Many observers are quick to note that when a big botnet is taken down, another jumps up into its place. In many cases, that is true. But the fact is most of these botnet takedowns resulted in criminal prosecutions, and the evidence seized in their takedowns led to more takedowns. It's no coincidence that arresting more criminals lowers crime. It might take a while for the results to be felt, but we are seeing improvements.
Another big reason for more cyber arrests is the increasing sophistication of the police forces. For far too long, law enforcement was overwhelmed and undertrained. Now even the littlest, podunk police force has cyber crime specialists, most of whom are well trained and equipped with serious forensics software.
The court systems have moved along as well. Many judges are keenly aware of the cyber issues before them, and some jurisdictions even have special courts to decide heavily technical computer cases. Best of all, conviction penalties and the length of sentences are increasing. Not long ago, the court and justice system couldn't even spell "InterWebs." Now they're finally catching up.
Along with increased police training across the board is the increased cooperation across jurisdictional boundaries. Years ago, if the case was international, law enforcement had to trick the cyber criminal into visiting the country to arrest them. Now, many far-flung nations are cooperating and arresting international cyber crime gangs across time zones. International cyber crime laws have improved, as have the formal and informal police channels needed to track criminals, obtain warrants, and arrest criminals across borders. Distance, long the principal refuge of the cyber criminal, becomes a thinner cloak every day.
Cyber criminal: We know who you are
We're also getting better at identifying the thieves. The news is full of stories in which a single mistake leads to the cyber criminal's takedown -- the LulzSec case is a good case study. Now we're seeing independent groups using "bread crumbing" techniques to identify hackers by linking their online social media posts to their underground cyber fictional names. The Trident Breach case is one example, but there are many others. My favorite storylines are the ones that detail how the tracking groups end up unmasking the vermin that further complicate the lives of millions of people. The exposures of the Koobface gang and the Rustock author are two instances.
In 20 years of fighting cyber crime, I'd seen only a few pictures of the actual criminals -- until recently. Now it's almost commonplace. Today, if you hack big enough, you're likely to have your criminal activities exposed to the world and your photo posted online under unflattering headlines for all of your friends and family to see.
It turns out that many of these notorious cyber criminals look like ordinary citizens. I don't know why it's surprising to me, but they have spouses and kids, and they take smile-filled family vacations. They're now seeing less of their families, almost certainly without smiles. No matter what their sentences, it can't begin to pay for all the suffering they've caused others. It's a start.
Of course, we still aren't catching most cyber criminals. The proportion escaping prosecution went from something like 99.999 percent to 99.997 percent -- but I'll take it. We're finally making progress. The thieves are being identified more often, and the judicial evidence necessary for prosecution is being collected faster than ever. The pendulum is beginning to move in the right direction.
This story, "If you do the cyber crime, expect to do the time," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.