During the 1920s and 1930s, a part of the U.S. public rooted for gun-toting, mythologized bank robbers like Bonnie and Clyde, John Dillinger, and Pretty Boy Floyd. But the fantasies were often tempered by reports of guards, police, and innocent bystanders injured and killed in the frequent shoot-outs.
It took a while, but eventually law enforcement caught up with the criminals, either taking them into custody or killing them. Certainly, over time, banks changed how they do business, making them less attractive to robbers, but the biggest disincentive was simply the fact that police got better at their jobs and criminals were successfully hunted. Even today, it's no miscorrelation that American prison populations are at an all-time high while crime is at an all-time low.
[ Also from Roger Grimes: 5 ways computer security has truly advanced. | It's time to reconsider security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
The Internet appears to be going through a similar transition now. For too long, the Internet has been a digital safehouse for cyber criminals, large and small. They could conduct their malicious activities with the smallest of risks. Readers and friends often ask me why there are so many cyber criminals and so much malware on the Internet, and I've always replied that it is because the bad people can almost never get caught. This appears to be changing.
The Internet's biggest criminals, the Bonnies and Clydes of the cyber world, are being taken down, along with the lonely teenage hacker. Rarely a month goes by that some vendor or law enforcement agency isn't announcing a takedown of a superrich cyber criminal (or gang) that has been operating with relative impunity for years, and the news services are filled with daily announcements of individual hacker arrests.
Last week, multiple vendors and law enforcement agencies announced the arrest warrant for the leader of the GameOver Zeus and CryptoLocker malware programs. These two programs are suspected of stealing more than $100 million from banks, companies, and private home users. The U.S. Justice Department announced the fugitive's name, home address, aliases, online IDs, location of vacation home, hobbies (boating), and multiple pictures. He remains free for now, but his days of freedom are counting down.
It's normally very hard to arrest cyber criminals because -- besides the obvious hardships imposed by trying to collect legal evidence and crossing international legal jurisdictions -- in truth, foreign countries don't always trust or work well with each other. Often, the cyber criminals paid corrupt politicians and senior law enforcement officials to keep the heat off their backs. The number of recent big arrests, as well as sentences handed down in countries like Romania that have turned a blind eye to cyber crime in the past, shows this lack of cooperation appears to be ending.
Microsoft recently wrote about its efforts to coordinate everyone involved (vendors, Internet service providers, law enforcement, and even the financial sector) to starve the beast. My inbox was full of PR emails from vendors and law enforcement agencies praising themselves and each other for the GameOver Zeus takedown. This public self-congratulations is repeated every time a big takedown occurs -- which is good because it encourages more takedowns.