Trends in Cybercrime and Securing the Cloud: Report from the 2011 Cybercrime Conference

By TAP Staff Blogger

Posted on October 12, 2011


Share
Friday’s 2011 Cybercrime Conference examined the current trends in cybercrime, security in the cloud, and the trade-offs between sharing and securing private information. Keynote speaker, Edward Felten, Chief Technologist with the Federal Trade Commission and on leave from Princeton University, discussed why cybercrime losses continue to rise and what government can do to help address the issues. The conference, jointly hosted by the U.S. Attorney’s Office, Western District of Washington, and the University of Washington School of Law, provided presenters who spanned a broad range of organizations and disciplines: law enforcement agents from the United States Secret Service and Federal Bureau of Investigation, chief security officers and general counselors from major corporations, United States attorneys, and leading academics with expertise in privacy, business law, and criminal law.
 
TAP attended the conference and provides a summary of several of the sessions. This post includes the trends in cybercrime and thoughts on security in the cloud. Additional posts are linked to below.
 
The conference began with a look at the threat landscape of cybercrime. Jenny Durkan, U.S. Attorney with the Western District of Washington, Gordon Snow, Assistant Director of the Federal Bureau of Investigation (FBI) with the Cybercrime Division, and Pablo Martinez, Deputy Special Agent in Charge of the United States Secret Service stressed that it is critical everybody understands cybersecurity. The recent threats are being generated from Eastern Europe and are the work of sophisticated criminal organizations. Cyber attacks are initiated for two primary reasons: counter terrorism and to acquire personally-identifiable information (PII) –the latter providing a means to steal money.
 
Pablo Martinez of the U.S. Secret Service outlined that computers are used to research how to commit a crime; they are used to communicate with fellow criminals to coordinate a crime; and, they are used as attack platforms in the form of net bots. Net bots allow a criminal to control a computer remotely through malware that is left on a computer. U.S. Attorney Jenny Durkan stressed that 1 out of 10 computers are under the influence of a virus or net bot. And many computer owners don’t even know their system is infected.
 
All three speakers stressed the importance of information sharing. While no corporation wants their customers to know that their computer system has had a security breach, it is essential to report intrusions in order for the criminals to be caught and to help prevent similar attacks on other organizations. In stressing this point, the speakers concluded that the highest priority for legislative action is to pass the Federal Data Breach Law.
 
Later in the day, the discussion focused on security in the cloud. “Cloud computing” describes how computer-related services and software increasingly have been provided over the Internet and other networks (Learn more about cloud computing with TAP’s fact sheet on the topic.) Jim Dempsey, Vice President for Public Policy at the Center for Democracy and Technology, stated that the trend is a movement of data to the cloud, and a key issue is that the legal standing of the data is unclear. A piece of data or content may originate in a home computer, but be stored in a data center in a different state or even different country. Which laws of what jurisdiction apply to this piece of data?
 
Jason Weinstein, Deputy Assistant Attorney General with the Department of Justice, discussed that due to cloud technology, cyber attacks are becoming harder to detect, unraveling the links (from provider to provider) to identify the human who committed the crime, and then going through each jurisdiction’s legal process to prosecute the criminal takes time. Additionally, he said that with the cloud, evidence of the crime is often off-site, and can be quickly deleted before a detective is able to follow the trail of the crime all the way to the end.
 
Both Jim Dempsey and Jason Weinstein discussed the 1986 Electronic Communications Privacy Act in terms of striking the right balance between providing law enforcement with access to data for criminal investigations, satisfying industry interest in gathering information about its customers and users, and protecting consumer privacy. Though they spoke to this topic from their areas of expertise: Mr. Dempsey whose work with the Center for Democracy and Technology is to keep the Internet open, innovative, and free, promotes the protection of data on the Internet and in the cloud; and Mr. Weinstein whose role as a prosecutor requires access to evidence that often resides in the cloud stressed that it is critical law enforcement have the legal tools to collect evidence in crimes.

 

To read more about the 2011 Cybercrime Conference, view these posts:

 


Share