If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep

'We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime'

Mieke Eoyang
Another way ... Mieke Eoyang (Photo copyright: Third Way)

Enigma A plague of ignorance and misplaced priorities in government and law enforcement, from neighborhood cops all the way up to international bodies, is allowing cyber-crime to run rampant.

So says Mieke Eoyang, long-time US government policy adviser and veep of the national security program at Washington DC think tank Third Way. Speaking at the 2020 Enigma conference in San Francisco on Wednesday, Eoyang made the case for allocating more time and money to finding and snaring internet crooks, hauling them into court, and shutting down this criminality.

In other words, proactively catching criminals will have long-term benefits, and that rather than focusing too hard on stopping staff clicking on phishing links, we should also go after the fraudsters sending the links in the first place.

After citing figures from Uncle Sam that show only three in 1,000 cyber-crimes are actually prosecuted – the actual ratio could be closer to three in 100,000 as the FBI tends to underestimate the extent of cyber-crime, she explained – Eoyang said police and agents are either told not to pursue online fraudsters or not given the training and resources to do so.

"We continue to blame users for not avoiding clicking on every phishing link," said Eoyang, a former staff director for the US House of Representatives Permanent Select Committee on Intelligence.

"When a breach becomes public the response all too often is to blame the victim company. We are focusing on defending systems over identifying, pursuing, and bringing to justice the person behind the cyber-crime."

One key problem, Eoyang argued, is that police officers, at the city to state level, lack the basic skills to pursue online crimes, and instead hand cases off to overworked and undermanned specialized cybercrime units. As a result, in many cases, cybercrime falls through the cracks, considered too big for your neighborhood plod and not significant enough to catch the attention of elite federal or national cyber-crime investigation teams.

One solution would be to expand the skill set of rank-and-file officers to include basic IT and data security techniques, she suggested.

crime

To catch a thief, go to Google with a geofence warrant – and it will give you all the details

READ MORE

"This is an overlooked area that is very specialized in the FBI and not something they all know about," Eoyang said. "We need to rebalance resource investment in this area, we need to build cyber investigation-capable law enforcement."

There is also the matter of international cooperation, and in that area authorities need to be a bit more creative.

For example, Eoyang pointed out that even though an online criminal may be shielded from extradition by operating out of somewhere like Russia, they almost inevitably expose themselves to arrest when they opt to spend their ill-gotten gains in Malta, Israel, and high-end destinations. To that end, building diplomatic ties and getting cooperation from law enforcement in other countries will be critical.

One area where Eoyang doesn't see the need for the government to step up its efforts, however, is busting encryption. Drawing applause from the crowd of security professionals in attendance, the former congressional staffer declared that Feds-only backdoors are simply not the way to go.

"This [strong end-to-end encryption] is not the only thing that stands in the way of their ability to investigate," she said. "They don't even know how to write a proper request to the tech companies for the information they already can access." ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020