“Cyber security” is the new buzzword sending millions of Americans into a panicked frenzy as they find themselves vulnerable to numerous attacks by cyber criminals. And with the forward march of digitalization over the last two decades cutting across all segments of society, hackers have their work cut out for them.

In the 21^st century America, “internet” is the name of our new addiction. Information-hungry, tech-savvy users are now empowered to capture, create, and spread content across a variety of mediums and industries, including entertainment, social interaction, education, communication, and even health care. Our tech-infused lives are nothing like they used to be: we now use phones to take pictures, iPods to listen to music, game consoles to entertain our friends; we read books on Kindles and transfer gigabytes of information per minute using USB technology. Modern advancements are making life easier, but they’re also rewiring our brains as they get us more and more hooked.

Expectedly, this full-blown digital revolution isn’t only affecting the average user. Every process, in every industry, across all segments of society – from automobiles to education and national security – is transformed in this massive shift towards paperless and wireless. Our banking systems, utilities, telecommunications, and national security have all moved online. An important and immediate effect? With all the information in the world at our fingertips, digitalization makes everyone powerful – the nature of authority is changing in a transparent world without barriers. Businesses, the media, or state institutions can no longer hide anything from the omnipresent eye of the public – or that of hackers’.

A report published last year internet security firm Symantec revealed that cybercrime – hacking, identity theft, cyber stalking, malicious software, child pornography and abuse – costs the world an estimated $113 billion per year. On average, American companies have to fork over $277 for every customer’s account put at risk by malicious attacks, cost much higher than that of information leaks caused by employee negligence or software failure. The number of victims is well into the hundreds of millions.

Spending More Money, a Viable Solution?

For the second year, the Ponemon Institute released an in-depth report titled 2013 Cost of Cyber Crime Study: United States that analyzes the costs associated with fighting computer criminal activity directed at individuals, the private business sector, and the national infrastructure. Here were some of the study highlights:

• Cybercrime continues to drain businesses’ resources. Researchers found that, in 2013, the 60 companies surveyed had an annual expense of $11.6 million per year, ranging between $1.3 million and almost $60 million. This is a 26 percent increase compared to last year’s figures, when the average annualized cost didn’t exceed $9 million.
• Cyberattacks are now a common sight. If, in 2012, the surveyed companies reported a total number of 102 successful attacks on average every week, in 2013, the number increased at 122.
• All industries are vulnerable to cybercrime, but not to the same extent. Companies in retail and consumer products spend far less on fighting computer crime compared to financial companies, defense, and utilities.
• The types of attacks that demand the biggest expenditures include web-based attacks and malicious software. Addressing these major problems efficiently, and mitigating costs would require organizations to implement intrusion prevention systems, risk management and compliance solutions, application security testing, enterprise governance, and others.

Clearly, cybersecurity is a real and pressing problem, threatening the entire world. And certain steps are already being made by the government to decrease the risks of attack and secure critical information. The question is, is this new war against computer crime turning into the expensive, ineffective, and resource-draining waste of time that was the war on drugs? Americans certainly aren’t looking forward to footing the bill of yet another utter failure that will result in billions of tax dollars wasted, overcrowding jails, and millions of lives destroyed.

Spending more money is a solution, according to research from Bloomberg, which estimates that businesses who want to increase their level of security must fork over 9 times more than what they’re currently spending on cyberattack prevention. That is, in order to prevent 95 percent of all attacks, companies will have to increase their budgets from $5.3 billion to $46.6 billion.

On the other hand, many experts believe that putting more money into strategies that aren’t currently working will not increase their efficiency in fighting cybercrime. And yet, many business managers still choose to invest in antivirus solutions that can barely detect malware and virus threats, out of fear of being held personally liable in the eventuality of a security breach.

Excessive Punishment for Hackers: History Repeating?

Take the case of Eric Wosol, the 38 year old man from Wisconsin who helped the notorious activist group Anonymous to overload Kochind.com’s server, and was given a two-year probation sentence and a $183,000 fine, even though he participated in the attack for no longer than 60 seconds. Or the high-profile case of Matthew Keys, a former social media editor at Reuters, who is accused of having turned the login information for the Tribune Company to the same Anonymous, which proceeded to make a prank and change one of the headlines to read “Pressure builds in House to elect CHIPPY 1337.” For this minor act of vandalism, Keys got indicted on three felony charges, and he’s looking at a sentence between 21 and 21 months in jail and possibly a huge fine.

Andrew Auernheimer will spend 41 months in federal prison for having found and exploited a minor AT&T flaw, while Aaron Schwartz will never see the light of day again, committing suicide after being sentenced to 35 years in jail for multiple violations of the Terms of Service agreement.

This trend is not new; excessive punishment was fairly common in the war on drugs. But according to Marvin Ammori from Wired, “We need to question whether locking people up for long periods of time — without addressing the root concerns about concentrated political power, civil liberties abuses, and transparency — will have the effect of deterrence or worse yet, a hardened cynicism that perpetuates the endless cycle of punishment. That’s true of even non-politically motivated cybercrime, or really, all crime … whether it involves a computer or not.”

Are We Winning or Losing the War?

The short answer is: we are definitely losing it. The Federal Bureau of Investigation appears to be overwhelmed by the craft and skills of tech-savvy hackers, according to former executive assistant director Shawn Henry, who was interviewed by the Wall Street Journal: “”I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.”

