During a session which heard warnings that the war against cyber crime was in danger of being lost, members were told that computer emergency response teams from the finance industry were moving to find an answer to one of security experts' key complaints: that national law enforcement agencies refuse to investigate cyber criminals when the value of their thefts is below a certain threshold.
Foy Shiver Deputy Secretary-General of the Anti-Phishing Working Group, announced that a forum was being established which would allow different teams to pool and analyse intelligence from individual attacks so that disparate crimes by the same criminal gangs could be aggregated and presented to law enforcers in a single body of evidence.
Mr Shiver said: "There are issues like privacy which will need to be sorted out, but we're confident we can resolve them." Delegates had complained that, particularly in commercial enterprises, it was hard to sustain a business case for security teams if law enforcers failed to follow up evidence - one said that in his territory, police wouldn't investigate a cyber crime that had a haul of less than $50,000.
FIRST's law enforcement special interest group decided to launch a website to provide both sides with useful and instructional materials. Opening the session, Chris Painter, of the US Department of Justice, who chairs the G8 High Tech Crime Group, said that Internet crime gangs were increasingly more organised, and often masterminded their operations simultaneously in different countries.
John Pignataro, director of Security Incident Response Team Investigations at Citigroup reported that the number of new phishing sites encountered by his bank had quadrupled in five years from 15 each week to nearer 60, and Tom Mullen, Head of Investigations for BT, the British telecommunications giant, revealed a 35 per cent per annum increase in reported incidents over four years.
Levi Gundert, who moved from working for the US Secret Service in Los Angeles to join Team Cymru, the Internet security research firm, called for collaboration between law enforcers and security teams to be more structured, and for the two sides to teach and help each other.
"I thought things were bad when I worked for the Secret Service," he said. "But now I am at Team Cymru I understand how bad it really is. We are losing the war against cyber crime badly.
"There is frustration on both sides - on the law enforcers' side, about lack of resources and perceived lack of results, and about information overload, and on the security teams' side, about the information they supply seeming to go into a black hole and the law enforcers not appearing to respond."
Two speakers from the host country - Robert Pitcher of the Canadian Cyber Crime Incident Response Centre, and Dan Howard of the RCMP Integrated Technological Crime Unit - described how collaboration was achieved in Canada.