I believe that we in law enforcement are in the midst of a cybercrime crisis. With the global economy estimated to lose upward of $10.5 trillion in 2025, there is no other area of criminality as fast-spreading and far-reaching (see tinyurl.com/2fb4csj2). Here in the U.S., the FBI’s Internet Crime Complaint Center (IC3.gov) fielded its largest number of complaints ever in 2023 and is projected to surpass over one million complaints for 2024 (see tinyurl.com/bdertc6y). While the statistics are certainly profuse and harrowing, what is even more shocking is the response many local law enforcement agencies have adopted: “There’s nothing we can do.” Not only has this disenfranchised victims and emboldened criminals, but it has created a precedent that cybercrime is more of a nuisance than a crime.

Many police departments have adopted a laissez-faire response to cybercrime — typically with a nexus to fraud — because they believe these cases will ultimately lead them out of the jurisdiction or even to a foreign country. I vehemently disagree with this mentality. For many victims, the experience is deeply embarrassing, and they often do not know what to do. Their initial interactions with law enforcement are extremely important, and being told to seek help elsewhere can lead them feeling hopeless or angry. Every police department in this country is capable of fielding a report from a cybercrime victim. But how these cases progress is where the conundrum arises.

Most people’s views on criminal justice are monolithic. For us in law enforcement, the ultimate goal is to hold an individual, or individuals, accountable for their crimes and to seek justice for victims. The typical scenario would be: a crime occurs, the crime is investigated, a suspect is identified and arrested. For cases involving cybercrime, however, this is not the status quo. This presents the philosophical debate of disruption versus prosecution, where the ability to disrupt criminal activity can outweigh the likelihood of criminally charging an individual or individuals.

Here’s a scenario: A victim reports they were deceived by a cryptocurrency investment website and has lost close to $50,000. You are able to identify the site and have it taken offline, and you also recover a portion of the victim’s purloined funds in the course of the investigation. While this may not ultimately lead to an arrest, you were able to disrupt a criminal operation and provide some renumeration for your victim.

I would be remiss if I didn’t acknowledge the lack of prioritization these types of cases receive from local police departments — or the reluctance to send personnel for proper training to handle them. Approximately 40 years ago, President Ronald Regan declared the “war on drugs,” which consequently led many states to introduce directives requiring local departments to have dedicated narcotics investigators. The question I propose is this: why can’t that approach transcend to cybercrime?

Many local police departments equate “cyber” or “computer crimes” solely with child exploitation. The training provided by Fox Valley Technical College under the auspices of Internet Crimes Against Children (ICAC) is federally funded and available only to those assigned to their local ICAC Task Force. However, many of the investigative techniques taught in these trainings are not exclusive to ICAC investigations. Specifically, Open Source Intelligence (OSINT) exploitation and cryptocurrency and blockchain analytics are universally applicable to cybercrime investigations. At a minimum, why can’t local police departments have dedicated cybercrime investigative personnel (possibly sharing collateral ICAC duties), similar to how they assign dedicated narcotics personnel? This idea is not very far-fetched, considering the ICAC personnel are already assigned!

Erin West, a former Santa Clara DA prosecutor, has been one of the most proactive and vocal advocates for victims of these often-dismissed and unheard-of crimes. Her formation of Operation Shamrock is reminiscent of the creation of the National Center for Missing and Exploited Children (NCMEC) in the 1980s. Today, NCMEC disseminates actionable intelligence and leads to ICAC task forces and other federal partners. Is it really such a pipedream to believe we could be on the advent of something similar for cybercrime-related cases? The framework is already there!

While the term “cybercrime” is often ambiguous and a catch-all term, most victims are reporting crimes that fall under the fraud category. It is important that local departments avoid treating victims with a dismissive “should have known better” attitude. Properly documenting website URLs, cryptocurrency wallet addresses and phone numbers (often associated with messaging apps like WhatsApp, Telegram or Signal) is a critical first step in investigating these cases. Training patrol or responding officers to gather this information is the cornerstone of furthering these investigations.

While having a dedicated “cyber” investigator may not be something possible for local departments, assigning an investigator with the collateral duties to handle these cases and ensuring they are trained is not far-fetched. In 2020, the U.S. Secret Service announced the establishment of Cyber Fraud Task Forces to create a collaboration between law enforcement and the private sector, helping to mitigate the threat of cybercrime within communities. To reiterate, the framework for an investigative pipeline similar to ICAC task forces has already been established.

In closing, I challenge you to find me a faster-growing, far-reaching and economically impactful area of criminality than cybercrime. With that being said, the paradigm shift is needed in the way local police departments field and investigate these cases. Believing that only federal partners can appropriately handle cybercrime cases is undeniably part of the problem.