A few weeks ago I had the chance to ask Dave Merkel, vice president of products for Mandiant, a digital forensics company, if there was a point where investigators say "well, that's the best we can do." Apparently a lot of cybercrime cases do hit a brick wall. Merkel said it was a one-in-a-hundred or one-in-two-hundred chance that investigators get the kind of resolution that results in someone's arrest.
"The big challenge is--and this is still true today--there is no Internet equivalent to a local cop or local police agency. You work with actual local agencies and local police but they have limited resources and a lot of times their very best investigators that really become proficient in computer crime can double--if not triple--their salaries by working in private industry.
"The ability to retain the talent that can pursue those crimes is very hard. Federal agencies have a better time of retaining that kind of talent by being able to contract that kind of talent, but their focus a lot of the time is national security issues or problems that are much bigger than what might be plaguing you, particularly in a criminal context. Until it really starts crossing some serious thresholds in terms of loss or risks to national infrastructure, it can be difficult to get their attention."
"That's not a criticism. That's just an acknowledgment of reality today. There are different things that, to use an example, the FBI is focused on today. I would think everyone would know what those things are, so getting someone to pursue--I don't know, a distributed denial-of-service that took your e-commerce site offline--is going to be pretty difficult."
You can read more of Merkel's comments in this Security Watch column. And you hear more of my interview with him in this Security Bites podcast.