Catching Cyber Criminals

Computer crime is changing as the Internet becomes a vital component of everyday life. So how do cyber cops keep up with it?

Over the past few years, the number of crimes involving computers and the Internet has exploded. Given the technological nature of these crimes, some unique challenges are involved in tracking down the perpetrators. For instance, cyber criminals often use secure software to remain anonymous -- and even if they're identified, their activities can be based in countries that don't prosecute such activity. As a result, catching them requires technically trained investigators, who must coordinate with international partners, using a blend of high-tech and low-tech tactics.

Chris Painter is deputy chief of the Computer Crime and Intellectual Property Section of the U.S. Department of Justice. He oversees a team of 22 lawyers involved in all aspects of computer crime, from denial-of-service attacks to attacks on computer networks. Recently, he shared some insights into computer crime and how the criminals are caught.

Technology Review: How are computer crimes changing? Has any one type of crime become more prevalent than others?

Chris Painter: When I started doing this, society wasn't as dependent on computers and computer networks as it is now. The kind of attacks we saw were more singular -- they used to be the result of lone gunmen, if you will, who were more interested in doing it to show they could. But more and more we are seeing a couple things. One is a merger between the criminal groups -- the groups who were using the Internet as a new tool to reach new victims -- and the more sophisticated hackers. What that means is that these kinds of hacking attacks are more and more done for a monetary motive. And we've also seen the rise of organized criminal groups. There have been some examples recently where organized criminal groups were hacking into systems and then extorting companies.

TR: How is the technology used by these criminals changing?

CP: The kinds of technology they're often using are meant to hide their identities, by using proxy servers, secure websites, or by routing their communications through several different countries -- which is why it's so important for us to work internationally. But they're also coming up with new ways of invading people's computers and taking advantage of new vulnerabilities.

If you look at the development of "botnets" [software robots that run autonomously, usually for stealing private information], they've become much more sophisticated over time, and this is true of "phishing" [in which a criminal impersonates a legitimate party and tricks a user into sharing private information over the Internet]. So when the criminals see a law enforcement response, or even a preventative response, they just adjust their methodology. The thing that's a little different, I think, is that you don't have to be a very sophisticated person now to use these sophisticated tools. It used to be that only the cleverest hackers had access to these tools, but now they can spread them around pretty quickly, and people without much sophistication can use them, and in fact often do to launch attacks.