Battling the Hydra: Law Enforcement‘s Uphill Battle Against the Shape-Shifting Threat of Cybercrime
Like the mythical multi-headed hydra monster that grows two heads whenever one is severed, the global fight against cybercrime often feels like an impossible uphill battle for law enforcement agencies. Every time a hacker ring gets busted or malware creator arrested, new sophisticated cybercriminal operations arise to take their place.
Despite some high publicity wins in recent years, the cold hard statistics paint a sobering picture. Cybercrime is not only alive and kicking – it‘s positively thriving.
The Jarring Costs of Cybercrime Continue Skyrocketing
According to the FBI‘s yearly Internet Crime Report (ICR), total losses to victims of cybercrime exceeded $6.9 billion in 2021. This represents a startling 47% jump over the prior year‘s figure of $4.2 billion as shown in Figure 1 below:
| Year | Total Losses Reported |
|------|-----------------------|
| 2020 | $4.2 billion |
| 2021 | $6.9 billion (**+47%**) |Figure 1: Total cybercrime losses reported to FBI (FBI 2022 Internet Crime Report)
The ICR stats only account for what gets reported directly to the FBI‘s public IC3 portal. The true costs are estimated to be in the trillions globally when factoring unreported cases and cascading impacts on productivity and economic activity.
Cybersecurity Ventures projects that global cybercrime costs will grow by 15 percent per year over the next five years, reaching a staggering $10.5 trillion USD annually by 2025. This represents the greatest transfer of economic wealth in history, more than the global trade of all major illegal drugs combined.
Just looking at data breaches, Figure 2 shows the dramatic rise in records exposed over the past decade:
| Year | Records Breached (billions) |
|------|-----------------------------|
| 2013 | 1.52 |
| 2021 | 37.7 (**+2382%**) |Figure 2: Increase in breached records over time (RiskBased Security 2022 Data Breach Report)
The mushrooming costs and increasing regularity of attacks continue massively outpacing law enforcement‘s ability to rein them in.
Ransomware and Crypto Fraud Lead the Charge
In the past, malware, hacking and identity theft topped the list of cyber threat categories. But over the last five years, ransomware and crypto fraud have burst onto the scene to become the most financially damaging cybercrimes.
The blockchain provides the perfect vehicle for pseudonymous extortion and money laundering. Ransomware gangs are professionalizing with affiliate programs and Ransomware-as-a-Service offerings. Crypto scams trick victims into transferring funds or personal information that gets exploited.
Between 2020 and 2021, the FBI observed over a 232% increase in crypto losses with nearly $1.6 billion stolen. Ransomware extortion targets everyone from everyday citizens to hospitals, schools and critical infrastructure. When criminals disabled the Colonial Pipeline using DarkSide ransomware, it led to gas shortages and emergency declarations along the U.S. eastern seaboard.
This expanding attack surface increases the workload for already overloaded agencies. Trying to track pseudo-anonymous cryptocurrency payments across borders or recover encrypted files strains limited resources.
The FBI and Global Law Enforcement Are Overmatched
Arrest statistics exemplify law enforcements‘ lack of progress keeping up with metastasizing cyber threats:
| Year | FBI Cyber Arrests |
|------|-------------------|
| 2017 | 1,783 |
| 2021 | 1,833 (**+3%**) |Figure 3: Number of cyber-related arrests by the FBI annually
Faced with over 790,000 complaints of suspected internet crime in 2021, the FBI‘s arrest tally represents only a tiny fraction of total incidents. Their conviction rate hovers under 10% of cases referred for prosecution.
Interpol data also confirms most countries convict only 1-3% of their reported cybercrime cases. Justice feels elusive for the majority of victims, further emboldening sophisticated attackers.
The Myth of Decapitating the Snake
Occasionally, law enforcement delivers a high publicity win like the dismantling of the Infraud dark web marketplace or the sentencing of Russian Peter Levashov for operating the Kelihos botnet.
However, these isolated "decapitation" strikes have minimal long-term impact on the overall cybercrime ecosystem. As seen in Figure 4, dark web marketplaces quickly reopen under new administrations or alternative platforms pop up when competition gets taken down:
| Dark Web Marketplace | Launch Date | Takedown Date |
| -------------------- | ----------- | ------------- |
| Silk Road | 2011 | 2013 |
| AlphaBay | 2014 | 2017 |
| Wall Street Market | 2016 | 2019 |
| White House Market | 2020 | 2022 |Figure 4: The short lifecycles of dark web marketplaces
Similarly, when the mastermind behind the Dridex banking trojan gets convicted, plenty of other banking malware and phishing kits stand ready to fill the void.
