Microsoft recently wrote about its efforts to coordinate everyone involved (vendors, Internet service providers, law enforcement, and even the financial sector) to starve the beast. My inbox was full of PR emails from vendors and law enforcement agencies praising themselves and each other for the GameOver Zeus takedown. This public self-congratulations is repeated every time a big takedown occurs — which is good because it encourages more takedowns.
We're not just talking one or two people arrested at a time or even a small gang. A few weeks ago the Justice Department announced the arrest of the Blackshades (a remote-access Trojan) creator and more than 100 other associates that had been duping people out of their hard-earned money. Large and small, they were all arrested, and all will be facing judges and courtrooms.
Even the group calling itself Anonymous has learned hard lessons over the last two years. First, when you piss off the feds enough, your supposed anonymity will fail you. Second, even the trusted leader of your group can be your worst enemy. While dozens of previous anonymous members are facing multiyear prison sentences, Hector Xavier Monsegurs, also known as Sabu, is walking around as a free man. He had little problem egging on his fellow hackers into committing more serious cyber crimes while the FBI recorded every keystroke.
Luckily, child pornographers remain as dumb as ever. Every few months, dozens to hundreds of them get rounded up around the world because they were visiting supposedly superprivate websites where they could meet each other and trade their sick contraband. Although I'd prefer child pornographers not exist, I'm delighted that they never seem to read about the previous Internet arrests and let themselves be scooped up in bunches. Let's keep doing these stings until no one shows up.
We are catching modern-day bank thieves who weren't as clever as they thought. Even highly confident, rich cyber criminals on the run with millions of dollars to give away in emergency bribes are getting arrested. The United States also announced arrest warrants, with pictures, for Chinese government officials accused of spying on America via advanced persistent threats. I know China won't give them up, but I also know they won't be going to Disneyland.
If you're thinking of being a "helpful" white-hack hacker, conducting supposed penetration testing on assets you haven't been authorized for, you will get arrested -- even if you're using anonymizing services. That teen who launched multiple swatting attacks, including on security journalist Brian Krebs and dared people to try to find him? Yeah, he's been arrested, too.
If you ever think of committing a crime on the Internet and believe some sort of anonymity service or tool like Tor will protect you, you're living in a dream world. Nearly every cyber criminal taken into custody had that same mistaken fantasy. There is no true anonymity on the Internet.
Sign up for CIO Asia eNewsletters.