Law enforcement agencies will no longer have the resources to investigate, or prosecute, all cybercrime. That was the stark warning given by Europol's Troels Oerting, during his opening keynote at Infosecurity Europe 2014.
Instead, agencies need to put more emphasis on disrupting cybercrime. This may mean not investigating some crimes, and accepting a degree of loss. Police force cybercrime units, and other investigators, will be forced to prioritise. "There may be crimes we don't investigate," he said.
The warning comes against a background of growing internet use, and a growing dependence on the internet, in Europe.
According to Oerting, 78% of Europeans are now online, and economies depend on the net for their operations. "We don't produce things on a [factory] conveyor belt now," he said. "We need the internet." But the growing importance of the internet is also increasing the risks. "The attack surface is widening," he warned.
But a move away from manufacturing, to knowledge-based industries, has opened up new avenues for crime.
Oerting pointed out that law enforcement officers divide criminality into two categories: cybercrime, and internet "assisted" crime. Assisted cybercrime includes activities such as financial fraud and theft from banks' ATMs, as well as child abuse images.
Criminals are using the net, and especially the dark net, to communicate, collaborate and sell their wares; they send funds using Bitcoin. It is becoming harder to "follow the money", and even agencies such as the NSA struggle to see inside the dark net, he said.
Cybercrime, for its part, is borderless and leaves little in the way of a physical evidence trail. "In a physical attack there is a link between the perpetrator and the crime scene, and you can profile the criminals," Oerting told the Infosecurity Europe audience. "But that is not the case with cybercrime."
Cybercrime is becoming increasingly organised and industrialised, Oerting suggested. There is a growing market in exploits and hacks for sale, with groups developing cybercrime technology for use by their own associated criminal groups, or for sale on the open market. "Groups are developing malware so fast, that no protection can keep up," he noted.
When it comes to combatting cybercrime, law enforcement agencies face continued problems with jurisdiction and enforcement. It is not always clear whether the authorities in a jurisdiction can take action against a cyber criminal, and criminal groups are becoming ever more adept at hiding their location and identity, and concealing any electronic trail.
"If no crime originated in your country, how do you make sure you can bring an attacker to justice," asked Oerting. "If we wanted evidence, we would seize things. But in the very, very near future criminals will operate from the cloud, and they will stream their data. How do we then obtain evidence?
"They won't be using a Microsoft or Amazon cloud. Cloud services are being established by criminal entities, and that makes it even harder to attribute any crimes."
But the issue needs to be tackled. "The net is a shared resource, like the high seas, or the air. How do we make sure that the net does not become polluted with so much crime, that people put up borders?"