One of the first questions people have when you hear the scope of the cybercrime problem is why is no one stopping this? Given the amount of money companies lose, it should be a huge priority and typically it is. However, there are many complications that make it very difficult to prevent and catch people that are committing these crimes. Less than 1% of Cybercrimes see a law enforcement action taken against the attackers, making it one of the hardest crimes to persecute. Here are some of the main reasons why this happens:
1. Legal Jurisdiction
Since cybercrime occurs over the internet, a hack in the United States can be conducted by people in China, Russia, North Korea and so on. The problem this creates is that the law enforcement of the United States may not have authority to act in that country even if they have concrete evidence. They will have to work with the law enforcement of the country that the person resides in, which can be a long tedious process that is only acted on if the crime is very severe. Also, consider that if the United States and the country at hand has bad relations such as North Korea the situation becomes even more complicated and less likely to result in any type of arrest. Many people realize this and will conduct hacks in countries that don’t have extradition rights in their home country and they can significantly reduce the chance of them being prosecuted.
2. Global Scope
The fact that cybercrime occurs on a global scale itself significantly increases the overhead and the amount of resources required to prosecute someone on a cybercrime. The process of tracking down where someone is in the world and then organizing the resources to go get that person is a large burden especially given the amount of attacks that occur everyday.
3. Underreporting of attacks
Many companies simply don’t report cyberattacks to the police when it happens. In 2016 the FBI’s Internal Crime Complaint Center (IC3) estimated that only 15% of victims actually report their cybercrime. The main reason given was “what’s the point?”, given the difficulty of catching the criminals most people expect that nothing will happen and don’t bother to report it.
4. Gathering evidence is difficult
Courts and juries are well designed to handle traditional crimes. There’s a good understanding of how evidence needs to be collected, handled and what the standard is for a conviction. However, with cybercrime it can become pretty complicated and it’s not something that most people are well versed in. Computer forensics, which is the scientific application of investigation and analysis to gather and preserve evidence from a computing device is a relatively new area. There aren’t clear guidelines to prove that someone was responsible for a cyber crime. You need to be able to prove that the person in question was behind the computer and the one responsible for doing whatever actions they are accused of. Which requires you to find and correlate IP addresses, link that to a device owned by the user and much more. Then you must be able to convince a jury of that, that most likely won’t have a very solid understanding of how computer systems work.
The process of catching and persecuting can be a very complicated and resource intensive process. To add to that most countries have a cybersecurity deficient in their labour force. Canada for example is estimated to be short 8,000 cybersecurity professionals by 2021 and the world is expected to be in a deficit of 1.8 million by 2022. The result being that most hackers will never get caught. As long as this continues it will continue to encourage people to continue this behaviour because of the potential monetary gains with relatively low risk.