InfoWorld Home / Security Central / Security Adviser / We're losing the war on cybercrime
August 28, 2009

We're losing the war on cybercrime

While we chase after two-bit malicious hackers, cybercrime syndicates remain untouchable

| Print | 12 comments|
916 Recommendations

You may have read the reports: We have captured Albert Gonzalez, one of the "world's biggest malicious hackers." Big deal.

I've been fighting cybercrime for more than 20 years, so you'll have to excuse me if I'm a little jaded for thinking that this "huge" hacker is but another small-time player in the big-time world of cybercrime. In fact, I'm pretty sure that we still haven't captured a single major player -- the Pablo Escobars.

[ The Department of Homeland Security reports that the IT sector is resilient against serious cyberattacks. | Learn how to secure your systems with InfoWorld's free Security Central newsletter. ]

We know there are large, corporate crimeware gangs that steal tens (if not hundreds) of millions of dollars from unsuspecting Internet victims each year. They have corporate headquarters that would fit the mold of the Fortune 1000. They have extensive payrolls, pay millions in taxes, and enjoy business growth that would be the envy of Wall Street. Yet we haven't prosecuted a single person from any of these big online cybercrime syndicates, and I have no reason to believe that will change over the next few years. We are getting better at prosecuting cybercriminals in countries such as the United States, but these large organizations are based in other countries, protected by those nations' political leaders.

Professional organized cybercrime started with the "king of spam" corporate giants in the late 1990s. These organizations often made millions under the guise of legitimate Internet marketing while sending billions of illegal e-mails. Many of the owners became and remained rich. They bought large houses and outrageous cars, got new beautiful wives, and sent their kids to expensive private schools. Heck, spammers aren't even considered in the top 200 spammers unless they are sending out hundreds of millions of illegal e-mails per day.

Related Content...
additional resources
White Paper - How to Improve Delivery of Advanced Web Applications

White Paper

Virtual Workforce: The Key to Expanding The Business While Cutting Costs

Get the independent advice and expertise you need to support a virtual workforce.

Go inside:
The three-step approach to making a virtual workforce a reality.
The four flavors of client virtualization technologies.
The three key initiatives that solve IT challenges.
Download now »
White Paper: Successfully Secure Your Wireless LAN With Wi-Fi firewalls.

White Paper

Addressing Linux Threats Leveraging Fewer Resources

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now »
White Paper - The 2009 Handbook of Application Delivery

White Paper

The 2009 Handbook of Application Delivery

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.

Download now »
White Paper - Is Your Backup System Outdated?

White Paper

Mid-range Storage Considerations

A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »
12 of 12 comments
Sign In or Register to comment
quadibloc 28-Aug-09 6:44am
Given that we haven't been able to evict Russia from parts of Georgia, I'm not sure how we can be expected to deal with criminal activity that is protected by the Russian government. If Medvedev and Putin are voted out, things might change. Otherwise, since natural gas revenues seem to have allowed Russia to rebuild its nuclear arms, it would seem the prospects for an attempt at regime change in Russia are dim.
Rob Lewis 28-Aug-09 8:38am

Definitely true, but sad. I love that you call them the way things are.

These crime syndicates are probably having a good laugh as they read this and they will keep laughing as long as the industry resorts to the sorry, broken-down security model in use today. That's another sad truth.

Location doesn't matter much. If it wasn't Russia, it would be somewhere else.

MAS 28-Aug-09 11:47am
It's not just cybercrime that we are losing the war on.
Crime syndicates or all sorts (including cybercrime) are running roughshod over everything.
Carl Street 29-Aug-09 2:08am
3 replies

Well Mr. Grimes, wake up and smell the reality.

What is truly amazing to me is that you, who purport to be a trained security professional are unaware that as far back as the days of the Pharaohs of Ancient Egypt the story of security enforcement has been an uninterrupted saga detailing the failure of "security services" who out of cowardice, corruption, and/or cozying up to power have invariably focused their efforts on the politically emasculated and petty criminals while studiously avoiding any confrontation with the real large scale criminals who might pose a career threat.

Perhaps you personally are NOT corrupt -- one can only hope -- but are a victim of an education system that no longer teaches history; other than the politically correct version, of course.

