October 5, 2023

Introduction by Larry Clinton

As we explained in previous blogs (LINK), cybercrime is at an all-time high – and there are no signs that it is slowing down. Economic losses from cybercrime are estimated to be as much as $2 trillion annually—and increasing to as much as $10.5 trillion by 2025 – 10 trillion is roughly the GDP for China.

Meanwhile, the United States successfully prosecutes less than one percent of cybercriminals – that percentage is actually going down. Obviously our current law enforcement efforts are providing close to zero deterrent power. The cyber criminals are beating us, and badly. It is obvious that we need to be far more aggressive and creative in assisting our law enforcement agents to address cybercrime.

To be clear, the fault lies not with our overwhelmed law enforcement personnel but with the antiquated systems and lack of resources they are given to do an extremely difficult and important job.

In fact we have clear indications that, when properly resourced and focused our law enforcement community can make substantial inroads in fighting cybercrime.  For example, in the high-profile Colonial Pipeline ransomware attack of May of 202, the FBI was quickly able to retrieve around half of the money originally lost to a massive ransomware attack — apx 2.5 million dollars.

This success demonstrates that given adequate resources, law enforcement can quickly remediate impacts of cybercrime. Even better, this effort, if it could be replicated, would significantly diminish the profit for the criminals and thus substantially reduce the incentive for these attacks. Unfortunately, a lack of adequate law enforcement funding means thousands of ransomware victims are not able to receive the “Colonial treatment”

The statistics on our funding of law enforcement paint a stark picture. The FBI, which is the federal “lead” for cybercrime, requested almost a 110 million increase in its cybersecurity budget for FY 2024, in part to tackle the growing threat of ransomware. This increase brought the FBI’s cybersecurity budget to approximately $11.4 billion. This marks a 5.5 percent increase from the FY 2023 budget, that’s a fairly hefty increase, but when compared to the resources of the cybercrime community – generating literally hundreds of billions in revenue it is not nearly enough to chase down international criminal syndicates.

Given the realities of current federal and state budgeting we need to look to creative ways to get law enforcement more of the resources they need to do the job we ask them to do. One idea is to adapt the civil forfeiture model we already use in fighting drug crime.  Put simply, in drug cases when law enforcement captures a substantial amount of money from a drug bust it is entitled to keep a portion of the retrieved funds. 

If, the model we historically use to fight drug trafficking were applied to cybercrime it could generate a very useful amount of resources for the law enforcement community to use to go after additional criminals which in turn would generate additional funds for further law enforcement efforts. This of course is not nearly enough to do all we need to do –– but a very useful amount. For example if in the case of the Colonial recovery effort, the FBI were allowed to keep 20% of the recovered fund (a “user fee essentially) that $500,000 could be used for future Ransomware activities.

Essentially the cyber criminals would then be assisting the government by helping fund our efforts to go after them.  As an added, and significant benefit, the greater success our law enforcement community has in fighting cybercrime the greater the deterrent value their efforts have in preventing future crime.