Why Can’t We Catch Hackers?
It’s an easy enough question, but one for which the answer is very complex and multi-faceted: why can’t we catch cybercriminals? With all of the technology at our disposal, why is it still so hard to find the people perpetrating the hacking, data breaches, fraud, and scams?
First, the good news: we do catch them from time to time, apparently at a greater rate than we once did. When VTech’s Learning Lodge was hacked, compromising the personal information and photographs for more than ten million children and adults, an arrest was made in the UK within a short time. The hacker believed to be responsible first bragged about the attack in an online forum, but did so by way of stating that he only wanted to expose the security weakness of the site so parents would be better informed.
More recently, a distributed denial-of-service attack shut down about a dozen major websites for part of a day last October. By that afternoon, internet speculation about who could be behind the attack ran rampant, largely based on well-informed sources pertaining to prior hacking activity. The event is still being investigated and its implications aren’t fully clear, but already two hackers have come forward in online forums to claim responsibility for it. While no arrest has been made, some of the methods, motives, and even potential for future attacks have come to light.
In some cases, the crime is somewhat accidental and the responsible party cooperates with the police. That was the case for one would-be hacker who temporarily crippled a 911 system with a DDoS attack at the end of October. He tweeted out a link to a malicious code his friend had discovered, and thousands of people clicked it. The end result was hundreds of phones auto-calling 911 and flooding their system.
One of the major obstacles in finding and prosecuting cybercriminals is the international nature of the crime. A hacker can be literally anywhere while an attack is organized and implemented, and as past law enforcement efforts have shown, without the cooperation of the hacker’s country of location, it can be very hard to bring someone to justice. With so many recent data breaches being blamed on “state-sponsored” foreign operatives, it can be hard to get that cooperation.
Of course, the available technology that lets cybercriminals mask their activities and locations make it even harder to find them. Parts of the internet known as “the dark web” and tools like VPNs and untrackable web browsers make it easier for hackers to operate right under law enforcement’s noses.
There have been huge strides in locating these criminals in the past few years, and even more headway in enacting laws that allow officials to prosecute them when they are found. Increased awareness of cybercrime and different steps to reduce the risk have also helped protect the public.
Read next: Medical Data Breaches Come with High Risks