Blog article
See all stories »

An article relating to this blog post on Finextra:

Going underground

Kimberly Kiefer Peretti from the Computer Crime and Intellectual Property Section of the US Department of Justice probes the shady world of 'carding' and the organisations behind large-scale data brea...


See article

Cybercrime Czar? Government bailout for cybercrime?

Barack Obama announced last week that there will be a new Cybercrime Czar in the US reporting directly to the president. We wonder what, if any good that will do. Can he/she be more than a figurehead when the crimes they want to stop originate in the Ukraine or Bulgaria or Indonesia? Will they attempt to burden us with more ineffective regulation? Will they prescribe government ordained solutions that deal with the problems of 6-12 months ago, rather than let the free market respond with solutions in real time? We don't know, but the fact that Obama's servers were hacked during his much-touted social media-driven campaign gives some insight into why he believes this is so important.

Cyber-banditry long ago outgrew the notion of the solo, acned, 17 year-old hacker in his parents' basement, and is now recognized as being a truly global criminal enterprise.  And while international cooperation is important, depending on governments to protect data privacy and security will only go so far.  Critical differences in national laws for investigation, prosecution and conviction stand as ready-made barriers to effective international cooperation.  Attaching penalties to mishandling of sensitive data makes sense, but depending on governments for comprehensive oversight is a flawed strategy.  And this presumes that all jurisdictions care enough about cybercrime to have laws on the books.

For example, in some jurisdictions, data can be used to make a case, but not prosecute.  An article at mondaq.com authored by Prokauer Rose LLP, 'European Union: EU Data Privacy Agency Adopts Recommendations On Reconciling EU Data Privacy Requirements With U.S. Litigation Rules', highlights how differences in jurisdictions' data privacy laws between the EU and US can heavily constrain prosecutors.  Commerce is global, and crime is global - but anti-crime laws remain national and sometimes even more localized, with state and provincial laws able to hamstring international investigations and prosecutions.

To understand just how global and insidious cybercrime has become, every CIO, CFO and every executive of companies doing business on the internet should read Kimberly Kiefer Peretti's detailed review of carding's hidden world.  The extensive professional organizations carding networks now operate have long range implications for national and international security well beyond the financial/commercial world.

As a recent Gartner study and other 2009 reports from the Identity Theft Resource Center make clear, data breaches have wide implications in direct fraud, delayed, multi-pattern fraud, and the scope and scale of breaches, with accompanying frauds clearly on the rise.  The Gartner study also makes clear that the prosecution track records are abysmal.  In this era of exploding government debt we can't expect more resources to come the prosecutors' way. 

With jurisdictional, legal, and economic issues preventing an effective government response, companies and organizations must take greater responsibility for data security and defending against criminal activity themselves, no matter what laws say.  There is no government bailout for cybercrime.

a member-uploaded image
4833

Comments: (0)

Andre Edelbrock

Andre Edelbrock

CEO

Ethoca

Member since

27 Jan 2009

Location

Toronto

Blog posts

8

Comments

1

More from Andre

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all