Working With Law Enforcement In 2014 And Beyond
Last December, I spoke at a cybersecurity summit sponsored by the International Telecommunications Union (ITU) in Baku, Azerbaijan. I was there to discuss one thing that Trend Micro will focus on in 2014 and beyond: how we can we work together with law enforcement to stop cybercrime.
One may ask, why does law enforcement and the security community need to work together to stop cybercrime? It’s because neither group, working alone, can protect users and stop cybercrime.
For various reasons, police agencies don’t always deal well with cybercrime. For one, the scale of cybercrime is larger than physical crime. A gang of pickpockets stealing wallets can only target so many people in a day; a cybercriminal can victimize thousands of users in a matter of seconds.
In addition, many police agencies don’t have the skills to effectively track down and investigate cybercrime. Tracking down cybercriminals requires a very different skill set from traditional policing, which limits the abilities of law enforcement to go after cybercriminals. It also takes resources and trained personnel, which are, in many cases, in very short supply.
Trend Micro has spent considerable energy in building excellent working ties with law enforcement agencies such as Interpol. This allows us to work in direct partnership with these agencies and become a key part of investigations. Our role in these investigations is beyond just passively handing over information to police; instead we work actively with investigators to figure out what information they need as part of their investigation.
In some ways, it’s as if our researchers have been deputized to work side by side with police. The investigations are no longer the responsibility of police themselves; to combat cybercrime effectively requires the private industry and police to work side by side. For that to happen, there has to be large amount of trust between us and agencies, and I am proud to say that in many cases we have built up that trust and effectively conduct investigations together.
Both our researchers and police have to be on the same page when it comes to the objective. Our goal is the same: to put cybercriminals behind bars. We do not focus on “technical” solutions such as shutting down servers, or taking down botnets, or seizing domains. One might even argue this is counterproductive in the long term, as it means that cybercriminals will be pushed to use more sophisticated tactics and more concealed infrastructure, making investigations more difficult. This is something we noted in our 2014 predictions.
We believe that in order to fully protect our customers, efforts have to be focused on arresting cybercriminals. Taking down their infrastructure is, at best, a short-term solution: cybercriminals can easily rebuild their infrastructure and recover from any “takedown” relatively easily. To really stop cybercrime, the “threat actors” – cybercriminals – have to be the ultimate target.
This is not always an activity which makes the headlines or spawns press releases. However, we do believe that moving forward, this is the best way to protect our customers and the Internet as a whole.