For months now, the feds have said organized crime was moving into the realm of cybercrime, using hackers to run scams and break into systems.
But Assistant U.S. Attorney Erez Liebermann, chief of the computer hacking and intellectual property section in New Jersey's U.S. Attorney's Office, says cybercrime has been so profitable for organized crime that they're now using it to fund the rest of their underground operations.
"In terms of the risks and rewards, there's a higher chance of getting more, financially, using the world of computer crime. Organized crime is realizing this," he said. "We have suspicions of organized crime being behind some cybercrime that we're investigating here. The attorney general has issued reports about organized crime and terrorist links using computer crime, hacking and intellectual property crimes as a way of raising revenue. It's being used to fund organized crime."
Analysts at Websense, a Web security company, reported late last year that the mob was expected to band together more closely with hackers in 2007 to form a more organized cybercrime community.
The beefed-up online crime cooperative has begun buying, selling, and trading ready-made cyberattack toolkits and exploiting zero-day vulnerabilities. Dan Hubbard, VP of security research at Websense, noted that organized criminals have realized that the Internet has been an untapped resource for earning them profit. Tools and exploits to steal personal, business, and financial information are the hottest commodities for cybercriminals.
Liebermann said federal law enforcement is in a good position to tackle this burgeoning crime.
"The laws that we have ... target a lot of this activity," said Liebermann. "I do not feel handcuffed, no. There is the Cybersecurity Enhancement Act out there, and if it passes, it would enhance penalties and add computer crime to the list of predicate crimes that would give rise to a RICO [Racketeering Influenced and Corrupt Organizations Act] charge."
The prosecutor added that when they charge someone under RICO, the sentencing guidelines provide enhanced penalties because "organized crime is an enhanced problem to be dealt with." If the law passes and computer crimes are added to the list of RICO crimes, it would enhance the penalties for organized crime with computer acts.
And Liebermann says the United States is becoming more and more able to chase down and prosecute cybercriminals, organized or not, even if they're out of the country. Until recently, launching hacking or denial-of-service attacks from outside U.S. borders was enough to keep criminals beyond the long arm of the U.S. law.
Liebermann says their reach, though, is lengthening.
"It presents a special problem, not just for the U.S. but ... other countries have recognized that this is a problem," he added. "Previously, getting information was a problem. It was a more laborious process to get that information without skipping any steps or taking any roundabouts. Other governments are able to work faster, using the same tools we previously had to get the information back on a more efficient basis. We can pick up a phone with a list of countries, like the United Kingdom or Israel, and have a live body. It's a good list of countries."
And even the countries that aren't participating in a particular process are more willing to help in some way now. That's a huge help, according to Liebermann, because of the fleeting nature of digital evidence.
"Botnet herders shift to new servers again and again and again," he said. "If you identify a server but it takes months to get information from another country, the chance of getting any information on this is very slim. If the cooperation is immediate, the chance of getting information is much better. It's a recognition that computer crime has no boundaries."
Thanks to Sharon Gaudin
No comments:
Post a Comment