Cybercrime Forces Local Law Enforcement to Shift FocusCybercrime Forces Local Law Enforcement to Shift Focus

Last November, an Idaho man was sentenced to 10 years in prison for hacking into the computer servers of 19 victims across the United States, stealing personally identifiable information (PII) belonging to more than 132,000 people, and attempting to extort a Florida orthodontist for payment in Bitcoin cryptocurrency, the US Department of Justice said in a release.

The perpetrator, Robert Purbeck, had also purchased access to the computer server belonging to a medical clinic in Griffin, Ga, from a cybersecurity forum and used stolen credentials to remove records containing sensitive personal information such as birth dates and social security numbers for 43,000 individuals. Purbeck had also purchased access to a server belonging to the police department of Newnan, Ga and stolen police reports and other documents, including PII for over 14,000 people.

This case illustrates some of the challenges law enforcement currently faces trying to investigate and arrest criminals in an increasingly digital world where cybercriminals operate across state — and often, national — lines and employ a variety of tools. While the FBI plays a significant role in investigating cybercrime, most of the responsibility often falls to local law enforcement — municipal police departments, county sheriff's offices, and other local agencies. These groups have to determine jurisdiction and secure limited resources while staying on top of the ever-evolving threat landscape.

In 2023, the Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) received 880,418 cybercrime complaints, a nearly 10% increase from 2022. Potential losses exceeded $12.5 billion, up 22% from 2022. While the figures for 2024 are not yet available, the numbers are expected to be even higher.

At the top of the list is a need to evolve beyond place-based policing, says Dr. Chris Moloney, an Instructor at Colorado State University whose research focuses on the digital transformation of public safety agencies. "One of the greatest challenges is that [local] agencies have historically evolved to be place-based, and they've been resourced to deal with physical, tangible crimes, burglaries, robberies, arsons, homicides, all those that show up on TV shows and in the newspapers. But cybercrime is borderless. Your perpetrator could be thousands of miles away, and your victims could be in your small local town that has a police department with 15 employees. That's a fundamental challenge," says Moloney.

In addition to questions of place and jurisdiction, Moloney says local law enforcement also suffers from resource and "capability gaps." Local police departments may struggle to allocate budgets for software that can analyze forensic evidence or hire personnel with expertise in areas like encryption or blockchain.

And prioritizing cybercrime often takes a back seat to the day-to-day issues facing a local community.

“When I want to make sure that my neighborhood's safe, it's a very, very challenging dynamic for leadership to go to the community or to go to their local government and say, ‘We need more money specifically for these technological resources,’" Moloney says.

Public-Private Partnerships are Key

Law enforcement also has to compete with the private sector for talent, Moloney says, which can afford to pay higher salaries to those with cyber skills. However, law enforcement needs to work in partnership with the private sector to investigate and prosecute some kinds of cybercrime. 

“One of the best solutions is a better defense, right? And that's where the private sector comes in in a big way. And that's where education comes in a big way,” he says.

In addition to enhanced partnerships with the private sector, fighting the rise of cybercrime will require finding ways to bring agencies and law enforcement groups together and making cybercrime a priority by providing increased financial and technological resources and staffing.

“We do not have a unified or coherent strategy or set of tactics or solutions that unify how everybody's approaching this issue,” Moloney says. 

"It's a challenging, challenging environment and it's really complicated. How do we navigate all those different issues that are all coming together at the same time and recognize that if you don't do it, it's only going to get worse?"