The last couple of years have seen a dramatic rise in the number and quality of malware-as-a-service and hacking-as-a-service providers, with many of them advertising their services on the Web. And while law enforcement officials are well aware of the problem, they’re not having much luck in finding or prosecuting the criminals behind the schemes.
One of the more prevalent of these services is one that offers customers an email hacking service. For a small fee, hackers will compromise a victim’s email account and hand over the password to the paying customer. As The Washington Post reports, finding the hackers who are providing the service is often an exercise in futility.
Federal law prohibits hacking into e-mail, but without further illegal activity, it’s only a misdemeanor, noted Orin Kerr, a law professor at George Washington University and a former trial attorney in the Justice Department’s computer crime section.
“The feds usually don’t have the resources to investigate and prosecute misdemeanors,” Kerr said. “And part of the reason is that normally it’s hard to know when an account has been compromised, because e-mail snooping doesn’t leave a trace.”
This is the same problem that has been facing the law enforcement and prosecutors for decades. Even in cases in which police can identify the actors involved in an attack, gathering enough evidence for a successful prosecution can be a major challenge. These kinds of services are on the rise for good reason: the ease of setting them up and of hacking email accounts. Those two factors haven’t changed over the years and are unlikely to change anytime soon.