Title: The U.S. Led Fight Against Global Cybercrime

Description: The United States and its global partners are experiencing
a massive wave of cybercrimes. Here in the U.S., federal law
enforcement have received record numbers of complaints in recent years,
which include a wide array of Internet based scams affecting victims
around the world. What's being done to fight these crimes? We'll find
out more from GAO's Latesha Love-Grayer and Kevin Walsh.

Related GAO Work: GAO-23-104768, Global Cybercrime: Federal Agency
Efforts to Address International Partners' Capacity to Combat Crime

Released: March 2023

[Music]

[Latesha Love-Grayer] Global cybercrime is an ever growing and
increasingly heinous challenge, and it will take collective
international efforts to fight it.

[Holly Hobbs:] Hi and welcome to GAO's Watchdog Report. Your source for
news and information from the U.S. Government Accountability Office.
I'm your host, Holly Hobbs. The United States and its global partners
are experiencing a massive wave of cybercrimes. Here in the U.S.,
federal law enforcement have received record numbers of complaints in
recent years, which include a wide array of internet-based scams
affecting victims around the world. What's being done to fight these
crimes? We'll find out more from GAO's Latesha Love-Grayer and Kevin
Walsh, who have a new report for Congress about global cybercrime.
Thanks for joining us.

[Latesha Love-Grayer:] Thank you for having us.

[Kevin Walsh] Yes, thank you.

[Holly Hobbs:] So, Kevin, can you give us an idea of the scale of this
problem and how it's grown?

[Kevin Walsh] Sure. It's hard to know exactly how many incidents there
are because many companies don't fully report attacks, and individuals
such as ourselves may not even know that they have been hacked.
However, when we asked the FBI's Internet Crime Complaint Center, they
said that in 2021 they received a record number of cyber complaints,
over 840,000, and potential losses exceeded $6.9 billion. So we're
talking about a large problem that is only going to continue to grow,
Holly.

[Holly Hobbs:] And do we know why there's this wave and why it's
happening now?

[Kevin Walsh:] We didn't actually meet with any hackers. None of them
would agree to sit down with us. So we were unsure exactly why from
their perspective. But, what we see is that there is a low barrier to
entry so it's easy to do. It's fairly profitable and it's very hard to
attribute who exactly did the hacking. So, it seems like this is only
going to get easier and bigger as we go.

[Holly Hobbs:] So what's being done in the U.S. to fight global
cybercrimes?

[Kevin Walsh:] So the United States does many things to fight global
cybercrime. For example, DHS has its Cybersecurity and Infrastructure
Security Agency (CISA). The National Security Agency also does a lot to
help protect us. However, talking about globally, what we do to work
with our global partners, a lot of times we do information sharing--you
know, hey guys, here's the kind of hacks we're seeing or here's the
threats that we see. We also work to train them up, provide advice on
how to reform legislation or their legal infrastructure, and then work
with them on their policies, strategies to try and make sure that they
are more resistant to cyber efforts.

[Holly Hobbs:] Clearly, this is a growing issue. Do we know what
challenges the U.S. is efforts face?

[Kevin Walsh:] Yeah, we talked to a panel of both federal experts and
international experts. And the gist is there are a lack of resources,
and that means both people as well as money and technology. They also
have a hard time holding on to the staff once they have trained them
up. The U.S. government's ability to provide assistance. So a lot of
times there's a lot of demand for our experts to provide the training
and we can only do so much. Rapidly evolving technology, as you know,
technology continues to grow in leaps and bounds and an inconsistent
definition of cybercrime. That means that not everybody agrees on what
exactly cybercrime is and isn't. And that can be hard if you're working
to address things that a country may or may not consider bad.

[Holly Hobbs:] Latesha, this is a global problem. How is the U.S.
working with global partners to combat cyber criminals?

