Hmm, why do you think they couldn't prevent $50mm? I'd expect that to be the easiest number to to maximize. Take out a ransomware crew, and you prevent all their crimes for the next years, as long as you keep them offline; get the encryption keys, and you've undone every ransom demand still standing. Just busting them in a way that their are either denied bail or have conditions placed on them so they cannot use any computing device, and you've taken them offline (and sufficient monitoring will probably jail them soon when they go back online under bail conditions.
Definitely agree that successfully prosecute is harder than ID perps...
But you don't think there's enough scammers based in the US/Canada/EU to chase? Back to the Zelle scams as we started with, and an awful lot of scams that require cash mules, seem pretty trackable if someone puts in the effort, especially when people can drop the evidence at their doorstep.
Yes, there are. But none that would be addressable in any reasonable way by your above-hypothesized team of 10 cybersecurity experts. Any significant wire fraud operations are going to interesting to the FBI and something that is in their jurisdiction anyway.
What’s left would be cases like “I bought this iPhone off eBay and got mailed a brick”. If it was taking your team any longer than literally 10 minutes per successful recovery on average, you’d be better off just using that taxpayer money to reimburse victims directly. It just doesn’t make sense to throw 250/hr labor at a $500 problem.
The guy who mails out bricks instead of iPhones probably does that every day, so if you stop him, you're not just solving a $500 problem, you're solving a $500 a day problem, which is a $180k/year problem.
>> 3. this could be addressed with regular police work
The phrase "could be" is doing a lot of work there. Yes, all of these crimes could be — and I would argue SHOULD be — addressed by regular (presuming local or state) police work. Sadly, it is not.
Similar to rampant bicycle theft. It definitely could and should be addressed by local cops, but is largely ignored, and ignored even when people bring them real-time tracking of the bicycle. And you're not supposed to go vigilante and get it yourself (partly due to risk to you).
For #2, $50 million, that seems like a lot of crime. But let's take the mailing a brick for an iPhone example. Each one is roughly $1000. So we need 50,000 bricks per year. That's 137 per day. Way too much for one criminal. But with 250 criminals, they only need to send a brick every couple of days. And our cop team needs to average only a single capture per day to stop $50million of crime in a year.
Jurisdiction, yeah, they'd probably need national jurisdiction, since there are probably few crimes where the criminal and crime are in the same town (other than the FB market/Craigslist criminals). So, deputized by the FBI is probably best.
So, not unreasonable to search for a solution that actually works.
> The phrase "could be" is doing a lot of work there. Yes, all of these crimes could be — and I would argue SHOULD be — addressed by regular (presuming local or state) police work. Sadly, it is not.
I agree that it is not. I am saying that you don't need a team of 10 cybersecurity expertise to show that someone mailed bricks or stole their cousins venmo money. Ten traditional detectives would be cheaper and a better fit.
Any technically sophisticated scams that would require a team of cybersecurity experts are likely already at the scale and scope that the FBI already does address them.
The intersection -- a technically sophisticated scam that is a small dollar amount -- isn't a problem that exists.
The reason that large cities don't spend much time on small dollar crimes is because they have bigger stuff to worry about. Yes, there's definitely people selling stolen phones on my local Craigslist, but there's also people stealing checks out of mailboxes and washing them to steal $50,000+. It makes sense to address the latter first.
Ok, so you're saying that much of it is within the scope of regular detectives with appropriate training? If so, I'm inclined to agree -- no sense applying over-the-top expertise when not needed.
Actually, chatting about it, it seems like the ordinary L1/L2/L3 service teams approach could work well. Ordinary up-trained detectives on most cases, when they hit something more complicated, call in the L2 guys/gals, and when it goes over their skillset/toolset, call in the L3 team, etc...
However it gets done, it certainly seems that we need something more than we've got.
Definitely agree that successfully prosecute is harder than ID perps...