The new president and CEO of security giant McAfee is pushing for legislation that will mandate more jail time for the growing number of cybercriminals breaking into government and corporate computing systems, setting up phishing schemes and building botnets.
Dave DeWalt has been meeting with senators, congressmen, and members of President Bush's staff to talk about cybercrime. A big part of his focus, he told InformationWeek, is to push the creation of new legislation to "modernize the law" and help law enforcement pursue hackers and online scammers.
"Cybercrime, in terms of losses per year, has passed the illegal drug trade in revenues per year," he said. "Now, we're seeing in excess of $105 billion in losses per year related to cyber crime. It's amazing to see how much it has grown over the last few years. You find yourself in a situation today where you can go in and essentially have a higher punishment for robbing a 7-Eleven for $11 than stealing a lot of money online. It's a low-risk, high-reward kind of situation.''
After leveling charges at several alleged botnet herders last month, the FBI reported that the government considers botnets a growing threat to national security, the national information infrastructure, and the economy. And just earlier this month, Sophos, a security company, reported that the number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now.
And InformationWeek's 10th Annual Global Information Security surveyshowed that despite the plethora of worms and viruses that are threatening companies, IT managers are starting to pay more attention to the issue of data theft.
The means of attack are changing, noted DeWalt. And keeping abreast of them can be a daunting task. With cybercrime becoming more sophisticated and more commonplace, DeWalt says now is the time to get laws and sentencing guidelines in place to deal with it.
"We're overloaded with new malware being submitted in every shape and form," he added. "We're seeing 17,000 phishing attacks a month. It's so easy to do that we're seeing a tremendous rise in it. What we're discovering are almost ruthless kinds of attempts at phishing. They highjack a children's donation Web site. They're targeting the elderly. It's nearly impossible to track them because they move so quickly and change their IP addresses so much. We don't have the laws to really go after them. ... When you see the number of attacks versus the number of people being caught, it's pretty miniscule."
DeWalt would like to see cybercriminals facing long jail times and steeper fines.
"I think there's a tremendous need for legislation," he said. "Our ability to track the bad guys isn't the best. Modernizing our government and IT systems, as well as the law and the ability to pursue, is the key to stemming the tide of cybercrime losses You got to have stiffer penalties for actual crime over the Web. Sophistication on the commercial side of high tech side is pretty advanced but we don't have that in government and in our laws."