Last week Dark Side's Site Editor, Tim Wilson, wrote a blog "Firewalled - One Bite Is Not Enough" that made me very depressed. Attending last week's Visa Security Summit, he describes the current law enforcement attempts to catch the bad guys. What he wrote, while I know all this, depresses me to read.
Here are some article quotes that should make you depressed too:
"..that U.S. law enforcement agencies seldom attack computer crime in any sort of coordinated, nationwide fashion. Almost everything is still being done regionally."
"Internationally, the problem appears to be even worse. During the presentation, a discussion of the prosecution of international computer criminals quickly devolved into an explanation of jurisdictions and extradition treaties. One of the speakers essentially said that Interpol, the organization that's supposed to be coordinating cross-border crime investigations, is all talk and no action."
"All four of the speakers conceded that they investigate only a fraction of the cases that are reported, because only that fraction has a chance to result in arrest and conviction. If it's unlikely that the cops can find the criminal -- or if they anticipate having trouble prosecuting the case -- they simply don't even look into it. "We just don't have the resources," two of the speakers said."
"So the average Russian spammer today is sitting pretty. Even if U.S. or U.K. officials could find him, which is no easy task, they probably wouldn't have the resources to pursue an arrest. And even if they did find him and arrest him, they might not be able to extradite him -- or they might not be able to build a case that resulted in a prosecution in another country's courtroom."
"When we polled black hats about their attitudes last month, fewer than 3 percent of respondents said they worry about getting caught and ending up in jail. Four percent said they worry they might get caught, but they doubt they could be convicted. Five percent said they know getting caught is a possibility, but they don't worry about it."
"...it appears that today's computer cops are more bark than bite."
Bottom line: Don't expect law enforcement officials to protect your enterprise. Absolutely make sure you have a layered identity authentication defense in place.