Rich Baich, principal, Deloitte & ToucheArrests are good because it makes a crime – which is often done from a location 10,000 miles away from the scene of the crime – less surreal. However, cyber attribution continues to mystify many forensic investigators, while also misdirecting law enforcement. The improved arrest rates have driven cybercriminals to gather additional open source intelligence on their targets, resulting in improved target validation with less collateral detection capability for law enforcement to capitalize on. Once one cybercriminal learns of the technique used to arrest another cybercriminal, they use that information to improve their craft, making that capture-detection potentially useless. Cybercriminals are using our published laws, techniques and standard-published incident response protocols to vary their techniques to either cause a novice incident responder to believe they found root cause or to evolve their exploit to circumvent published capture techniques.
Debate: The recent arrests of cybercriminals will drive others to think twice before launching attacks.
From the - November 2011 Issue of SCMagazine »