• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Government Policy   »   Don’t Do the Crime if You Can’t Do the Time?

Don’t Do the Crime if You Can’t Do the Time?

  • Posted on:June 30, 2014
  • Posted in:Government Policy, Security
  • Posted by:
    JD Sherry (VP, Technology and Solutions)
0

Government-Building-6

 

 

 

 

 

 

 

Does this really apply to cyber crime?

This past week at the Gartner Security and Risk Management Summit, I had the privilege and honor of co-presenting with the FBI special agent that helped orchestrate the shakedown of Gribodemon. Gribodemon aka, “Aleksandr Andreevich Panin,” is/was a hacking demigod from Moscow and ultimately the brain behind one of the most elaborate banking trojans in the history of cyber heists.  He authored a well-crafted package known in the shadow economies as “SpyEye.”  It steals banking credentials, personal information and other logins from an infected system.  If you haven’t checked out his story yet in USAToday, I would highly recommend the read as well as watching the short video vignette.  The bust was brilliant, and we applaud all of the parties involved in bringing this kingpin to justice.

Panin will go down as one of the most brilliant malware architects in the business.  He is a mastermind with a keen sense for engineering sophisticated programs.   The end goal of his art was to circumvent both consumer and business defense mechanisms as well as pilfer their personal and sensitive data.  It took many years, and the cooperation between several groups of public and private entities, but finally, justice was served with his arrest while on holiday in the Dominican Republic.  He pleaded guilty in late January of this year.  Needless to say, the Russian Federation felt compelled to issue a warning on their foreign affairs web site to all Russian citizens traveling abroad,Encouraging them to take heed for the possibility of US law enforcement “kidnapping” them based on “shaky” evidence.  In this case, most of the named extradited Russian citizens were in the business of cyber crime.  Panin must have felt the evidence was strong enough to plead guilty.  Needless to say, many argue that these “cyber guns for hire” are often treated as national security assets and maintain special governmental privileges in addition to their day jobs of making millions off of cyber crime victims.

Lately, it has occurred to me the old adage, “Don’t do the crime if you can’t do the time” no longer significantly applies to fighting cyber crime, and cyber espionage for that matter, under our current law enforcement model.  Advances in cyber crime have outpaced the ability to fight it with traditional law enforcement capabilities and skills.  Indictments for the NASDAQ attacks coming out of New Jersey last year or the recent May cyber espionage indictments from the US Department of Justice regarding Chinese military hackers are helping send a message but doubtful to result in extradition and/or formal prosecution in the near term.  Clearly, it was a step that needed to be taken but one in a very long list of actions.

The cyber crime-fighting model is morphing but being lapped by our adversaries.   No one appreciates the efforts of our law enforcement officers and officials more than I do.  However, we are playing massive catch-up.  It can’t scale without the concerted effort of public/private partnerships and the leveraging and sharing of threat intelligence across industry verticals and public sector.  In an age where you can rob millions of households while you sleep via weaponry like SpyEye, evidence collection and processing has to be at Internet speed, timely, ubiquitous and factual.  Cybersecurity education that is easy to understand for the masses is essential.  If the legacy cyber security model wasn’t easily understood, how can we quickly educate everyone on the new approach?  Next generation threat defense tactics about reducing their risk as well as the businesses and governments they work for?

While preparing for the Gartner conference and subsequent talk with the FBI, it occurred to me that companies like Trend Micro and their dedicated team of Forward-Looking Threat Researchers are working hard to turn the tables on cybercriminals and level the playing field.  Additionally, law enforcement is taking a new approach at shutting down the elaborate crime syndicates in cyberspace.  It is through this commitment of collaboration with public entities like Interpol, Europol (Ransomware and Project 2020) and the FBI, that is helping change the crime-fighting paradigm.  It is paramount to share threat intelligence, attack telemetry  as well as train the next generation of cyber warriors.  Today, nefarious activities may be predominately in Eastern Europe and China, but we are constantly evaluating emerging markets in Brazil and Africa as the next major hotbeds for cybercrime.  All of these factors are essential in order to compete in today’s cyber theater and bring real substance back to the saying “Don’t do the crime if you can’t do the time.”   Cyber crime should not pay…  Please check out more intelligence and examples of public/private collaboration here in Trend Micro’s cyber crime underground series.

Please add your thoughts in the comments below or follow me on Twitter; @jdsherry.

 

 

 

Related posts:

  1. Trend Micro threat defense experts assist FBI’s successful prosecution of “SpyEye” malware creator
  2. The rise of state-backed cyber crime and security
  3. Cyber crime results in real punishment
  4. The state of cyber crime in the U.K.

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.