How many cybercriminals are caught is a question that we should all understand. Can cybercriminals and entities supporting their activities be caught, held accountable, and prosecuted? What more can countries do to increase cybercrime conviction rates?
It is pertinent to answer these and other pressing questions since a growing cybercrime wave affects all global economy sectors and threatens international security. Despite the rising cybersecurity threats, a serious gap exists in how law enforcement agencies respond to adverse cyber incidents.
The past decade has seen a significant increase in hacks and data breaches as cybercriminals embrace sophisticated technologies and malware programs more and more. Some renowned companies have been victims of huge data breaches and continue being plagued with numerous cybercrime events.
For instance, Equifax suffered a vast data breach that affected more than 147 million customers. The attackers managed to access sensitive information like social security numbers, credit card data, dates of birth, and home addresses. The company also incurred huge losses of up to $671 million in a class-action lawsuit settlement with the affected customers.
But how many cybercriminals are actually caught?
The primary danger of cybercrime is that a guilty criminal is rarely caught or prosecuted. Subsequently, the low conviction rate leaves governments and businesses vulnerable to multiple targeted attacks.
According to the Third Way think tank, an approximated 0.3% of all reported cybercrime complaints are enforced and prosecuted. It translates to 3 out of 1,000 malicious cyber incidents that are arrested and prosecuted. The large cybercrime enforcement gap gives malicious cyber actors the confidence to engage in nefarious activities without the fear of being caught, prosecuted, or punished. Moreover, a large percentage of cybercrime victims do not report the cases, and the enforcement gap may, therefore, be lesser than 0.05%.
Mark Lanterman, the CTO of Computer Forensic Services, made a similar observation by estimating that less than 1% of hackers get caught and convicted. Catching a cybercriminal can be compared to locating a needle in a haystack, where the needle might even not exist. Good hackers understand the evidence generated upon executing a specific attack and will go to great lengths to ensure the evidence is non-existent. As a result, many businesses may be hacked and remain unaware that they have been compromised.
Even if the hackers leave traces of evidence, it is usually insufficient to identify the responsible group or individual. In addition to computer forensic evidence, law enforcement agencies often rely on interviews with security professionals, which poses numerous challenges in identifying a cybercriminal. In 2014, the Justice Department announced the arrest of 90 individuals involved in a Blackshades malware case. The investigation required the cooperation of 19 countries, hundreds of searches in Canada, the US, and Europe, and it took two years to complete.
It is also worth noting that cybercrime has escalated significantly in recent years, as more individuals begin the vice for monetary rewards. Recent research found that some cybercriminals earn up to $2 million every year, while others earn between $40,000 and $1 million annually. However, attackers spend as much time planning for and designing their malicious activities as they devise methods of remaining stealth and under the radar. The dark web provides hackers with a perfect platform for engaging in various cybercrime activities, further increasing the difficulties in apprehending them.
For example, fraud and cybercrime have become the most prevalent offenses, where 10% of the population have been victims of various hacks. At least five and a half million cyberattack incidences occur every year, accounting for nearly 50% of the total UK crime. Despite the massive scale of the issue, at least 80% of the crimes go unreported to law enforcement such that cybercriminals are rarely apprehended or prosecuted.
Furthermore, hackers use sophisticated measures to cover and hide their tracks. Most police forces cannot uncover the tracks due to the scarcity of required technology and resources. An estimated 5% of cybercriminals get caught and punished for their crimes, demonstrates the challenges law enforcement goes through to arrest and prosecute the offenders.
Why it is difficult to catch and prosecute cybercriminals
For malicious cyber actors, the notion that crime doesn’t pay is laughable since Internet crime has spiraled to unprecedented levels. It has become more lucrative than ever as cybercriminals become more confident that there are lesser risks of being apprehended. Hackers usually use sophisticated tactics and secure software to remain anonymous and cover their tracks. For example, cyber adversaries use tools like proxy servers to conceal their identity, funnel communications and bounce their IP addresses across multiple countries and locations to evade detection, and use technologies like Tor and VPN encryption to mask their identities. The combined use of technologies allows hackers to execute high-profile crimes without being detected. Other reasons why it is challenging to catch cybercriminals are as follows:
Jurisdiction challenges are a leading barrier to arresting and prosecuting cybercriminals. Many hackers commit cybercrimes while located in a different country or in locations where prosecutors and judges lack legal jurisdiction. It is challenging enough to oversee a successful prosecution of cybercriminals within the same jurisdiction as the victim, but nearly impossible when both are in separate locations.
In many cases, law enforcement may gather sufficient legal evidence and verify the perpetrator’s location and identity but lack the legal permission to arrest the individual. While some nations have established reciprocal, cross-boundary legal rules with their cyber allies, some countries fail to participate. Jurisdiction barriers make it extremely challenging to catch and prosecute cybercriminals.
Many Cybercrimes are Unreported
Most victims of online cybercrimes never report them creating challenges in tracking and arresting cybercriminals. It is understandable why people fail to report them as most are unaware of where to report, and if they do, they rarely get a positive report. Failing to report cybercriminals makes it hard to keep an accurate count of solved cybercrimes. It also denies law enforcement the opportunity to collect evidence required to track and prosecute masterminds behind an attack. Unreported cybercrimes highly contribute to the low numbers of caught cybercriminals and a lower prosecution and conviction rate.
