Computer crimes are escalating at a rate consistent with the growth of the internet, said Dominique Brezinski, technical guru at In-Q-Tel, a nonprofit technology incubator in Menlo Park, California, formed by the CIA. "The ability to steal small items such as digital assets is extremely attractive."
But the complexity of such crimes is exceeding the ability of law enforcement agencies to prosecute them, he said. Brezinski noted, for example, that there are only 12 computer crime agents among federal, state and local agencies in his native state of Washington. Yet these crimes can be among the most lengthy to investigate because of the difficulty in amassing evidence.
It can be often difficult even to tell when a system has been hacked. And investigators have little forensics software at their disposal.
Historically, law enforcement officials have used disk analysis tools to search suspect computers for illegal material. Such tools might work well for laptops and desktops but don't scale to analyse, say, an internet service provider's terabyte storage farm.
Just using disk space analysis on that storage, "we'd be analysing it for the rest of our lives", said Brezinski. "There are almost no tools for doing forensics analysis on Unix, and I've never even heard of such tools for mainframes."
Brezinski argued that many companies should adopt a "homestead" metaphor and defend their own turf. He suggested that suing hackers might ultimately be a more expeditious way to curtail individual hackers' behaviour, since a malicious hacker "would probably spend more time encumbered by (being sued) than for any time served."
But for now, without good forensics tools, it's hard to gather information of sufficient quality to hold up in court.
And when those tools do exist, response time is critical, Brezinski noted. "Many sources of computer evidence are highly volatile," he said. An internet service provider can't just mirror a 1-terabyte system it thinks might have been compromised and wait until law enforcement agencies show up to analyse it. But for now, they may have to.