Europe's top cyber-cop has called for a shift in focus from the prosecution of online crims to the disruption of their activities.
This comes as crooks increasingly make use of the darknet – private peer-to-peer networks such as Tor – to stay hidden and anonymous; cops find it difficult to work out suspects' true identities and proceed with prosecutions.
Troels Oerting, head of the European Cybercrime Centre (EC3) at Europol, said that 75 to 80 per cent of wrongdoing his organisation investigates is carried out by groups based in Russia. "They are out of reach and there's no extradition, so the best we can hope for is local prosecution," Oerting told delegates to the Infosec conference in London today.
"Or we need to use the good old-fashioned way and wait until they leave the country to arrest them."
"We need to move between prosecution to disruption of cybercrime," he added.
Most of the nefarious activities of the top echelon of cybercriminals is done via anonymizing darknets, and this presents particular problems for cops and g-men. "We can't just seize a computer as evidence before using EnCase to examine it. Criminals are operating from cloud services," said Oerting. "They are not using Amazon or Microsoft clouds, but their own cloud services. This makes them very difficult to trace."
Oerting called for increased information-sharing to bolster the fight against cybercrime. "When you hunt down wolves the only way is to get info from the victims in banking and retail," he said.
"But [NSA whistleblower Edward] Snowden has made it more difficult for law enforcement to hunt down the wolves," he added – implying, we assume, that crims have switched up their security to avoid the authorities following leaks on how Western intelligence operates. ®