Answering these and other serious problems is critical because a growing cybercrime wave is affecting all sectors of the global economy and posing a threat to international security. Despite the growing threat of cybercrime, there is a significant discrepancy in how law enforcement agencies respond to negative cyber occurrences. As cybercriminals increasingly embrace advanced technology and malware programmes, the number of hacks and data breaches has increased dramatically over the last decade. Several well-known companies have been the victims of massive data breaches and are still dealing with a slew of cybercrime incidents. Equifax, for example, experienced a massive data breach that affected over 147 million clients. The attackers were able to gain access to personal information such as social security numbers, credit card numbers, birth dates, and home addresses. A class-action lawsuit settlement with the impacted customers resulted in massive losses of up to $671 million for the corporation.
But how many cybercriminals are actually apprehended?
The main hazard of cybercrime is that the perpetrator is rarely apprehended or penalised. As a result of the low conviction rate, governments and corporations are vulnerable to a wide range of targeted attacks. According to the research tank Third Way, just about 0.3 percent of all registered cybercrime accusations are investigated and prosecuted. It corresponds to three arrests and prosecutions for every 1,000 malicious cyber events. Malicious cyber actors can engage in nefarious actions without fear of being detected, prosecuted, or penalised because of the wide cybercrime enforcement gap. Furthermore, because a huge percentage of cybercrime victims do not report their crimes, the enforcement gap could be as low as 0.05 percent. Computer Forensic Services’ CTO, Mark Lanterman, made a similar remark, suggesting that less than 1% of hackers are detected and convicted. Finding a cybercriminal is akin to searching for a needle in a haystack, where the needle may or may not exist. Good hackers are aware of the evidence left behind after carrying out a certain attack and will go to considerable efforts to ensure it does not exist. As a result, numerous firms may be hacked while remaining ignorant of their vulnerability. Even if traces of evidence are left behind by the hackers, they are frequently insufficient to identify the offending group or individual. Law enforcement authorities frequently rely on conversations with security professionals in addition to computer forensic data, which presents various obstacles in identifying a cybercriminal. The Justice Department announced the arrest of 90 people in the Blackshades malware investigation in 2014. The investigation spanned two years and involved the collaboration of 19 countries, as well as hundreds of searches across Canada, the United States, and Europe. It’s also worth noting that cybercrime has risen dramatically in recent years, as more people turn to the vice for financial gain. According to recent research, some hackers earn as much as $2 million per year, while others earn between $40,000 and $1 million. Attackers, on the other hand, spend just as much time planning and developing their destructive operations as they do devising ways to remain undetected and undetected. The dark web provides hackers with an ideal platform for engaging in numerous forms of cybercrime, making it even more difficult to arrest them. Fraud and cybercrime, for example, have become the most common infractions, with 10 percent of the population having been a victim of various hacks. Every year, at least 5.5 million cyberattacks occur, accounting for approximately half of all crime in the United Kingdom. Despite the enormity of the problem, at least 80% of crimes are unreported to law enforcement, making cybercriminals difficult to apprehend and prosecute. Hackers also employ advanced techniques to conceal and obscure their trails. Due to a lack of equipment and resources, most police departments are unable to locate the traces. Only about 5% of cybercriminals are apprehended and prosecuted, highlighting the difficulties that law enforcement faces in apprehending and prosecuting offenders.
Why it is difficult to catch and prosecute cybercriminals
Since Internet crime has reached historic proportions, the notion that crime does not pay is hilarious to hostile cyber actors. It has grown more profitable than ever before, as cybercriminals gain confidence in the fact that they will be less likely to be captured. To remain anonymous and mask their tracks, hackers typically employ advanced strategies and secure software. Cyber enemies, for example, employ proxy servers to hide their identities, funnel communications and bounce their IP addresses around numerous countries and regions to avoid detection, and mask their identities with Tor and VPN encryption. Hackers can carry out high-profile crimes without being noticed thanks to a combination of technology. The following are some of the other reasons why catching cybercriminals is difficult:
Jurisdiction Issues
Arresting and convicting cybercriminals is hampered by jurisdictional issues. Many hackers perpetrate cybercrime while in another nation or in jurisdictions where prosecutors and judges do not have legal jurisdiction. It’s difficult enough to oversee a successful prosecution of cybercriminals when they are prosecuted in the same jurisdiction as the victim, but it’s practically impossible when they are prosecuted in different jurisdictions. In many circumstances, police enforcement may have gathered adequate legal evidence and confirmed the perpetrator’s location and identity, but they do not have the legal authority to arrest the person. While some governments have developed reciprocal, cross-border legal rules with their cyber partners, others have chosen not to do so. Cybercriminals are difficult to catch and prosecute due to jurisdictional constraints.
Many Cybercrimes are Unreported
The majority of victims of internet cybercrime never report them, making it difficult to trace down and apprehend cybercriminals. It’s reasonable that most people don’t report them because they don’t know where to report them, and even if they do, they rarely get a positive response. It’s difficult to preserve an accurate record of solved cybercrimes if cybercriminals aren’t reported. It also prevents law enforcement from gathering evidence needed to trace down and convict the masterminds behind an attack. Unreported cybercrimes play a significant role in the low number of cybercriminals apprehended, as well as the low percentage of prosecution and conviction.
