A number of high profile takedowns, arrests, and prosecutions have occurred throughout the year. As I predicted for 2012, we have witnessed a tremendous amount of pressure towards the people behind computer attacks. More focus is being placed on interdicting and removing the threat-agents, the term for archetypes of attackers, instead of just addressing the vulnerabilities exploited by their attacks. Targeting the culprits behind computer attacks effectively cures the root cause instead of just treating symptoms. Individuals and groups were pursued by law enforcement agencies, security firms, and internal response teams worldwide. It is emerging as an effective and necessary practice which continues to gain momentum.
Recently, US Justice Department officials announced they will pursue criminal charges against threat agents sponsored by other nations. This is huge. It will expand the scope and depth of worthwhile investigations in areas holding the greatest potential for loss. Although laws have been in place since 1996 to protect from economic espionage, it has largely been ignored, partly due to the difficulty of proving foreign government collusion, political ramifications, and also due to the complexities of presenting a solid legal case.
With sufficient numbers of properly trained prosecutors, it may be possible to bring enough cases to into public view to have a sufficient impact and drive change. Optimally, public awareness and support is critical to address political hurdles and approve necessary funding for future prosecutions. Knowledge by current or prospective threat-agents promotes deterrence and a stigma of wrongdoing for those who are impressionable and may see such activities as attractive. Lastly, successes in prosecution will show other regional and international law enforcement agencies that this is a problem which can and should be tackled. With a growing list of successful cases, it promotes the necessary legal infrastructure and expertise to make the process more efficient. All this adds to a stronger capability to remove the elite and upcoming talent who choose to leverage technology in malicious ways at the detriment of others.
Here are some of my favorite cases for 2012:
- Arrests against the international Butterfly Botnet crime ring, responsible for over 11 million compromised computers and $850 million in losses http://www.fiercegovernmentit.com/story/fbi-announces-arrests-case-international-cyber-crime-rings-linked-butterfly/2012-12-13
- FBI "Carder Profit" sting busts people in 12 countries, dealing in stolen credit card numbers. http://tpmmuckraker.talkingpointsmemo.com/2012/06/fbi_sting_carderprofit_cc.php
- Microsoft’s Digital Crime Unit (DCU) continues to lead the charge against botnets, with impressive work against Nitol, Kelihos, and Zeus. These guys and gals are my heroes, really. http://www.microsoft.com/en-us/news/presskits/dcu/
- An international cyber scam ring was prosecuted, which had used scareware tactics to defraud $71 million by selling bogus security software after infecting systems. http://www.justice.gov/opa/pr/2012/December/12-crm-1503.html
- Sentencing of the team behind a shockingly coordinated worldwide banking attack, involving participants in over 280 cities worldwide, who siphoned over $9 million from 2100 ATM's. This involved compromised bank accounts and synchronized ATM withdrawals http://www.fbi.gov/atlanta/press-releases/2012/sentencing-in-major-international-cyber-crime-prosecution
This is just the start. Expect this list to grow significantly in 2013. I am confident as more pressure is exerted on cyber criminals, the threat landscape will thin thus allowing for resources to target those who adapt and attempt to cause the greatest harm. It is the normal cycle of criminals, technology, and justice. I can’t wait to see what interesting prosecution holds for 2013.