FIGHTING CORRUPTION
ACCELERATING
CYBERCRIME
RESPONSE &
MITIGATION
The Internet Corporation for Assigned Names and Numbers
In this article, we consider private
sector frameworks that provide effective,
rapid response to criminal activity while
maintaining public confidence. We discuss
how the successes of these frameworks
can serve as the basis for public-private
partnerships. We identify challenges that
such public-private partnerships face. And
we examine and how such partnerships
might bring us closer to multinational
or international agreements where
due process of law is served through a
universally recognized judicial system.
DR. STEPHEN CROCKER
Chairman of the Board
ICANN DAVID PISCITELLO Vice
President, Security and ICT
Coordination, ICANN
Online cybercrimes exhibit
characteristics that make them
particularly challenging to mitigate or
defeat: the activities that collectively
comprise online criminal acts are
conducted transnationally; the
perpetrators operate from many
countries, often with temporary
relationships; and the acts themselves
are not universally recognized as
crimes in all jurisdictions where
the actors or their criminal assets reside. These characteristics make
apprehension or prosecution of the
perpetrators exceedingly difficult.
Perhaps the most difficult challenges
security interveners or law enforcement
officers must overcome when they
combat cybercrime are to be duly
diligent or to satisfy due process
quickly enough – in Internet time –
to contain the harm or minimize the
number of victims affected by a given
criminal attack.
108
Cybercrime timelines
reveal important truths
Today, the burden of online criminal
investigations falls on private sector
actors for phishing, malware distribution,
counterfeit goods, identity theft or other
fraudulent acts. Figure 1 illustrates a
representative timeline for a phishing
attack, from the onset of the attack
through response or remediation, to the
point where a law enforcement officer
presents sufficient evidence to obtain
a court order in a single jurisdiction.
Figure 2 illustrates a representative
timeline for a more sophisticated
criminal activity. Here, one or more
criminal actors first build an online