International cybercriminals are moving at lightning
speed to defeat corporate security, law enforcement officials and
IT security professionals heard ateCrime
Congress 2009last week.
Security measures such as two factor authentication, that many
online banking services rely on, are no longer as secure as was
first thought.
The challenge is enormous because cybercriminals are unfettered
by national boundaries, while law enforcement agencies' efforts are
limited to local jurisdictions.
In the face of an onslaught from highly organised criminal
organisations, are under-resourced law enforcement agencies
fighting a losing battle?
Most agree that law enforcement alone does not have the
financial, technical or manpower resources that it would take to
make any real impact on cybercrime.
But this does not mean the battle is lost, says UK Metropolitan
Police Service deputy assistant commissioner Janet Williams.
The problem needs to be tackled with imagination and creativity,
Williams, who is the lead on e-crime for the UK's Association of
Chief Police Officers (ACPO), told the conference.
Police are working with UK businesses to share information,
contacts, communications and other resources in a co-ordinated
effort against cybercrime.
And this collaboration informs legislation, which can target
cybercriminals where it hurts the most, says Mary Landesman, senior
security researcher at security supplier Scansafe.
The common denominator to all cybercrime is the web hosting
services that form a critical piece of the underground economy's IT
infrastructure.
These services provide a vital link to the internet for
cybercriminals who use them to host command and control mechanisms
for botnets of hijacked computers.
If governments introduce legislation to control hosting
providers, it will go a long way to curbing the activities of
cybercriminals, says Landesman.
Without such legislation, there is no reason for hosting
providers to turn away lucrative criminal business, she says.