Inability to Prosecute
It has taken decades for legal systems and law enforcement agencies in developed countries to get up to speed on how to prosecute cybercrime. Many countries, especially underdeveloped ones, lack strong legal systems and equipped law enforcement departments to catch and convict cybercriminals.
On the other hand, those with established systems have had to commit a tremendous amount of resources to train law enforcement officers to identify different types of cybercrimes. They have also had to overcome challenges in gathering and preserving forensic evidence effectively and hiring, retaining, and training specialized cybercrime investigators. After years of runaway cybercrime, it is only now that nations are beginning to comprehend how to arrest and prosecute individuals involved in various cyber crimes successfully.
Challenges in Collecting Legal Evidence
While many investigators believe in their ability to collect digital legal evidence that might lead to a cybercriminal arrest, the evidence may not hold up in court. Unquestionable cybercrime evidence is difficult to collect. For instance, it is possible to collect an accurate log showing the presence of an unauthorized intruder breaking into a system. The log data can be copied and presented to the police, but it might not withstand a defense attorney’s cross-examination.
The log data may raise questions in court, such as: What if someone tampered with the log file? Who was authorized to access the log file? How can it be determined that the date time stamp is accurate? What if the IP addresses were faked? And so on. Whenever there is an arrest, law enforcement officers and cybercrime investigators must ascertain that the evidence presented in court is foolproof and can hold up.
Recommendations for reducing the enforcement gap
The world must be prepared to not only identify cybercriminals but also to bring the criminals to justice. The following recommendations can assist in catching and prosecuting more cybercriminals to reduce the wide enforcement gap:
Rump up Efforts for Identifying Responsible Individuals
Failure to identify cybercriminals inhibits the ability to capture and prosecute them. Identifying the individuals responsible for an attack is usually tedious and requires the input of multiple investigators, cybersecurity experts, and law enforcement agencies. Technologies like VPNs, advanced encryption, and TOR networks enable malicious hackers to mask their identities. Other machine learning tools assist in reconnaissance and information gathering methods such that cyber actors can execute attacks with a high degree of precision and accuracy. Therefore, identifying the criminals requires closer cooperation between the victims and all involved parties in apprehending perpetrators.
Nations can achieve cooperation by allocating technologically advanced resources used in cyber investigations to enhance attribution levels. Furthermore, building and maintaining alliances improves information-sharing mechanisms and procedures, streamlining processes for identifying individuals involved in cybercrime.
Adopt a Carrot and Stick Approach
Some cybercriminals may be difficult to catch if they have organizations and nations that provide a haven. A carrot and stick approach is a comprehensive strategy that can facilitate the apprehension of cybercriminals. In such an instance, the carrot means using a reward-based scheme to provide an incentive for sharing information to apprehend malicious hackers. The stick is enforcing targeted sanctions on perceived cybercriminals and possible organizational or nation-state sponsors. Using both strategies can enable a country to begin imposing various consequences even if a cybercriminal remains at large.
Reforms in International Coordination and Cooperation
All countries must transform their law enforcement domestically and internationally. Since the inception of the Internet, bureaucratic hurdles have repressed attempts to identify and apprehend cybercriminals due to the involvement of multiple jurisdictions.
Numerous countries and law enforcement agencies face numerous challenges in getting international partners to cooperate in tracing or arresting a cyber adversary. Cyber threats are globalized and require deliberate and dedicated coordination and leadership to achieve international cooperation to minimize the enforcement gap. Countries must engage effectively in cyber incidents calling for international coordination in the efforts of catching a cybercriminal.
Enhance the International Capacity for Catching Cybercriminals
Successful prosecution reduces the enforcement gap but depends on how many cybercriminals are caught. The law enforcement of almost all countries barely makes a dent in fighting the cybercrime wave, which is why it is essential to build a greater enforcement capacity on the international stage. In this regard, countries with advanced technological innovations, such as the US, China, and Russia, must expand their support in building and realizing a global cybercrime enforcement capacity. They can provide help in building capacity through international judicial programs, development, and strengthening diplomatic relations.
Examples of Arrested cybercriminals in 2020
1. On September 30, a Russian national, Yevgeniy Nikulin, was found guilty of hacking Formspring and LinkedIn in 2012. The perpetrator stole credentials and information belonging to more than 100 million Americans. The hacker was sentenced to a 7-year jail term.
2. Authorities in Poland announced the apprehension of four suspected hackers in a coordinated strike targeting cybercrime. The operation consisted of cooperation between the Regional Prosecutor’s Office in Warsaw, cybercrime departments in Europol and provincial police headquarters, and the Polish Police Centre Bureau of Investigations.
3. Global security agencies cracked down on various individuals who use the dark web to sell illegal goods. At least 179 vendors involved in the illicit trade were arrested in an operation codenamed DisruptTor. The operation was successful since it comprised of complementary but separate operations by European and North American authorities.
4. A British national, Nathan Francis Wyatt, was sentenced to five years in prison for assisting a group known as The Dark Overload to steal information from various US companies. The suspect pled guilty to conspiring to commit fraud and participating in aggravated identity theft. He was further ordered to pay a restitution amount of $1.5 million. This and the examples mentioned above demonstrate that the provided recommendations on reducing the enforcement gap of cybercriminals are effective.
I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today’s business environments.