US White House Takes Steps Against Cybercrime; Are They Enough?

Earlier this week, the White House announced the creation of a new intelligence unit that will address the growing problem of cyber attacks and data breaches. The unit, which will be named the Cyber Threat Intelligence Integration Center (CTIIC), is touted to be an answer to the US government’s lack of an entity “responsible for producing coordinated cyber threat assessments”. The CTIIC will be tasked to rapidly pool and disseminate data on data breaches, while coordinating with other agencies also tackling cyber threats.

The fact that governments—especially that of a country like the United States—are now stepping up to deal with cybercrime and its perpetrators through efforts like these is always good news. As we’ve seen with the attacks on Sony and Anthem, not only are cyber-attackers becoming more sophisticated in their malicious activities, but they’re also becoming much more intrusive and destructive, affecting real-world operations and livelihoods.  But as we’ve always stated, combating the real-life consequences of cybercrime needs more than just a dedicated task force or a police unit. There are two main reasons why:

• Cybercrime has no borders or physical boundaries. It’s a type of crime that lets culprits from different locations be thousands of miles away from their victims. A cybercriminal in Russia, for example, can have colleagues in the Ukraine, use servers in the United Kingdom, and target users in the United States. This obviously makes it difficult for them to be prosecuted, as local police often do not have jurisdiction outside a country’s borders.
• Tackling cybercrime requires specialized resources and expertise. Tracking down cybercriminals require a very different set of skills and resources that many law enforcement agencies lack. Keeping the peace in their respective jurisdictions, after all, is already a handful. That, in itself, takes most of their own trained personnel and resources.

These two reasons are why we at Trend Micro have taken our role of fighting cybercrime beyond simply passively handing over information to police. We have been actively working alongside law enforcement groups such as Interpol and the Japan Metropolitan Police Department to bring cybercriminals to justice. Our aim is to not simply provide antimalware solutions or block domains of malicious websites, but to actively participate in the identification (and apprehension) of cybercriminals themselves.

We have already had successes in this endeavor, with our efforts not only being integral to the arrest of a notorious figure central to 2013 ransomware attacks, but also receiving commendations from the law enforcement agencies we’ve worked with. This proves that collaboration with law enforcement works. We encourage other security vendors in the private sector to also help out.

Security researchers do more than simply bridging the gap between the technology of the cybercriminals and the law looking to bring said cybercriminals to justice. They bring to the table perspectives, skills, and information that are indispensable in identifying culprits. From in-depth threat information sourced from their own companies’ operations, to information direct from the cybercriminal underground, security researchers can provide law enforcement agencies with all the data and evidence they need to arrest cybercriminals wherever they may hide.

In summary, the US government’s efforts in recognizing the true threat that cybercrime presents is a step towards the right direction. However, we urge that they also seek to work more closely with private security entities in order to leverage the key resources integral in bringing cybercriminals to justice. We also urge our fellow security providers to reach out with law enforcement agencies in their own countries, to combat the two reasons we’ve stated above. After all, we’re all in pursuit of the same thing: making the Internet a safer place for everyone. Shouldn’t we all do our part?