This week, Reuters reported that US law enforcement officials announced the arrest of 24 individuals around the world in connection with international hacking at large financial institutions.
The investigation lasted two years and involved FBI agents going into online forums and acting as hackers to find out the kinds of activities hackers were planning. The FBI was particularly interested in hackers who were going after big financial institutions.
According to Reuter’s, US authorities claimed that “The probe prevented $205 million in possible losses on over 411,000 compromised consumer credit and debit cards.”
So it wasn’t a minor deal if these figures are to be believed, and hacking is a serious issue for every company, regardless whether your mission involves finance or not, but two years of investigation that leads to 24 arrests?
Are we supposed to be impressed? Great they might have succeeded in taking two dozen hackers off the table for now, assuming the government can win the case against them, but did they really make anyone any safer?
Interestingly enough, on the same day as the arrests, The Verge wrote about a McAfee report on widespread financial fraud by hackers. So they are out there, stealing information and making use of it. But 24 hackers is a drop in the bucket.
It’s also not very comforting when you consider that the profile of the average hacker is a loner. In other words, these aren’t typically organized groups of individuals, so it’s not as though you can cut off the head and hope you have solved the issue.
When you consider loosely knit groups like Anonymous, for example, there are thousands of people working across the planet to try and hack your systems. As an IT pro, did the US do anything with those arrests to make your business any safer? Probably not.
It doesn’t mean that they shouldn’t have tried, but when a two-year investigation results in only 24 arrests you have to at least realize that it didn’t really put a dent in this problem.
We are no safer today than we were yesterday before the arrests. All we can say for sure is that 24 suspects are in custody. The worker of the other myriad of hackers goes on unabated.
Something tells me it’s not an issue that can be resolved through the legal system. It’s going to require some of the best and brightest minds in technology to find a way to build more secure networking systems. Until that happens, a few arrests here and there make good headlines, but they do little to add to overall network security.