Most Computer Crimes Against U.S. Citizens Are Perpetrated by U.S. Criminals
There have been several reports of thefts of bank card data that appear to have originated in non-U.S. countries. For example, a recent investigation of a particularly malicious type of keylogger software that was surreptitiously installed on numerous home computers and sent bank account numbers and passwords to a server, showed that the server's domain was registered in China. Another group of data thieves, who use pop-up ads to download Trojans to steal bank card data, were reported to be based in South America.
These types of reports reinforce the view that many, if not most, cyber thieves are based in countries outside the U.S. Some analysts have even explored the historic and social reasons that computer criminals appear to be flourishing in Romania and Russia (see pp. 4-5).
Available quantitative data show (see p. 22), however, that most computer-related crimes against U.S citizens and businesses are perpetrated by criminals based in the U.S. A poll of mid-sized U.S. businesses regarding extortion attempts by criminals who penetrate business networks found that, of those respondents that had suffered a cyber-extortion attempt, when the location of the threat was identified the threat was four times as likely to have originated from North America than from any other country. Similarly, of 98 criminal computer intrusion cases prosecuted by the U.S. Department of Justice and listed on the DoJ's website, only 17 of the crimes "originated from a foreign country" or were "conducted on an international scale." Even in the case of the keylogger software noted above, although the server's domain was registered in China, aparently the server itself was physically located in the U.S.
There are, of course, non-U.S. cyber-criminals. The U.S. reached agreement with other G8 countries in 2004 to cooperate to identify and prosecute them. But as U.S. security specialists, lawyers, and policy makers work to create technical measures, statutes, and policies to counter the threat of cyber crime, we should keep in mind that most of the criminals that threaten U.S. citizens and businesses are based in the U.S., not overseas.
Posted by Randy Gainer