The bill was introduced recently into the Senate by Senator Kirsten Gillibrand of New York. It’s goal is “to require reporting on the capacity of foreign countries to combat cybercrime, to develop action plans to improve the capacity of certain countries to combat cybercrime, and for other purposes.” What are those other purposes? Let’s read the proposed bill and find out!

After the introduction and definitions of various parts of the bill, it gets into what the bill is all about. Section three is called the “Annual Report” and it requires the head of whatever new Federal agency is made to combat cybercrime to report to Congress. They are to report on “the extent and nature of activities relating to cybercrime that are attributable to persons or property based in the country and impact the United States Government, United States persons, or United States electronic commerce.” They are also to report on the “effectiveness of the laws” and “measures taken by the government to protect consumers from cybercrime.”

Section four, titled “Utilization of Foreign Assistance Programs” deals with how the U.S. will cooperate with foreign countries in battling cybercrime. The bill says that the President will give priority to improving “the effectiveness and capacity of the legal and judicial systems and the capabilities of law enforcement agencies with respect to cybercrime.”

The countries that will receive the most aid are those that the U.S. determines to have “a low capacity to combat cybercrime.”

The bill would also let the U.S. provide foreign countries with the tools to improve “critical infrastructure, telecommunications systems, financial industry, legal or judicial systems, or law enforcement capabilities of that country” to combat cybercrime.

Section five, titled “Action Plans for Combating Cybercrimes for Countries of Cyber Concern” says that after the report mentioned in section two is made to Congress that the President must create an action plan that will assist “the government of that country to improve the capacity of the country to combat cybercrime.”

There is also a provision that says the President will have to reassess the countries that have been placed under action plans. Countries may be removed and placed on action plans at will if they cease or become countries of “cyber concern.”

The President will be required, under section five, to meet with the leaders of each country of “cyber concern” to formulate action plans to combat cybercrime.

If a country fails to meet an action plan benchmark, which is one year after the action plan has been developed, the U.S. is given three courses of action to punish the country into complying with its request – block any new financing or loans for the countries in question, restrict trade to the countries in question and restrict foreign assistance.

Thankfully, there is an exception that states “the President may not suspend, restrict, prohibit, or withdraw assistance … that is provided for humanitarian or disaster relief or for projects related to building capacity or actions to combat cybercrime.”

The President is allowed to waive the requirement of an action plan if the President “determines that such a waiver is in the national interest of the United States” and “submits to Congress a report describing the reasons for the determination.”

Section six only details the responsibilities of the Secretary of State to designate a “high-level employee of the Department of State” to coordinate the combating of cybercrime on a state and international level.

Section seven details that the President appoint an “employee of the United States Government with primary responsibility with respect to matters relating to cybercrime policy.” This employee must also “consult with industry groups in the United States, civil society organizations, and other organizations with an interest in combating cybercrime.”

Finally at the end, section eight demands that the President take into account “the efforts of the government of that country to combat cybercrime” before finalizing or modifying any trade agreements.

This bill seems like the U.S. wants to be the head coordinator of a global cybercrimes unit. The fact that the bill gives the President the power to freeze funds and trade to countries that do not comply is somewhat worrying. The bill was referred to committee and could be up for a vote whenever they feel like it. We’ll keep you up to date on any changes.

The entire bill can be found on Open Congress. Read it for more information and become informed.

Do you think that the U.S. is trying to become an international cybercrime police force? Or is this just a step in the right direction in stopping cybercrime? Let us know in the comments.

The IC3 received an average of 25, 317 complaints per month in 2010. Non-delivery of payment or merchandise accounted for the most common complaints (14.4%). Scams using the FBI’s name (13.2%) and identity theft (9.8%) rounded out the top three types of complaints.

In 2010, IC3 referred nearly half of all complaints (121,710) to law enforcement
for further investigation. New technology developed for IC3 allows investigators to work on cases spanning jurisdictional boundaries. IC3 analysts also provide support for various investigative efforts.
 
“Internet crime has affected millions across the country, and the great thing about IC3 is that we have adapted our resources to meet this threat,”said NW3C Director Don Brackman.

“We have implemented new tools to help law enforcement bring online criminals to justice.”
 
Gordon M. Snow, assistant director of the FBI’s Cyber Division, added, “We encourage individuals to report Internet crime through the IC3 web portal. The IC3 is a unique resource for federal, state, and local law enforcement to intake cases efficiently, find patterns in what otherwise appear to be isolated incidents, combine multiple smaller crime reports into larger, higher priority cases, and ultimately bring criminals to justice.”

