A recent report shows the global cost of cybercrime is greater than the combined effect on the global economy of trafficking in marijuana, heroin and cocaine. That staggering statistic underscores the need for the industry, academic community and law enforcement – those working to combat cybercrime – to come together to share ideas and strategize on ways to fight the threat and make the online world safer for everyone.
That’s one of the reasons the Microsoft Digital Crimes Unit hosts the Digital Crimes Consortium (DCC), an annual, week-long conference that provides a rare opportunity for hundreds of law enforcement officials and members of the technology security community from around the world to come together to discuss and demonstrate the latest issues facing disruption and enforcement efforts involving cybercrime worldwide. This year’s event has included 340 attendees from 33 countries around the world. The topics covered at DCC are wide ranging, including everything from analyzing targeted attacks to industry efforts, like recent botnet takedowns, and new threats like mobile malware and security challenges posed by the cloud.
In recent years, we’ve watched cybercrime evolve in ways that make it comparable to organized crime – a network of bad actors – forming an infrastructure that enables a wide variety of criminal activity. In our work to disrupt botnets, we’ve actually started analyzing online crime from a business perspective because, ultimately, the vast majority of cybercriminals are out to make money. We’ve learned that, like a developing industry, cybercrime is becoming more specialized, and in need of people with specific skillsets to make these “business ventures” successful. We believe that an important key to the fight against cybercrime is also economic: sufficiently increase the risks and costs for the cybercriminals to do business and you can make their “business” unprofitable and untenable.
At Microsoft, in cooperation with our industry partners, we’ve tackled the business of cybercrime by disrupting the cybercriminal’s infrastructure, an endeavor that not only takes the threat offline but costs the criminals time and money if they try to rebuild the criminal infrastructure. We used this approach with our partners to take out the Waledac, Rustock and Kelihos botnets. The FBI and the Department of Justice used a similar method to take down the Coreflood botnet in April. We’ve also continued to invest in a variety of technology innovations and partnerships that can aid in the effective disruption of crime. Together, we hope to spur a broad effort across industry and law enforcement to put this successful, disruptive approach to work.
Because of the anonymity enabled by the Internet, cybercrime can be committed from almost anywhere while impacting victims almost anywhere, which means the crimes often fall outside of any one single jurisdiction. Therefore, the need for cross-agency collaboration continues to be a rich source of discussion at DCC, because the challenge of fighting cybercrime is amplified by the fact that it’s essentially borderless.
Events like DCC are an opportunity to begin to address ongoing problems like this and to establish new partnerships so that all the good guys can be better, faster and more versatile. Cybercriminals are smart, innovative and motivated, but the good guys have some of the world’s most talented people doing excellent work to combat cybercrime, and they are supported by the tech industry, policymakers and consumer advocacy groups who have helped curb cyber threats through the development of safer products and by increasing public awareness of cybercrime. We believe that with continued successes in cooperation amongst industry, academic researchers, law enforcement agencies and governments worldwide, the global community has the power to turn the tide in the fight against cybercrime. In the months ahead, I look forward to reporting here on the latest efforts to disrupt the business of cybercrime, and I expect work done at DCC will be integral to those successes.
DCC would not be possible without the help of our sponsors, and we’d like to thank Cisco, the Messaging Anti-Abuse Working Group (MAAWG), Microsoft Trustworthy Computing, Neustar and VeriSign for their support.