‘We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime’
Enigma A plague of ignorance and misplaced priorities in government and law enforcement, from neighborhood cops all the way up to international bodies, is allowing cyber-crime to run rampant.
So says Mieke Eoyang, long-time US government policy adviser and veep of the national security program at Washington DC think tank Third Way. Speaking at the 2020 Enigma conference in San Francisco on Wednesday, Eoyang made the case for allocating time and money to finding and snaring internet crooks, hauling them into court, and shutting down this criminality. In other words, proactively tackling criminals, rather than relying on fending off attacks.
After citing figures from Uncle Sam that show only three in 1,000 cyber-crimes are actually prosecuted – the actual ratio could be closer to three in 100,000 as the FBI tends to underestimate the extent of cyber-crime, she explained – Eoyang said police and agents are not told to go after online fraudsters nor given the training and resources to do so anyway.
“We continue to blame users for not avoiding clicking on every phishing link,” said Eoyang, a former staff director for the US House of Representatives Permanent Select Committee on Intelligence.
“When a breach becomes public the response all too often is to blame the victim company. We are focusing on defending systems over identifying, pursuing, and bringing to justice the person behind the cyber-crime.”
The problem, Eoyang argued, is not a lack of people-power or money, but rather a set of misplaced priorities and ignorance at the city, county and state level. Officers lack the basic skills to pursue online crimes, instead handing cases off to overworked and undermanned specialized cybercrime units.
As a result, in many cases, cybercrime falls through the cracks, considered too big for your neighborhood plod and not significant enough to catch the attention of elite federal or national cyber-crime investigation teams.
One easy solution would be to expand the skill set of rank-and-file officers to include basic IT and data security techniques, she opined.
To catch a thief, go to Google with a geofence warrant – and it will give you all the details
“This is an overlooked area that is very specialized in the FBI and not something they all know about,” Eoyang said. “We need to rebalance resource investment in this area, we need to build cyber investigation-capable law enforcement.”
There is also the matter of international cooperation, and in that area authorities need to be a bit more creative.
For example, Eoyang pointed out that even though an online criminal may be shielded from extradition by operating out of somewhere like Russia, they almost inevitably expose themselves to arrest when they opt to spend their ill-gotten gains in Malta, Israel, and high-end destinations. To that end, building diplomatic ties and getting cooperation from law enforcement in other countries will be critical.
One area where Eoyang doesn’t see the need for the government to step up its efforts, however, is busting encryption. Drawing applause from the crowd of security professionals in attendance, the former congressional staffer declared that Feds-only backdoors are simply not the way to go.
“This [strong end-to-end encryption] is not the only thing that stands in the way of their ability to investigate,” she said. “They don’t even know how to write a proper request to the tech companies for the information they already can access.” ®