[Latesha Love-Grayer:] Well, you're right. International crime
syndicates, terrorists and individuals alike can all be involved in
committing cybercrime. And we know that there are countries who have
government-sponsored organizations who are very actively engaged in
committing international cybercrime, including China, Russia, Iran and
North Korea. As a result, we have to work together internationally to
combat this type of criminal behavior. So State and DOJ and DHS conduct
a range of activities with international partners. For example, DOJ
provided technical assistance and training and equipment to Nepal to
build their police forces capabilities and capacity to investigate
cyber criminals. And DHS is collaborating with participants from the
international law enforcement academies in areas like the Caribbean and
Thailand and Botswana and other places to leverage their intelligence
and to help build relationships with each other so that they are able
to combat cybercrime in the region. And State, who has a leading role
in the diplomatic side and in other ways provided, for example,
legislative drafting advice to Brazil and Tonga and Nigeria on how to
strengthen their laws to conform with international cyber norms.

[Holly Hobbs:] So when we looked at these efforts, did we find any
gaps?

[Latesha Love-Grayer:] Yes, we did. We're GAO, we often do find gaps.
And before I get to them, I do want to give a little bit of credit
here. We did see a range of activities that agencies were conducting.
And State, DOJ and DHS all were taking some steps to evaluate results
of very specific activities. However, what we found is that there was
no big picture look, no big picture look at whether these collective
efforts are having the impact that we hope and intend for them to have.
As a result, we don't know whether the U.S. is achieving its
overarching goals in trying to combat global cybercrime. We don't know
whether certain activities are working very effectively and we need to
expand those, or whether there's activities that are less effective and
we need to shift resources away from those areas. So there's more that
needs to be done in being able to assess the effectiveness of these
efforts.

{MUSIC}

[Holly Hobbs:] So Kevin and Latesha just told us that cybercrime is a
growing issue. And that while the federal government is taking steps to
address this threat at home and abroad, agencies fact a number of
challenges and have not assessed their efforts. So Latesha, what do we
think needs to happen to improve efforts to fight global cybercrime?

[Latesha Love-Grayer:] Well, we think State, which is the agency that
has the overarching responsibility for coordinating internationally
with other countries and building the capacity of other countries, that
State should conduct an evaluation of all of the activities that it's
conducting and that it's funding in other agencies to combat global
cybercrime to determine how effective these collective efforts have
been. We've made a recommendation to them to do just that. And we do
know that this is not the kind of thing that's going to be done
overnight. It's going to take time. It's going to take collaboration
and working with other agencies. But we're really looking forward to
the actions that State is going to take to address that issue.

[Holly Hobbs:] And last question, what's the bottom line of this
report? Latesha, maybe you can start us off.

[Latesha Love-Grayer:] The bottom line is global cybercrime is an ever
growing and increasingly heinous challenge, and it will take collective
international efforts to fight it. State, DOJ, DHS, they're among the
agencies that are conducting a variety of activities in this area.
However, they have not taken a big picture look at whether all of these
activities are working and achieving the goals that they need to
achieve. And that's something that State needs to do.

[Holly Hobbs:] And Kevin?

[Kevin Walsh:] So to build on that, I've got a cooking metaphor. So
it's as if we're making sure we have the best strawberries and the best
pickles and the best crackers, but nobody's sitting back and saying,
'But what kind of sandwich is that going to be?' We need to have
somebody sitting back and taking that comprehensive look across all of
the government's efforts and making sure that we're all working
together in tandem to make that great cyber sandwich.

[Holly Hobbs:] That was Latesha Love-Grayer and Kevin Walsh talking
about GAO's report on global cybercrime. Thank you for your time.

[Latesha Love-Grayer:] Thank you so much for having us.

[Kevin Walsh:] Yes, thank you.

[Holly Hobbs:] And thank you for listening to the Watchdog Report. To
hear more podcasts, subscribe to us on Apple Podcasts, Spotify, or
wherever you listen and make sure to leave a rating and review to let
others know about the work we're doing. For more from the congressional
watchdog, the U.S. Government Accountability Office, visit us at
GAO.gov.