Collaboration Helps Nab Cybercriminals

The quick arrests of two of the people allegedly involved in the Zotob and Mytob worms show how international coordination is crucial to curbing Internet-related crimes. The FBI says it worked with Turkish and Moroccan law-enforcement agencies and Microsoft in tracking down the suspects, and the collaboration also aided in the identification of another 15 possible suspects.

Louis Reigel, assistant director of the FBI's cyber division, told attendees at last week's High-Technology Crime Investigation Association conference in Monterey, Calif., that the bureau has been collaborating at a record pace. It recently worked with British authorities to bust a denial-of-service attack ring, and it helped Nigerian officials prosecute a group of online fraudsters for crimes committed in the United States.

But much more collaboration is needed to put a significant dent in cybercrimes, and businesses need a wake-up call. The FBI believes that only about 30% of companies that have had their networks hacked report those incidents to law-enforcement agencies. "If they don't come forward, the likelihood of law enforcement getting that information is dwarfed," Reigel says.

Victimized companies often fear any publicity that makes them look vulnerable. But it's likely the real damage will come from not reporting incidents, says Christopher Painter, deputy chief of the computer crimes and intellectual-property section at the U.S. Department of Justice. "Why not attack the system again and again?" Painter asks. "There's too much of a perception in [the hacker] community that there aren't consequences. Our job is to make sure there are consequences."

Santa Clara University in California is doing its part, having turned to law enforcement a couple of times following recent hacks, says CIO Ron Danielson, who wouldn't elaborate on the nature of the attacks. A lot of cybercrime could be eliminated if software vendors placed security higher on their list of product-development priorities, Danielson says. "Using secure software is a security measure," he says.

Hackers present a huge concern for the school, considering the recent thefts of student information from several universities. Preventive steps taken by the university include pushing operating-system patches to users, since alerts to download updates are often ignored, and implementing bandwidth-monitoring technology in its network switches that will flag suspicious high-bandwidth activity, such as using a system for distribution of a virus.

Meanwhile, technologies used in prosecutions, such as software that can recover files that have been deleted, may begin to play a bigger role. The National Institute of Standards and Technology for the last few years has been testing those technologies to verify they're reliable. But the time it takes to define the required capabilities and test the technologies--as much as a year--is a problem. Susan Ballou, program manager and forensic scientist for the institute's Office of Law Enforcement Standards, says the group is working to speed the process, so that the technology doesn't become outdated before it's useful. "We're too slow," she admits.

But let's face it: Criminals also are getting more effective with their technologies. They're creating software that advances the art of cracking passwords, hijacking browsers, cracking Secure Sockets Layer encryption, and keystroke logging, says Laura Chappell, founder of the Protocol Analysis Institute, who hosted a session during last week's conference. As one unsettling example, Chappell told attendees that she used an instant-messaging sniffing tool to easily listen in on private after-hours conversations among conference attendees.