Governments should invest more in catching cybercriminals, researchers say

Investing in law enforcement action against cybercriminals is more important than buying cybersecurity software, researchers say

Improving the ability of law enforcement agencies to catch cybercriminals should be a priority when governments decide how their cybersecurity budgets get spent, according to University of Cambridge security engineering professor Ross Anderson.

Anderson is one of seven computer researchers from the U.K., Germany, the Netherlands and the U.S. who recently performed an analysis of the costs of cybercrime at the request of the U.K. Ministry of Defence. Their findings were published in a research paper that will be presented on June 26 at the 11th Annual Workshop on the Economics of Information Security in Berlin.

The researchers split the costs of computer crimes into direct losses, indirect losses and costs associated with defending against those crimes in the future.

The defense costs stem from acquiring cybersecurity software like antivirus and firewall programs, offering fraud prevention services to consumers, implementing fraud detection systems and performing law enforcement investigations.

The study found that for more traditional crimes like tax and welfare fraud, which are increasingly performed with the help of computers, the defense costs are much lower than the amounts being stolen, which makes sense from an investment perspective.

However, for Internet-based crimes like hacking, denial of service attacks, online scams, phishing, spam and others, the defense costs are many times higher than the actual losses.

Anderson gave the example of a cybercriminal gang that ran a botnet responsible for a third of the world's spam traffic in 2010. It's estimated that this gang made less than US$3 million from their spam operation and yet, the worldwide cost of stopping spam was estimated at around $1 billion, he said.

There are multiple reasons for this discrepancy, but one of them has to do with the lack of law enforcement action against cybercriminals, the researchers said in their paper. "The straightforward conclusion to draw on the basis of the comparative figures collected in this study is that we should perhaps spend less in anticipation of computer crime (on antivirus, firewalls etc.) but we should certainly spend an awful lot more on catching and punishing the perpetrators."

"A lot of Internet crimes are perpetrated by only a small number of gangs," Anderson said. Current methods of dealing with cybercrime are inefficient, Anderson said, adding, "I think it's because many policemen think it's too hard."

The fact that many of these gangs are located in countries where cybercrime legislation is lacking or not strongly enforced should not necessarily be an impediment for law enforcement action, Anderson said. "There have been some gangs from Russia and the Ukraine who have been arrested after pressure from the British government."

"The problem at the moment is that there seems to be a very low priority for police cooperation," Anderson said. "If the governments of Britain, Germany, France, the U.S. and so on, were to make it a higher priority then the government of Russia would start to crack down on these gangs."

Western governments can also fight cybercrime by pressuring credit card companies like Visa and MasterCard into banning banks that process payments for cybercriminals, from their systems, Anderson said. "For example, almost all payments for fake Viagra go through only three banks."

The U.S. government has already demonstrated its ability to do this in 2010 when it pressured Visa and MasterCard into blocking credit card donations for WikiLeaks, the researcher said. "In the same way the banking system can be pressured into stopping processing payments for criminals."

There are particular types of cybercriminals that law enforcement agencies should aggressively target; for example, the people who write hacking tools and malware, Anderson said. In the future, law enforcement should be the priority when governments allocate more money to cybersecurity, he said.

Last year, the U.K. government allocated an extra £640 million (US$1 billion) to cybersecurity, but they gave around £400 million of this money to the U.K. Government Communications Headquarters (GCHQ), which is a technical surveillance agency, and only about £15 million to the police, Anderson said.

"This is a bad outcome," he said. "The police should have gotten many tens of millions of pounds so they could improve forensics, improve enforcement and improve their technological capabilities in general."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place