November 01, 2011
Debate

Debate: The recent arrests of cybercriminals will drive others to think twice before launching attacks.

Edy Almer, VP, marketing & business development, Safend Cyberthreats are on the rise, and while security technology and policies have significantly improved, so have the attackers' focus and tools. Many organizations, including some of the leading security vendors, such as RSA, Kaspersky, Comodo and others, recently have been breached. To many it may appear that we are losing to the hackers, as defense lines fall one after the other. However, the success of defense contractor Northrop-Grumman to withstand continuous attacks, as well as the recent arrests of international hackers, point out that even if attackers manage to get through a company's defenses, they inevitably leave behind a forensically acceptable digital trail. If one has a decent forensic collection tool in place, law enforcement and governments around the world are cooperating more fully to track attackers and bring them to justice. Highly publicized cases, like TJX and others, should serve as a deterrent, and remind would-be hackers that cybercrime, in the end, does not pay.

Rich Baich, principal, Deloitte & Touche

Arrests are good because it makes a crime – which is often done from a location 10,000 miles away from the scene of the crime – less surreal. However, cyber attribution continues to mystify many forensic investigators, while also misdirecting law enforcement. The improved arrest rates have driven cybercriminals to gather additional open source intelligence on their targets, resulting in improved target validation with less collateral detection capability for law enforcement to capitalize on. Once one cybercriminal learns of the technique used to arrest another cybercriminal, they use that information to improve their craft, making that capture-detection potentially useless. Cybercriminals are using our published laws, techniques and standard-published incident response protocols to vary their techniques to either cause a novice incident responder to believe they found root cause or to evolve their exploit to circumvent published capture techniques.




From the November 2011 Issue of SCMagazine »
Similar Articles