Clive: The problem with that article is the last sentence: "The good guys can score victories."
Which means Zeus (or the equivalent) is gone for good? Hardly. Which means the 92 people arrested (out of the 6,000 involved) won't be replaced within days, weeks or months by some other criminal syndicate? Hardly.
Cybercrime is like drug crime - highly profitable - but easier and less risky. It's not going away, or even being "cleaned up" to the point of being even ten or twenty percent of what it is now.
It's going to be more like spam - worse before it gets better. Periodically they knock spam down by a significant percentage, but it usually manages to climb back up. Lately I've read they've got it down somewhat from the ninety percent or more of email traffic it used to be.
Cybercrime is going to be like that - eventually it will affect far more than the few percent of people it affects now (leaving out malware per se which afflicts a much higher percentage of consumers.) It may start to afflict ten, twenty, even fifty percent of people before governments can increase the penalties and fund more police efforts and get international cooperation.
And even with the latter, look at the drug industry. Not even remotely going away.
Neither will cybercrime.
Let's look at your four solutions:
"1. Remove the profit from the crime."
In black markets, the way to do that is remove the illegality. That's the ONLY way. But it doesn't apply to cybercrime because cybercrime is not a "black market" in the technical sense.
"2. Stop the money being moved/laundered"
This is a temporary fix and band-aid. If the money has to be shoved in duffel bags and lugged across borders by REAL mules, it will get moved. You can only make it slightly more inconvenient than a wire transfer.
And the only reason it's being moved currently is to keep it from being traced easily. Therefore it has to be converted into cash or the equivalent. To do that, it has to be moved from the source to another location where it can 1) stored in an account which can be shielded from LE in another jurisdiction, or 2) withdrawn as cash. Otherwise, the criminals would just keep it in a bank in the US or wherever.
It's highly unlikely that cracking down on money movements is going to make the overall business of cybercrime so unprofitable - by raising the costs of doing business - that it ceases to be a problem.
"3. Increase the scope of intel/detection"
This basically means installing a worldwide police state - and even then it's not going to work. Whereas the small groups of terrorists can be affected by enhanced intelligence and police investigations sufficiently to interdict them, precisely because they ARE small, this method has been utterly worthless in large-scale crime like drug dealing. It will be equally worthless in cybercrime.
Not to mention that since cybercrime is being essentially subsidized by the ease of access to the Internet, the only way to increase the scope of intelligence gathering is basically to slaughter the privacy of everyone. Which is precisely what the "ISPs need to police their customers" notion leads to - especially if its mandated by the government.
And this is leaving out the entire area of how cyber-criminals will simply improve their methods of evading detection. The drug dealers are using classified communications equipment and submarines these days... What are cyber-criminals going to do? Sit back and let the FBI trace their IP?
The article quotes a forensics guy as saying he's not impressed by their technical skill. But he also says, "They get the job done." That will only prove more true even if you expand the FBI cyber-crime force by a factor of one hundred. They will never match the hundreds of thousands of Chinese hackers, let alone the rest of the world.
"4, Prosecute effectively on the intel/detection."
They tried this with crack. Boost the sentence up insanely compared to regular cocaine. Sure, they managed to throw even more hundreds of thousands of black ghetto residents in prison. Didn't stop the drug problem in general.
And prosecuting effectively also means dealing with the counter-forensics problem. Which isn't going to stand still any more than the methods of arrest evasion in the first place.
It's a losing battle and will continue to be so.
Nick P: Sure, getting some major ISPs internationally to cooperate on blocking the relatively fewer downstream criminal ISPs would help things like spam and some aspects of cybercrime.
But it wouldn't make a dent in cybercrime overall.
And you won't be able to do it without major government intervention because there's no incentive for ISPs to police the downstream. They have enough trouble policing themselves and clearing a profit. The ISP business is highly competitive, a commodity market.
It's like asking the phone companies to police who are the drug dealers using their cell phones. Sure, it could be done - just outlaw burner phones and require ID verification before anyone activates a new phone service. Then monitor all telecom like the NSA likes doing anyway.
And drug dealers will STILL find a way to communicate in code.
All of these solutions are band-aids and hopeless.
There is one way and one way ONLY to "get rid of crime" (or even minimize it). And that is to change the way people - ALL people everywhere - are raised by parents and society. Which means changing societies everywhere. Which means changing human nature.
Good luck with that. Email me when it starts to be effective.
All of which leads directly back to my meme... :-)