More and more often are FBI agents encountering situations where the data breach had occurred months or even years before company executives learned about their security issues. Henry says most of them are shocked at the thought of having had all business operations fully exposed to ill-intended individuals. In the meantime, aside from the daily thousands of crashing websites and virus-infected networks, attacks are now the cause of 18 percent of U.S.-based data center outages. The average cost/outage is $630,000, and the crash can interfere with other vital services based there, such as telephone systems and industrial facilities.

Part of the reason why FBI is often overwhelmed by this disturbing trend is because the organization is outnumbered: there are too many hackers and too many access points to organizations and agencies the FBI wants to protect. On the other hand, the number of agents is not the only shortcoming. According to Reuters, attacks are becoming more commonplace than in past years and also much more sophisticated and targeted. Nowadays, it is not uncommon for wireless printers or smartphones to be “co-opted into attacks;” as they become ever more complex and frequent, cyberattacks are leaving automated detection systems far behind.

Ironically, the FBI is itself the target of cyber criminals: “Over more than a decade, the federal government has struggled to implement a mandate to protect its own IT systems from malicious attacks. As we move forward on this national strategy to boost the cybersecurity of our nation’s critical infrastructure, we cannot overlook the critical roles played by many government operations, and the dangerous vulnerabilities which persist in their information systems.”

The only way to save precious time and resources is for the government to learn from its own mistakes. Enforcing prohibition, excessive punishment, and the reckless wasting of tax dollars will not make our country more protected in the face of cyber criminals. Rather, efforts should continue to be focused on building a database with information of previous attacks (similar to a fingerprint repository) or updating the agency about data security breaches, thus keeping the “cyber panic” under control.

About the Author Andrew M. Weisberg is a criminal defense attorney in Chicago, Illinois. A former prosecutor in Cook County, Mr. Weisberg,is a member of the Capital Litigation Trial Bar, an elite group of criminal attorneys who are certified by the Illinois Supreme Court to try death penalty cases. He is also a member of the Federal Trial Bar. Mr. Weisberg is a sole practitioner at the Law Offices of Andrew M. Weisberg.

According to a Forbes article, “the amount of court-issued warrants surging from 1,190 in 2000 to 3,194 in 2010 – a nearly 200% increase.” And if most of the times its use is still reserved to fight violent and organized crime, wiretapping has become a potent tool in high-profile white-collar crimes, as well.

Photo Source: http://media.npr.org/assets/img/2011/05/11/raj-318e4d07fe81a93b1bcf52479803127c3cc2ed45-s40-c85.jpg

Wiretaps played a crucial role in the most famous white-collar case of recent years, leading to the conviction of Galleon Group LLC co-founder Raj Rajaratnam in 2011 for conspiracy and security fraud. Prosecutors alleged the billionaire investor had several ‘corporate tipsters’ that provided him insider information – used to make what seemed at the time extremely inspired business investments – and built their case on a series of telephone conversations recorded over the course of 9 months in 2008.

There were three major conversations that sealed the trader’s fate. First one records a discussion between Rajaratnam and Rajiv Goel, a former Intel representative, about trading shares of People Support, about which he knows exactly when the price will go up, based on a tip from an inside man. The second conversation is between Raj and a former McKinsey executive about an AMD deal, ended with the latter encouraging Raj to buy up the stocks as soon as possible. On the last recording, Raj is discussing with one of his former partners at Galleon, Adam Smith, about a company named Vishay.

All recorded conversations between Rajaratnam and his informants, 45 in all, were essential to his conviction on 14 counts of securities fraud and conspiracy. On October 13, 2011, he was sentenced to 11 years in prison and fined over $150 million in criminal and civil penalties, the harshest-ever punishment imposed in a white-collar case.

Is Wiretapping Necessary?

According to the federal Wiretap Act, investigators must resort to wiretapping only if conventional investigative techniques prove unfruitful – they must demonstrate exactly how other procedures have failed or would have been too dangerous in those circumstances. The law was recently updated in order to “minimize the interception of communications not otherwise subject to interceptions” and limit unnecessary intrusion into the suspect’s privacy.

Wiretapping is particularly important as part of investigators’ toolbox when the phone is regularly used to conduct criminal activities currently under investigation. Especially when it comes to organized crime and drug-related cases, there are few conventional alternatives for proving offenses, and prosecutors have no trouble showing that wiretapping was indeed needed. In white-collar crime cases, however, especially high-profile ones, regulatory agencies may claim prosecutors are acting with ‘reckless disregard’ of the defendant’s privacy rights and question the legality of wiretaps.

Charges for white-collar crimes are serious criminal accusations that should not be taken lightly. If you have been requested to appear before a Grand Jury in relation to an investigation into such criminal offenses, the experience and talent of a criminal defense lawyer can prove extremely valuable in preparing your case for the proceeding. Call Mr. Weisberg cell phone 24/7 at 773-908-9811 or text ‘LAWYER’ to 25827 to receive a call back.

About the Author Andrew M. Weisberg is a criminal defense attorney in Chicago, Illinois. A former prosecutor in Cook County, Mr. Weisbergis a member of the Capital Litigation Trial Bar, an elite group of criminal attorneys who are certified by the Illinois Supreme Court to try death penalty cases. He is also a member of the Federal Trial Bar. Mr. Weisberg is a sole practitioner at the Law Offices of Andrew M. Weisberg.