For instance, Qbot rose up in 2022 with self-spreading capabilities and modular plugins supporting worms, keyloggers, ransomware deployment and more malicious acts. Like the mythical hydra, whenever one head gets severed, others emerge stronger and more cunning.
This frustrating dynamic leads many experts to characterize the cybercrime fight as a game of "whack-a-mole" for law enforcement agencies. Their responses remain overwhelmingly reactionary against the latest threats rather than dismantling the deeper roots that nourish cybercrime.
Why Law Enforcement Can‘t Keep Pace
Fundamentally, the technology adoption lifecycle moves much faster than the legislative and jurisprudence lifecycles in most countries. This lag leaves gaps in laws, policies and judicial precedents that technologically adept cybercriminals actively exploit.
Other factors constraining law enforcement efficacy include:
Jurisdictional Boundaries: Cybercriminals easily bypass sovereign borders online while agencies get bogged down in bureaucracy to coordinate internationally. Diplomatic hurdles also arise requesting evidence or extradition from countries providing safe harbor.
Funding & Resource Constraints: Many agencies suffer from talent shortages and lack cutting-edge technical capabilities requiring large investments to develop and maintain.
The Going Dark Problem: Widespread adoption of encryption by apps and messaging platforms sends investigations that rely on accessing communications into dead ends.
Attrition of Institutional Knowledge: The shortage of cybersecurity professionals leads to high turnover. This attrition makes it hard for agencies to build institutional knowledge.
Outdated Laws: Legacy computer crime laws lag behind newer attack techniques. Loopholes in areas like cyberstalking, deepfakes and breaches have stalled progress on upgrades.
Overhauling Strategies Against the Shape-Shifting Hydra
Facing this predicament, policymakers and law enforcement leaders worldwide increasingly realize that a "business as usual" stance will not cut it. Fundamental changes must occur across technology implementations, staffing models, international coordination and legislative reform.
1. Increase Focus on Following the Money:
Rather than emphasizing arrests, agencies should prioritize disrupting cybercriminal profits by:
- Expanding cryptocurrency seizure/forfeiture and forensics capabilities
- Leveraging financial regulations like Bank Secrecy Act (BSA) violations
- Piloting interdiction solutions that intercept or siphon illicit funds
2. Develop Cyber Reservist Models:
Volunteer forces of technically adept "cyber reservists" on call to assist during incidents can augment strained in-house teams. Estonia‘s Cyber Defense Unit sets a model example that more countries plan to emulate.
3. Formalize International Cybercrime Task Forces:
Cross-border investigative teams with streamlined coordination, diplomatic backing and private sector intelligence have proven far more effective tackling complex transnational cases.
4. Incentivize Proactive Cyber Threat Intelligence Sharing:
Automated, standardized mechanisms for agencies and companies to share threat indicators before major incidents occur will lift everyone‘s defenses. Policy changes should increase liability protections for sharing data in good faith.
5. Establish Cybercrime Policy & Doctrine Centers:
Dedicated joint task forces of technologists, legislators, law enforcement leadership and academic fellows can develop forward-looking policy platforms and technology roadmaps tuned to the evolving threat landscape.
6. Increase Cybercrime Penalties While Eliminating Hurdles to Prosecution:
Stronger criminal/financial deterrence for cyber intrusions, data destruction and fraud balanced against streamlining legal thresholds required for charges would shift the risk/reward equation for attackers.
7. Cultivate International Norms Against Harbouring Cybercriminals:
Diplomatic pressure and economic incentives aimed at nations tolerating (or passively enabling) cybercrime could limit safe havens worldwide.
8. Implement Cyber Workforce Scholarships and Apprenticeships:
Grassroots programs to increase diverse hiring pipelines and reskill personnel will boost urgently needed cybersecurity human capital over the long-term.
While the hydra myth concludes that cutting off heads only makes the monster stronger, the same should not hold true in the fight against cybercrime. Smarter strategies and coordinated determination can slowly turn the tide if priorities get aligned correctly.
Of course, new unforeseeable threats constantly appear on the horizon from expanding attack surfaces. Our healthcare systems, vehicles, smart homes and Metaverse experiences already display huge vulnerabilities that cybercriminals eagerly hope to exploit in the years ahead.
Nonetheless, we find ourselves at a pivotal moment to alter law enforcement‘s losing trajectory against increasingly industrialized cybercrime operations. It remains an uphill battle, but not necessarily an unwinnable one if stakeholders collectively commit to strengthening defenses, modernizing policies and resourcing protective efforts worldwide.