The unvarnished truth is that “security services” are largely worse than useless against any real threat because they will be either deliberately blind to such activities and/or active participants and perpetrators. While they generally make a great show of stopping small threats; they are largely rubber crutches at best when any real threat appears.

jspurr01 29-Aug-09 5:15am
1 reply
Nothing Mr Grimes says suggests that he is "unaware" of the sad history of security forces vs the criminal forces. He is actually documenting the current situation for the unaware masses. Your hyper-cynical, accusatory commentary unfairly besmirches Mr. Grimes and inapprorpiately broad-brushes security professionals at large.
Carl Street 29-Aug-09 2:37pm
Blaming the messenger is a popular ad hominem attack that will no doubt play well with the pseudo-moral security class; however, it does NOTHING to change the reality. Your apology is accepted.
Roger A. Grimes 31-Aug-09 6:05am
Carl, What a strange reply. In your long diatribe you share one good point...that organized crime has been around for a long time. I am a happy student of history. While I don't know all history, I am certainly well aware that organized crime has been a part of life at least since the days of recorded history, if not before. The Christian Bible has relevant stories from thousands of years ago. But as smart as you are trying to appear to be you then trivialize the well meaning people on the side of good. You lump all the good people in with the bad people, claiming cowardize, corruption, etc., rule even the good people. You don't leave any room for all the good people that fight the good fight, and aren't corrupt, scared, or any of those other things. Fighting crime, any crime, is a complex undertaking, especially where scare resources are involved and where the good guys have to follow societal rules so they don't become as bad as the bad guys they fight. I'm glad you only kinda accuse me of being corrupt. If anyone is making an ad hominem argument it is you. I'd add that in your short posting you also make the mistakes of false continuum and false dichotomy, if not even more.
nigebj 4-Sep-09 9:44am
Perhaps Mr Grimes assumed his average, educated reader was all too well aware of the failing of "security services" over time and was simply trying to make the point that despite the hype, nothing has changed. May be his ego didn't lead him to need to treat his audience as uneducated morons - which is possibly why he is a columnist and not simply a troll.
bz8x8c 29-Aug-09 8:27am
None of this will change until cybercrime becomes a topic of discussion among our world leaders. It's high time this issue was raised in the world forums in which we have to work. If the US and other developed countries severed the Internet link with problem countries such as China and Russie, they would take notice when it starts to hit the pocketbooks of legitimate business entities. Trade is now largely Internet based, so Internet embargoes against countries that allow cybercrime would make a difference, if anyone has the guts to take such measures. Even if they don't, the immediate impact would be an improvement in cyber-security.
shadoweyez 30-Aug-09 12:30pm
First post on this fourm... Excellent article on the larger cybercrime issue. bz8x8c said "If the US and other developed countries severed the Internet link with problem countries such as China and Russie, they would take notice when it starts to hit the pocketbooks of legitimate business entities." Maybe instead of cutting the cord with China or Russia, we should start "whitelisting" the cord. Everything not allowed, people/business that need to communicate get approval through some (VERY lightly regulated) gov't or private business-alliance type body first. While I realize this is against the core internet and "net neutrality" we may be at the point that this extra cost is less than the cost of fighting the never ending flood of spam/malware. I support the net neutrality concept, but on a practical level this could work out from a cost-benefit standpoint. The thorny issue then is who would regulate this whitelist, and under what criteria. This would at least shift the issue into a different and possibly more easily understood realm for the general public and lawmakers who seem to be behind on making effective rules relating to technology.
rcprimak 31-Aug-09 1:38pm
Cutting the cord with Russia and China is the LAST thing we should do! It is only when Chinese and Russian citizens can communicate with USA and EU citizens, that the corruption of the governments of China and Russia can be effectively fought from within those countries. Case in point -- Iran. Just think what might have happened over there if Western governments had branded Iran a Terrorist State and banned all Internet (and Twitter) communications between US and THEM. Sometimes contacts with us are the best way of fighting the cultures of corruption which have been protecting the international cybercrime syndicates. Keep the Internet open for such communications!
Apple 17-Sep-09 11:09pm
War is something sounds not good for me.At some point in time, we have heard the phrase "Si vis pacem, para bellum." Some people get confused, as most schools don't cover a lot of things Latin (we don't mean salsa dancing – we mean swords, sandals, Ides of March and Julius Caesar Latin) but that being said, what Si Vis Pacem, Para Bellum literally means is "If for peace, for war." It's a paraphrasing of a military philosopher from the late 4th century, Publius Flavius Vegetius Renatus, from his work De Re Militari. (Literally, On Military Matters, a book that was a cornerstone of European military thought and tactics for centuries.) It means that if some one desires to keep peace, then they had better get a cash advance and be prepared to defend it – Si Vis Pacem Para Bellum.

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

White paper

Log Management: How to Develop the Right Strategy for Business and Compliance

This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.

Download now! »

White paper

The Essential Series: Security Information Management

Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.

Download now! »

White paper

Aberdeen: Choosing and Consuming Managed Security Services

Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.

Download now! »
©1994-2010 Infoworld, Inc.