Why Computer Criminals Are Hard to Catch
As if computer crime laws and
prosecution were not enough, it is also difficult for law enforcement agencies
to catch computer criminals. There are two major reasons for this.
First, computer crime is a
multinational activity that must usually be pursued on a national or local
level. There are no international laws on computer crime. Even though the major
industrial nations cooperate very effectively on tracking computer criminals,
criminals know there are "safe havens" from which they cannot be caught.
Often, the trail of a criminal stops cold at the boundary of a country. Riptech
Inc.
[BEL02] studies Internet
attack trends by many factors. For the period JanuaryJune 2002 the United
States led the world in source of Internet attacks (40 percent)
followed by Germany (7 percent). But when you normalize these data for number
of users, a very different pattern emerges. Per Internet user, Israel and Hong
Kong lead among those nations with more than 1 million users, and Kuwait and
Iran top the list among nations with fewer than 1 million users. Nations all
over the globe appear on these lists, which demonstrates that attackers can and
do operate from many different countries.
Complexity is an even more
significant factor than country of origin. As we have stated throughout this
book, networked attacks are hard to trace and investigate because they can
involve so many steps. A smart attacker will "bounce" an attack
through many places to obscure the trail. Each step along the way makes the investigator
complete more legal steps. If the trail leads from server A to B to C, the law
enforcement investigators need a search warrant for data at A, and others for B
and C. Even after obtaining the search warrants, the investigator has to find
the right administrator and serve the warrants to begin obtaining data. In the
time the investigator has to get and serve warrants, not to mention follow
leads and correlate findings, the attacker has carefully erased the digital
evidence.
In a CNET News article,
Sandoval [SAN02] says law enforcement
agencies are rarely able to track down hackers sophisticated enough to pull off
complicated attacks. Sandoval quotes Richard Power, editorial director of the
Computer Security Institute: "It's a world class business." Independent
investigator Dan Clements says, "only about 10 percent of active hackers
are savvy enough to work this way consistently, but they are almost always
successful."
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.