Why some cybercriminals get away
A digital forensics investigator talks about why some cases just don't ever come to conclusion.
A few weeks ago I had the chance to ask Dave Merkel, vice president of products for Mandiant, a digital forensics company, if there was a point where investigators say "well, that's the best we can do." Apparently a lot of cybercrime cases do hit a brick wall. Merkel said it was a one-in-a-hundred or one-in-two-hundred chance that investigators get the kind of resolution that results in someone's arrest.
"The big challenge is--and this is still true today--there is no Internet equivalent to a local cop or local police agency. You work with actual local agencies and local police but they have limited resources and a lot of times their very best investigators that really become proficient in computer crime can double--if not triple--their salaries by working in private industry.
"The ability to retain the talent that can pursue those crimes is very hard. Federal agencies have a better time of retaining that kind of talent by being able to contract that kind of talent, but their focus a lot of the time is national security issues or problems that are much bigger than what might be plaguing you, particularly in a criminal context. Until it really starts crossing some serious thresholds in terms of loss or risks to national infrastructure, it can be difficult to get their attention."
"That's not a criticism. That's just an acknowledgment of reality today. There are different things that, to use an example, the FBI is focused on today. I would think everyone would know what those things are, so getting someone to pursue--I don't know, a distributed denial-of-service that took your e-commerce site offline--is going to be pretty difficult."