Inability to Prosecute
In affluent countries, it has taken decades for legal systems and law enforcement organisations to catch up on how to prosecute cybercrime. Many countries, particularly those in developing countries, lack strong legal systems and well-equipped law enforcement agencies to capture and prosecute cybercriminals. Those with established systems, on the other hand, have had to devote significant resources to training law enforcement officials to recognise various types of cybercrime. They’ve also had to deal with issues like properly obtaining and preserving forensic evidence, as well as hiring, retaining, and training expert cybercrime investigators. After years of rampant cybercrime, countries are just now beginning to grasp how to successfully capture and prosecute individuals involved in various cyber crimes.
Challenges in Collecting Legal Evidence
While many investigators are confident in their capacity to gather digital legal evidence that could lead to a cybercriminal arrest, the evidence may not be sufficient in court. It’s difficult to gather unquestionable cybercrime proof. For example, an accurate log of the presence of an unauthorised intruder breaking into a system can be collected. The log data can be duplicated and provided to the police, but it may not hold up to cross-examination by a defence counsel. In court, the log data may present issues such as: What if the log file was tampered with? Who had permission to see the log file? How can the accuracy of the date and time stamp be verified? What if the IP addresses aren’t authentic? And so forth. When a person is arrested, law enforcement agents and cybercrime investigators must ensure that the evidence presented in court is reliable.
Recommendations for reducing the enforcement gap
Not only must the world be prepared to detect cybercriminals, but it must also be prepared to prosecute them. To close the enforcement gap, the following recommendations can help catch and prosecute more cybercriminals:
Rump up Efforts for Identifying Responsible Individuals
The capacity to capture and convict cybercriminals is hampered by the inability to identify them. Identifying the perpetrators of an attack is frequently time-consuming and necessitates the collaboration of several investigators, cybersecurity professionals, and law enforcement authorities. Malicious hackers can hide their identity using technologies like VPNs, powerful encryption, and TOR networks. Other machine learning tools aid in reconnaissance and information gathering tactics, allowing cyber criminals to carry out assaults with pinpoint precision and accuracy. As a result, identifying the culprits necessitates greater cooperation between the victims and all other parties involved in apprehending the criminals. Nations can work together to improve attribution levels by allocating technologically advanced resources utilised in cyber investigations. Furthermore, forming and maintaining coalitions enhances information-sharing methods and procedures, reducing the time it takes to discover cybercriminals.
Adopt a Carrot and Stick Approach
If they have organisations and countries that give a safe haven, certain cybercriminals may be tough to find. A thorough technique that can aid in the capture of cybercriminals is a carrot and stick approach. The carrot in this case refers to a reward-based plan that provides an incentive for sharing information in order to capture dangerous hackers. The stick is the imposition of targeted sanctions against suspected cybercriminals and potential organisational or nation-state sponsors. Even if a cybercriminal remains at large, using both tactics allows a government to begin enforcing various repercussions.
Reforms in International Coordination and Cooperation
Domestically and internationally, all governments must transform their law enforcement. Due to the involvement of various jurisdictions, attempts to identify and apprehend cybercriminals have been hampered since the Internet’s birth. Getting international allies to collaborate in locating or arresting a cyber adversary is a difficult task for many governments and law enforcement authorities. Cyber dangers are becoming increasingly global, need deliberate and committed coordination and leadership to achieve international cooperation and close the enforcement gap. Countries must engage effectively in cyber incidents, which necessitates international cooperation in the hunt for cybercriminals.
Enhance the International Capacity for Catching Cybercriminals
Successful prosecution closes the enforcement gap, but it is contingent on the number of cybercriminals apprehended. Nearly every country’s law enforcement hardly makes a dent in combating the cybercrime wave, which is why increased enforcement capacity on the international arena is critical. In this sense, advanced technical innovators such as the United States, China, and Russia must increase their assistance for the development and implementation of a worldwide cybercrime enforcement capability. They can assist with capacity building through international judicial programmes, development, and diplomatic ties.
Examples of Arrested cybercriminals
- Yevgeniy Nikulin, a Russian national, was found guilty on September 30 of hacking Formspring and LinkedIn in 2012. More than 100 million Americans’ credentials and personal information were stolen by the criminal. The hacker was given a seven-year sentence.
- Authorities in Poland reported the arrest of four alleged hackers as part of a coordinated cybercrime crackdown. The operation involved the Warsaw Regional Prosecutor’s Office, Europol’s cybercrime divisions, regional police headquarters, and the Polish Police Centre Bureau of Investigations working together.
- Various individuals who utilise the dark web to sell illegal goods have been targeted by international security authorities. In an operation dubbed DisruptTor, at least 179 vendors engaging in the illegal trade were apprehended. Because it was made up of complementary but different efforts by European and North American authorities, the operation was successful.
- Nathan Francis Wyatt, a British national, was sentenced to five years in prison for assisting The Dark Overload in stealing information from numerous US companies. The suspect admitted to participating in aggravated identity theft and conspiring to commit fraud. In addition, he was forced to pay $1.5 million in restitution. This, as well as the preceding cases, show that the proposed recommendations for closing the cybercriminal enforcement gap are effective.