DOJ Needs “Additional Tools” To Fight Cybersecurity Threat from Transnational Organized Crime

Published On November 2, 2011 | By Randy Sabett | Data Security, General, International
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

In an appearance before the Senate Judiciary Subcommittee on Crime and Terrorism yesterday (Tuesday, November 1), Assistant Attorney General Lanny A. Breuer provided insight into the Strategy to Combat Transnational Organized Crime (the “TOC Strategy”).  Released by the Administration in July, the TOC Strategy provides a useful framework for improving the U.S. position against these “self-perpetuating associations of individuals who operate transnationally for the purpose of obtaining power, influence, or commercial gains.”  The objectives of the TOC Strategy are to protect U.S. citizens against various threats, including those from cybercrime.  Providing such protection, however, will require Congress to enact several legislative proposals “to better address extraterritorial threats and the increasingly global reach of transnational criminal organizations.”

While the TOC Strategy and yesterday’s testimony focused on a number of different topics, both focused on cybercrime as a common theme.  In his testimony, Mr. Breuer noted the increasing cybercrime activity by transnational criminal networks and its associated cost to consumers, which is estimated to be in the billions of dollars.  The TOC Strategy also specifically recognizes the intersection between IP rights and cybercrime.  As a result of these (and other non-cybersecurity related) issues, the DOJ developed a set of legislative proposals to address the growing issue of TOCs.

To illustrate its concerns, the DOJ first analyzed a number of “current successes” in dealing with transnational organized crime.  In the area of cybercrime, they pointed out that in November 2009, charges were filed against a “computer hacking ring” that infiltrated a credit card processor’s network (defeating encryption and other security controls) and withdrew over $9M from  ATMs in at least 280 cities worldwide.  The DOJ credited strategic partnerships with foreign law enforcement as a key reason for this and other successful efforts to capture cyber criminals.

Despite the successes, Mr. Breuer stated, problems remain, in part because “[t]he technology revolution has facilitated cyber crime, enabling those involved to access and exploit the personal information of others.”  Cyber criminals from thousands of miles away are still able to attack U.S. citizens and illegally access bank accounts or engage in fraudulent credit card transactions.  Many tools used for investigating domestic cybercrimes are not available to the DOJ for international cases.  Additionally, the penalties for cybercrime cases in foreign jurisdictions often amount to nothing more than a “slap on the wrist,” which has little or no deterrent effect.

Accordingly, the DOJ is asking Congress to enact legislation containing provisions that would improve DOJ’s ability to track and prosecute cyber criminals, particularly transnational cyber criminals.  In the area of anti-money laundering and forfeiture laws, for example, the DOJ seeks to extend its wiretap authority for money laundering offenses.  To address racketeering, their proposed legislation would add several different offenses to “the list of racketeering predicate crimes to include offenses that are prevalent in an increasingly interconnected world,” including computer fraud, aggravated identity theft, and health care fraud.

Finally, to address IP crimes, the DOJ pointed to the Administration’s “White Paper on IP Enforcement Legislative Recommendations,” which recommended sentencing enhancements in cases involving aggravated conduct, including when an IP crime “is committed in furtherance of criminal activities of local, national, or intentional criminal enterprises.”  This proposal appears to be very timely in light of recent press accounts and a report from Symantec describing attacks on over 40 companies in the chemical and defense industries where the “goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes.”

The DOJ has an unenviable job in this area.  While cyber criminals use increasingly sophisticated methods to commit crimes, the legal regime and tools to identify, capture, and prosecute such criminals have not evolved at a corresponding rate.  To address this gap between the cyber criminals’ ability to commit crimes and the DOJ’s ability to investigate and prosecute the offenders, the DOJ has identified a number of legislative proposals that will improve their ability to prosecute cybercrimes that are committed by criminals from outside the U.S.


About The Author

Randy V. Sabett joined ZwillGen as Counsel in 2011. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. Specific areas on which he focuses include information security, privacy, IT licensing, IP strategy, big data, metrics, active defense, venture capital, legislative matters, government contracting, digital and electronic signatures, federated identity, state and federal information security and privacy laws, identity theft, and data breaches. He also drafts and negotiates a variety of technology transaction agreements.