Does this really apply to cyber crime?
This past week at the Gartner Security and Risk Management Summit, I had the privilege and honor of co-presenting with the FBI special agent that helped orchestrate the shakedown of Gribodemon. Gribodemon aka, “Aleksandr Andreevich Panin,” is/was a hacking demigod from Moscow and ultimately the brain behind one of the most elaborate banking trojans in the history of cyber heists. He authored a well-crafted package known in the shadow economies as “SpyEye.” It steals banking credentials, personal information and other logins from an infected system. If you haven’t checked out his story yet in USAToday, I would highly recommend the read as well as watching the short video vignette. The bust was brilliant, and we applaud all of the parties involved in bringing this kingpin to justice.
Panin will go down as one of the most brilliant malware architects in the business. He is a mastermind with a keen sense for engineering sophisticated programs. The end goal of his art was to circumvent both consumer and business defense mechanisms as well as pilfer their personal and sensitive data. It took many years, and the cooperation between several groups of public and private entities, but finally, justice was served with his arrest while on holiday in the Dominican Republic. He pleaded guilty in late January of this year. Needless to say, the Russian Federation felt compelled to issue a warning on their foreign affairs web site to all Russian citizens traveling abroad,Encouraging them to take heed for the possibility of US law enforcement “kidnapping” them based on “shaky” evidence. In this case, most of the named extradited Russian citizens were in the business of cyber crime. Panin must have felt the evidence was strong enough to plead guilty. Needless to say, many argue that these “cyber guns for hire” are often treated as national security assets and maintain special governmental privileges in addition to their day jobs of making millions off of cyber crime victims.
Lately, it has occurred to me the old adage, “Don’t do the crime if you can’t do the time” no longer significantly applies to fighting cyber crime, and cyber espionage for that matter, under our current law enforcement model. Advances in cyber crime have outpaced the ability to fight it with traditional law enforcement capabilities and skills. Indictments for the NASDAQ attacks coming out of New Jersey last year or the recent May cyber espionage indictments from the US Department of Justice regarding Chinese military hackers are helping send a message but doubtful to result in extradition and/or formal prosecution in the near term. Clearly, it was a step that needed to be taken but one in a very long list of actions.
The cyber crime-fighting model is morphing but being lapped by our adversaries. No one appreciates the efforts of our law enforcement officers and officials more than I do. However, we are playing massive catch-up. It can’t scale without the concerted effort of public/private partnerships and the leveraging and sharing of threat intelligence across industry verticals and public sector. In an age where you can rob millions of households while you sleep via weaponry like SpyEye, evidence collection and processing has to be at Internet speed, timely, ubiquitous and factual. Cybersecurity education that is easy to understand for the masses is essential. If the legacy cyber security model wasn’t easily understood, how can we quickly educate everyone on the new approach? Next generation threat defense tactics about reducing their risk as well as the businesses and governments they work for?
While preparing for the Gartner conference and subsequent talk with the FBI, it occurred to me that companies like Trend Micro and their dedicated team of Forward-Looking Threat Researchers are working hard to turn the tables on cybercriminals and level the playing field. Additionally, law enforcement is taking a new approach at shutting down the elaborate crime syndicates in cyberspace. It is through this commitment of collaboration with public entities like Interpol, Europol (Ransomware and Project 2020) and the FBI, that is helping change the crime-fighting paradigm. It is paramount to share threat intelligence, attack telemetry as well as train the next generation of cyber warriors. Today, nefarious activities may be predominately in Eastern Europe and China, but we are constantly evaluating emerging markets in Brazil and Africa as the next major hotbeds for cybercrime. All of these factors are essential in order to compete in today’s cyber theater and bring real substance back to the saying “Don’t do the crime if you can’t do the time.” Cyber crime should not pay… Please check out more intelligence and examples of public/private collaboration here in Trend Micro’s cyber crime underground series.
Please add your thoughts in the comments below or follow me on Twitter; @jdsherry.