-date information about cyber crime, we at Listcrime.com want to give home users and small businesses the advice they need to use the Internet safely. For the most part, references within this web page appear as links to the actual site that the information came from. I revert to customary referencing when citing non-WWW based sources. A bibliography of any sources not linked will appears at the end of this web page.

What is the Federal Government doing about Cyber Crime?

CLICK HERE: REVIEW FULL REPORT

The Government Accounting Office (GAO) took an assessment of the Federal Governments fight against cyber crime and unfortunately it did not like what they saw. In a report issued June 2007 , the GAO said despite huge efforts by public and private entities to address cyber crime, those efforts are falling way too short. The agency pointed out five areas it said were key challenges the government – federal, state and local – corporations and individuals face in slowing cybercrime. Those challenges include:

1) Information: reporting cyber crime—companies and government agencies do not always detect or report cyber crimes.

2) Experience: ensuring adequate law enforcement analytical and technical capabilities—law enforcement organizations often have difficulty obtaining and retaining investigators, prosecutors, and examiners with the specialized skills needed to address cyber crime; this is due in part to the staff rotation policies in place at certain law enforcement organizations.

3) Jurisdiction: working in a border less environment with laws of multiple jurisdictions—because cyber crime crosses national and state borders, law enforcement organizations have to deal with multiple jurisdictions with their own laws and legal procedures, a situation that complicates investigations.

4) Lax security: implementing and raising awareness about strong information security practices—our experience in evaluating the information security of federal agencies demonstrates the difficulty that organizations face in maintaining strong information security programs; despite efforts by public and private entities to raise awareness about the importance of information security, many organizations and individuals remain insecure.

5) Bad policies: Public and private entities, cyber crime partnerships, and task forces have initiated efforts to address these challenges, including leveraging resources and technologies to fight cyber crime However, more can be done to help ensure agencies have adequate law enforcement capabilities. Specifically, staff rotation policies at key law enforcement agencies may hinder the agencies’ abilities to retain analytical and technical capabilities supporting law enforcement.

The GAO’s “Cyber crime: Public and Private Entities Face Challenges in Addressing Cyber Threats,” says the direct economic impact from cyber crime is estimated to be in the billions of dollars annually. The annual loss due to computer crime was estimated to be $67.2 billion for U.S. organizations, according to a 2005 Federal Bureau of Investigation survey.

In addition, there is continued concern about the threat that our adversaries, including nation-states and terrorists, pose to our national security. For example, intelligence officials have stated that nation-states and terrorists could conduct a coordinated cyber attack to seriously disrupt electric power distribution, air traffic control, and financial sectors.

Also, according to FBI testimony, terrorist organizations have used cyber crime to raise money to fund their activities. Despite the estimated loss of money and information and known threats from adversaries, the precise impact of cyber crime is unknown because it is not always detected and reported. The report also notes that the different types of cyber crime act ivies are on the rise.

For example:

·        Spam: Has increased over 65% since January 2002.Approximately 88% of all e-mail processed at service centers is classified as “junk.” From September 2006 to March 2007, Postini collected over 60 billion pieces of spam totaling 537.7 terabytes of data. Between July and December 2006, spam constituted 59% of all e-mail monitored. Through 2005, hackers most frequently targeted the telecommunications and health care sectors, where almost 80% of all e-mail traffic was spam.

·        Botnets: Between July and December 2006, an average of 63,912 active, bot-infected computers per day were observed, an 11% increase from the previous reporting period.

·        Phishing: Between July and December 2006, 166,248 unique phishing messages detected, a 6% increase over the first 6 months of 2006. An average of 904 unique phishing messages per day was reported for the second half of 2006. During the same period, over 1.5 billion phishing messages were blocked. During 2006, U.S.-based businesses were the most targeted organizations of phishing e-mails, accounting for 71% of all phishing e-mail. In addition, more than 55% of the world’s phishing attacks fabricate company Web sites that are hosted in the United States.

·        Malware: Between January and June 2006, approximately 2 million of the 4 million computers cleaned by the malicious software removal tool had at least one backdoor Trojan horse. 43,000 new variants of malware were found in the same period.

·        Trojan horses: In 2005, close to 40% of the financial services and banking industry sector suffered the most Trojan horse attacks.

The report wasn't all bleak. The GAO says that federal and state law enforcement organizations are taking steps to help them work in the border less environment within which cyber criminals operate. For example, federal, state, and local law enforcement organizations participate in cyber crime task forces that combine a region’s law enforcement capabilities to investigate and prosecute cyber crime in the most advantageous way. To address transnational jurisdiction, investigation, and prosecution issues, DOJ and the State Department have established agreements with more than 40 nations through the G-8 High Tech Crime Working Group to address cyber crime cooperatively.

The GAO concludes: “We recommend that the Attorney General direct the FBI Director and the Secretary of Homeland Security direct the Director of the Secret Service to assess the impact of the current rotation approach on their respective law enforcement analytical and technical capabilities to investigate and prosecute cyber crime and to modify their approaches.”

