This week, U.S. Attorney General, John Ashcroft, recounted the successful efforts of "Operation Web Snare" which was undertaken starting June 1^st, in curtailing the efforts of more than 150 cyber criminals. The operation's main focus was on phishing, which is the use of e-mails and Web sites resembling those of legitimate organizations to commit identity theft and fraud. Some of the hardest hit organizations are financial institutions and e-businesses like eBay, Amazon and countless others.

"Operation Web Snare shows that America's justice community is seeking to anticipate, out think and adapt to new trends in Internet crime," said Ashcroft. "This effort shows how effective law enforcement can be against online crime when all levels of government –domestically and internationally – work together." But, does it really show an effectiveness or does it merely illustrate the overwhelming and still losing battle that lies within protecting privacy and eliminating fraud?

Dr. Larry Ponemon, founder of The Ponemon Institute--a privacy initiatives leader, said in response to the arrest, "I congratulate the excellent efforts of Justice, FTC and U.S. Postal Service on arresting over 100 cyber criminals in the United States and abroad. My concern is that the wide scale law enforcement efforts resulted in a very small catch. Based on recent research, there are a growing number of serious crimes being perpetrated by sophisticated criminals using enabling technologies that make it almost impossible to detect or prevent illegal acts. The cost of detecting and prosecuting cyber criminals is just too high using normal investigative tactics. The most successful cyber criminals, who mostly operate from overseas locations, are making millions of dollars each day by scamming Americans on the Internet. Given the high stakes involved, I am not optimistic that our system of justice will be effective at stopping the truly bad guys."

While even the successful efforts of arresting even one phisher should be recognized, the statistics cited during Attorney General Ashcroft’s conference should give great pause to those who believe a judicious effort will eradicate phishing. As cited at the press announcement, "Investigators identified more than 150,000 victims with estimated losses of more than $215 million." That is a startling number in comparison to the arrest of a diminutive 150 individuals. And it's all the more startling when the Justice Dept. itself identified this effort as a "combined initiative" involving coordination of "36 U.S. Attorneys' offices nationwide, the Criminal Division of the Dept. of Justice, 37 of the FBI's 56 field divisions, 13 of the Postal Inspection Service's 18 field divisions, the FTC, together with a variety of other federal, state, local and foreign law enforcement agencies."

In the first six months, detailed in a report released in June, the Anti-Phishing Working Group, which monitors and studies Internet scams, cited that the number of unique phishing attacks increased by more than 800% -- from 176 in January, 2004 to 1,422 in June, 2004. At the news conference Ashcroft said, "The common thread here is the Internet. We do not believe the Internet to be off-base for law enforcement. We will be there with as much intensity and presence as we can muster." But the much larger issue is that the phishers number in the thousands, maybe more. They're sharks when it comes to stealing identity. While the fishers of the phishers are netting just a few, there's many more circling the e-commerce waters.