“It's a race,” Austin Berglas, who works in the FBI's cybercrime squad, said Tuesday during a panel session at Symantec's Cybercrime Day 2009 event in New York. “Zero-days happen every day.”
But Berglas also said the good guys are finding new ways to hunt down cyberthieves, including leveraging social networking websites and international partners.
Another panelist, Michael Stawasz, senior counsel in the computer crime and intellectual property section of the U.S. Department of Justice (DoJ), said he does not disagree with Berglas, but thinks law enforcement is making considerable strides.
“I don't know that we will ever win if you define winning as stopping all crime, but we are winning – we are getting better at finding criminals and getting more people to pay attention to their own security,” Stawasz said.
In the past few years, there has been a definite increase in the amount of cybercrime, fueled by the ability of criminals to partner with one another and also, purchase what they need to commit crimes, panelists said.
Crimes such as carding – buying and selling stolen credit card numbers – have exploded through organized groups online. For example, one person writes malware code, another individual propagates the malware, and still another sells the harvested card numbers.
“Together they have capabilities that not one of them would be able to pull off by themselves,” Stawasz said.
There is no typical “cybercriminal” profile, panelists said. They range in age and income levels and, because they can buy everything they need, don't always have technical sophistication, panelists said.
Still, although incidents of cybercrime are growing, so are successful investigations and prosecutions, Stawasz said. Though the criminals are taking advantage of the opportunities the internet can provide, so are law enforcement agents. The FBI uses social networking sites, such as Facebook and MySpace, to gather intelligence about criminals, Berglas said. Agents might, for example, be able to link one gang member to another by photos they post on their profiles.
“Now we know that subject A has a link to subject D, when we couldn't prove that before,” Berglas said. “Now we have a photo of them together.”
The FBI also is using the anonymity of the web in its favor when fighting cybercriminals, panelists said. By posing as crooks or taking over the online identities of criminals they have caught, authorities are able to gather evidence and get probable cause to arrest cybercriminals.
“Law enforcement can get into the [cybercriminal] network and that's what we have been doing more and more successfully recently,” Stawasz said.
In one major cybercriminal sting operation which ended last October, FBI senior cybercrime agent Keith Mularski played the role of a spammer called “Master Splyntr” on the cybercriminal forum DarkMarket.ws. The operation resulted in more than 60 arrests worldwide.
Another recent success is more effective collaboration with international law enforcement agencies, panelists said. A few years ago, it would have been unheard of for an FBI agent to conduct a joint arrest with a foreign law enforcement agency, but it's becoming more commonplace, Berglas said.
“I see that as being a huge accomplishment,” he said.