The Norton Cybercrime Index alerts people to online risks, including the day’s most dangerous websites, the most hijacked search terms by cybercriminals, as well as scams identity theft and spam.

The Norton Cybercrime Index answers the question, "What’s your online risk today?," showing you the day’s risk rating and putting it in the context of highs and lows, like a stock index. The Norton Cybercrime Index can be viewed online, via a mobile-optimized site, or downloaded onto a PC.

“Most of us go online daily to work, play, and socialize, and yet it’s one of the most dangerous activities we engage in, because there are so many threats lurking online," said Adam Palmer, Norton Lead Cyber Security Advisor.

"Norton fights cybercrime in a number of ways, including through education. Our goal is to have people add the Norton Cybercrime Index to their daily routine to get a clear understanding of the dangers that are threatening them online, and to take preventative action to avoid falling victim."

McAfee found 6 million malicious files in the second quarter, compared to 4 million in the first quarter.  Threats on portable storage devices were the most popular malware, followed by fake anti-virus software and social media specific malware. With 55,000 new pieces of malware that appear everyday, globally AutoRun malware and password-stealing Trojans round out the top two malware threats.

After reaching its highest point in Q3 2009, with nearly 175 billion messages per day spam rates have hit a plateau. Cybercriminals took advantage of anticipation on and hype of the FIFA World Cup in South Africa, and used various methods to promote scams and search-engine "poisoning."

Globally, the most popular types of spam varied from country to country. Delivery status notifications, or non-delivery receipt spam, were the most popular in the United States, Italy, Spain, China, Great Britain, Brazil, Germany and Australia. Malware spam, or anything that comes with a virus or Trojan attachment urging users to visit an infected website, was the most popular in Colombia, India, South Korea, Russia and Vietnam. Argentina had the most variety in spam, with 16 different topic areas, ranging from drugs to lonely women to diplomas. Italy came in with the least variety, with just six types of spam.

"Our latest threat report depicts that malware has been on a steady incline in the first half of 2010," said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee.

"It’s also obvious that cybercriminals are becoming more in tune with what the general public is passionate about from a technology perspective and using it to lure unsuspecting victims. These findings indicate that not only should cybercrime education be more widespread, but that security organizations should move from a reactive to a predictive security strategy."

The Internet Crime Complaint Center (IC3) was established in May 2000 as a partnership between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation. Since its launch IC3 has received more than 1.5 million complaints of cybercrime.

"This year marks the first decade of our partnership with NW3C addressing nearly 1.5 million Internet crime complaints to IC3," said Bill Hinerman, FBI Unit Chief for IC3.

"This partnership has increased law enforcement’s ability to collect, analyze, and refer Internet crime complaints to our domestic and international law enforcement partners."

IC3 gives victims of cybercrime an easy way to report and alert authorities of suspected criminal or civil violations. IC3 provides law enforcement and regulatory agencies with a central referral system for complaints involving Internet-related crimes.

"Since its creation in 2000, we have seen the number of complaints coming into IC3 increase year after year. Cybercrime is not going away and, in fact, is only going to continue as criminals become savvier," said Don Brackman, Director of the NW3C. "We are so proud to be partners with the FBI in operating IC3 to address this growing global issue."

"No one would have thought 10 years ago that we would have as many reports of cybercrime as we have today," Brackman said. "As the Internet keeps evolving and as criminals keep thinking up new ways to take advantage of the public, IC3 will continue to look for ways we can help combat these types of crimes."

The number of hijacked brands reached a record 356 in October, up nearly 4.4 percent from the previous record of 341 in August 2009.

"No brand is safe from the threat of spoofing for the purposes of online fraud. Once, only the largest banks were targeted," said Peter Cassidy, APWG Secretary General.

"Now, every kind of enterprise from banks and credit unions of all sizes to charities to, in a recent case, a hardware manufacturer, are now seeing their brands exploited in all manner of fraud scheme."

While the number of unique phishing reports submitted to the APWG in Q4 declined nearly 29 percent from a record high of 40,621 in August, dropping to 28,897 reports in December, the stats don’t reflect a more troubling trend. Member reports to APWG and research reviews in Q3 and Q4, reveal a significant increase in phishing focused on high value targets such as people in charge of finances.

"Spear-phishing and whale-phishing, where targeted individuals inside of corporations, or of high net worth, appears to be increasing," said Dave Jevans, APWG Chairman.

"Phishers and malware attackers are sending emails to individuals in a highly targeted fashion, attempting to gain access to corporate online banking systems, corporate VPN networks, and other online resources."