Unfortunately Federal Law enforcement can only do so much, it's a two step process. Even if a Federal Law Enforcement agency wants to investigate it needs the help of the U.S. Attorney's Office to investigate and prosecute. Most cyber investigations involve subpoenaing ( ISP's) Internet Service Providers for records and due to the amount a majority of U.S. Attorney's offices are not willing to pursue the case.

What commonly happens is that U.S. Attorney's office will decline prosecution because your monetary loss is just not enough for them to seek prosecution at the federal level.

An Assistant United States Attorney has discretion to decline to prosecute a case based on several considerations. The Assistant United States Attorney must decline if the evidence is too weak. The Assistant United States Attorney is ethically bound not to bring criminal charges unless the admissible evidence will probably be sufficient to obtain a conviction. However, even when the evidence is sufficient, the Assistant United States Attorney may consider that there is not a sufficient federal interest served by prosecution, but that the defendant is subject to prosecution in another state or local court (including a state court for the prosecution of juvenile delinquents).

SEE DEPARTMENT OF JUSTICE WEB SITE

FBI STRATEGIC PLAN

U.S. SECRET SERVICE STRATEGIC PLAN

THE NATIONAL STRATEGY TO SECURE CYBERSPACE

The Government Role in Securing Cyberspace

This National Strategy to Secure Cyberspace is part of an overall effort to protect the Nation. It is an implementing component of the National Strategy for Homeland Security and is complemented by the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The purpose of the strategy is to engage and empower Americans to secure the portions of cyberspace that they own, operate, or control, or with which they interact. Securing cyberspace is a difficult strategic challenge that requires coordinated and focused effort from our entire society—the federal government, state and local governments, the private sector, and the American people. In general, the private sector is best equipped and structured to respond to an evolving cyber threat. There are specific instances, however, where federal government response is most appropriate and justified. Looking inward, providing continuity of government requires ensuring the safety of its own cyber infrastructure and those assets required for supporting its essential missions and services. Externally, a government role in cyber security is warranted in cases where high transaction costs or legal barriers lead to significant coordination problems; cases in which governments operate in the absence of private sector forces; resolution of incentive problems that lead to under provisioning of critical shared resources; and raising awareness.

The National Strategy to Secure Cyberspace articulates five national priorities including:

1. A National Cyberspace Security Response System
2. A National Cyberspace Security Threat and Vulnerability Reduction Program
3. A National Cyberspace Security Awareness and Training Program
4. Securing Governments’ Cyberspace
5. National Security and International Cyberspace Security Cooperation

What the National Strategy to Secure Cyberspace or our Government says is that Public-private engagement is a key component of our Strategy to secure cyberspace.

They base this on several reasons:
1. Public-private partnerships can usefully confront coordination problems.
2. They can significantly enhance information exchange and cooperation.
3. Public-private engagement will take a variety of forms and will address awareness, training, technological improvements, vulnerability remediation, and recovery operations.

According to this Strategy a federal role in these and other cases is only justified when the benefits of intervention outweigh the associated costs. This standard is especially important in cases where there are viable private sector solutions for addressing any potential threat or vulnerability. For each case, consideration should be given to the broad-based costs and impacts of a given government action, versus other alternative actions, versus non-action, taking into account any existing or future private solutions.

Federal actions to secure cyberspace are warranted for purposes including: forensics and attack attribution, protection of networks and systems critical to national security, indications and warnings, and protection against organized attacks capable of inflicting debilitating damage to the economy. Federal activities should also support research and technology development that will enable the private sector to better secure privately-owned portions of the Nation’s critical infrastructure.

According to the White house's plan the National Strategy to Secure Cyberspace outlines an initial framework for both organizing and prioritizing efforts. It provides direction to the federal government departments and agencies that have roles in cyberspace security. It also identifies steps that state and local governments, private companies and organizations, and individual Americans can take to improve our collective cyber security The Strategy highlights the role of public-private engagement. The document provides a framework for the contributions that we all can make to secure our parts of cyberspace. The dynamics of cyberspace will require adjustments and amendments to the Strategy over time.

Most experts believe that some countries have become known safe havens for cyber criminals and international pressure to crack down has not worked in those safe havens because the local government has financial ties to criminals, has a political agenda encouraging them or unfortunately the country is so poor that fighting cybercrime is not a priority or high on the agenda of the counties problems.   Leading experts believe that until cybercrime is rooted into society and grows beyond a manageable risk it will not be tackled on a global scale. Cyber crime is just like drugs, prostitution, and guns it will only receive the correct resources to address the problem when it truly rises to a national and global level.

Until that day comes you will always have sites like LISTCRIME.COM

CONTACT US       ABOUT US     DISCLAIMER

COPYRIGHT ©LISTCRIME 2008 ALL RIGHTS ®RESERVED