There's no 911 for cybercrime. If there were, would you call?

By Nick Selby, CSO |  Security, cybercrime

In fact, at this point, calling the authorities after you're hacked won't actually get you much. With my vandalism example above, at least the cops could provide directed patrol of your headquarters. No one's gonna patrol your network. Criminals and victims know this: When non-tough-guy Ashton Kutscher goes all Charles Bronson and says he's "coming for" those who hacked his Twitter account, law enforcement's failure to provide a deterrent is highlighted. Outside those very high-profile cases, you're pretty much out of luck when it comes to getting law enforcement help on a computer crime.

Sometimes, that's good. Victims consider very risky the reporting of a cyber attack. They fear the agency will leak, customers will get wind and, God forbid, take their money elsewhere. The last thing anyone experiencing a serious breach needs is to take that risk and report a cyber attack, only to have the agency send over a couple of inexperienced EnCase jockeys -- who all too often botch the forensic capture while the victim spends six, 12 or even 18 months before hearing that, "Crap. They got away." The wheels of justice grind slowly, but seriously?

Before we go too Emile Zola on law enforcement, though, let's recognize that since the victims are not choosing to report, we get the help we seem to be asking for. As I hear cries for new cyber legislation, I can't help but observe that we still have never taken the current laws -- under which cyber crimes are clearly serious crimes -- out for a spin. Without test cases, prosecutors at the state and local level can never learn which tools they really need and request legislative changes which are useful in prosecuting cybercrime.

The FBI aggressively asserts dominance in big cyber investigations, and its agents simply can't conduct a full-on investigation unless a federal prosecutor feels the case is strong enough to win hands-down and the victim is cooperative. Yeah, it happens as often as you'd expect.

Should the FBI be the only recourse to someone who's been hacked? I argue it should not -- local, county, state and tribal law enforcement agencies should not -- as they have -- abdicate responsibility to the FBI merely because prosecuting cyber crime is hard. Prosecuting aggravated assault, aggravated robbery and burglary is hard, too, but that doesn't mean the local constabulary gets to throw its hands (and by the way, our local tax dollars) up in the air and say, "Boy howdy! That there's a toughie. You better get you a G-Man."


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question