"These attacks do not contribute significantly to the overall number of unique phishing emails that are sent, as they are not using broad-based spam. Rather, the attackers customize their email messages to target individual users," Jevans said.
 

Search categories like these are used to lure unsuspecting consumers to their websites. Cybercriminals are often able to convince users to download files carrying, malicious software that can cause people to expose personal and financial information.

"Cybercriminals are smart," said Jeff Green, senior vice president of McAfee Product Development & Avert Labs. "Like sharks smelling blood in the water, hackers will create related Web sites laden with adware and malware whenever a particular topic increases in popularity."

"Unsuspecting consumers are then tricked into downloading malicious software that leads them to blindly hand over their personal assets to cybercriminals."

McAfee found the riskiest set of keyword variations was "screensavers" with a maximum risk of 59.1 percent. Nearly six out of the top 10 search results for "screensavers" contain malware. One of the single riskiest search terms in the world is "lyrics," with a maximum risk factor of one in two.

Searches using the word Viagra, a popular keyword commonly found in spam email messages, returned the fewest risky sites. Searches with the safest risk profile included health-related terms and searches about the current economic crisis.

People looking to save money, and/or searching for means of additional income should be aware that clicking on results that contain the word "free" have a 21.3 percent chance of infecting their PCs with online threats, such as spyware, spam, phishing, adware, viruses and other malware.

"With physical crime you know right away if your house has been broken into or your car has been stolen, but with cybercrime, it’s not that obvious. Most people don’t even know they’re a victim, and they rarely know what to do next," said McAfee President and Chief Executive Officer Dave DeWalt.

David DeWalt

"The Cybercrime Response Unit is an ‘online 911′ that can triage your situation and direct you to recovery. We’ll get you to the right resources immediately. This is part of our continued effort to fight cybercrime."

The Cybercrime Response Unit helps users identify if they have been the victims of cybercrime and recommends steps to take. The service points users to appropriate law enforcement, credit agencies and other resources to address their situation.

The site provides a forensic scanning tool based on McAfee’s Global Threat Intelligence. It determines if a user has malware running on their computer or has visited a malicious Web site that may have stolen personal information.

McAfee has Cybercrime Response Unit Agents available to help users by telephone. The site directs users to a toll free phone number for the most serious cases.

"We want to help the victim to understand the types of risky online behaviors that can lead to cybercrime so they can better avoid it in the future, and be empowered to use the Internet safely," said DeWalt. "Ultimately, educated users help us fight against cybercriminals."

Symantec said it created more than 1.6 million new malicious code signatures in 2008, which accounts for more than 60 percent of the total malicious code signatures ever created by the security firm.

The report found that Web surfing was still the primary source of new infections in 2008, and attackers are increasingly using customized malicious code toolkits to develop and spread their threats.

The majority (90%) of threats are aimed at stealing confidential information such as online bank account details, which accounted for 76 percent of malicious activity.

Web applications were common sources of vulnerabilities. Of all the vulnerabilities identified in 2008, 63 percent affected Web applications, up from 59 percent in 2007.

The most web – based attacks came from the United States (38%), followed by China (13%) and the Ukraine (12%).

"As malicious code continues to grow at a record pace we’re also seeing that attackers have shifted away from mass distribution of a few threats to micro-distribution of millions of distinct threats," said Stephen Trilling, vice president, Symantec Security Technology and Response.

"Cybercriminals are profiting from creating and distributing customized threats that steal confidential information, particularly bank account credentials and credit card data. While the above ground economy suffers, the underground economy has remained consistently steady."

Owen Thor Walker, 18, who used the alias "Akill" online, was ordered by the court to pay $10,000 in damages and turn over his computer related assets.

New Zealand police are impressed with the skills of Walker and are considering offering him a position fighting cybercrime.

Police found out last November after a yearlong investigation involving the FBI and authorities in the Netherlands that the "mastermind" they were trying to find was Walker, who was using a computer in his bedroom in the rural town of Whitianga.

Walker used a botnet to control more than a million computers around the globe. Software he created and sold to cyber criminals allowed them to steal users names and passwords along with credit card information. He did not take money from people’s accounts, but received $31,000 for the software he designed and sold to hackers.

The FBI estimated the financial losses from the hacking activities and damage to computer systems at over $20 million.

The crime received attention after one attack caused computers to crash at the University of Pennsylvania in 2006.

In court, Walker, who has Asperger’s syndrome, a form of autism, smiled as he listened to the prosecution talk about how international investigators considered his skills to be "amongst the most advanced " they had come across.

Judge Judith Potter called Walker a person with a bright future but who was unable to set boundaries for himself in relation to his "undoubted expertise" in computers.