Cyber crime gets organised
International Internet fraud is now so sophisticated that we need an Internet Interpol, writes Toby Shapshak
The world needs a kind of Internet Interpol to combat cyber criminals who have usurped the global communications network for their nefarious activities, says an expert.It's grown to become a flourishing industry with international syndicates, just like the Mafia
The world needs a kind of Internet Interpol to combat cyber criminals who have usurped the global communications network for their nefarious activities, says an expert.
Such criminals have matured into a kind of organised crime network, much like the American Mafia did in the 1930s, which operates across international borders.
Internet users have been swamped in recent years by waves of malicious software (known as "malware") that originally just wreaked havoc as a demonstration of the hacker's prowess, but has since evolved into a network of vast underground criminal syndicates bent on financial gain.
The world of viruses, spam, Trojans, worms and other malware has grown in complexity and sophistication - and the relative ease with which computers are infected with them is startling, not only for how bad things are, but for how much worse they can become.
"Cyber crime has come to the organised stage," saids Eugene Kaspersky, CEO of Moscow security software company Kaspersky Labs.
In the past, there were just individuals, then loose groups formed. "Now it's like an industry," he told The Timesat an Internet security conference in Moscow last week. Different groups specialise in different criminal activities, much like any other industry in its area of expertise.
Some develop malware, others distribute it.
Some groups even have web pages and offer technical support - all in a very underground, restricted way.
"Recently, there was a partner conference in Moscow of Russian cyber criminals," Kaspersky said.
"Like a modern-day Mafia?" I ask. "Yes. My fear is that they are getting more organised."
Last year there was unprecedented malware activity, a lot of it caused by the Conficker virus, which took its instructions from tens of thousands of websites.
It's a fascinating story of innovation and lateral thinking that would be a Harvard Business School case study if it were not for such malicious purposes.
It infected something like seven million computer systems and was able to replicate and update itself using clever commands from fake websites, which themselves evaded being shut down by using equally ingenious methods.
(For more, see this brilliant piece in New Scientist that reads like the outlandish plot of a Hollywood movie, but infinitely more worrying than Die Hard: 4.0.1.7. http://bit.ly/confickerns).
And it's getting worse. Kaspersky Labs said that between 1992 and 2007 it detected about twomillion unique malware programs. But in 2008 alone it found 15million, and last year it detected about 33.9million unique malicious files.
Kaspersky Labs said one in 150 websites is spreading malware. Websites use a range of scripts to make it possible to display themselves, and the browsers that render them are highly complex software filled with exploitable security loopholes.
Viruses typically no longer incapacitate computers but use them as zombie machines, often part of larger networks of such robot machines, called botnets.
"Internet fraud is getting more sophisticated and it started in Russian," said Alexander Gostev, director of Kaspersky's global research and analysis team.
Amazingly, a new form of malware is fake antivirus software that, he said, the FBI estimated had raked in $150-million (R1.138-billion) last year. Kaspersky Labs has monitored 300 types of such fake programs.
This year, Gostev warns, the hot new tech products and web services will be the focus of more malware attacks: social media networks, Google Wave, smartphones (including the iPhone and Android handsets) and even Apple's computers and ATM cash dispensers. MTN recently began offering free Kaspersky antivirus for new Nokia and HTC smartphone users.
So how do you beat it?
"I've been saying for many years that we need Internet police to investigate international crime," said Kaspersky.
"A kind of Internet Interpol," I suggest.
National police are often not sharing information with other law enforcement agencies, Kaspersky said. "Now the problem is [that] cyber police are not able to trace the criminals. Because the cyber criminals are based in different countries, we need this 'Internet Interpol'. Police need access to information [about local crimes] to trace their source ."
He's also proposing a digital identity - something that every user would have, which will identify them and allow them the same kinds of digital identification as a real-world passport.
"It's like driving a car without licence plates and without a driving licence. We need to introduce driving licences."
It's a fundamentally good idea, but what about restrictive regimes? I ask.
But he argues that it's inevitable that governments will need verifiable digital identities for its citizens, once they begin offering more sophisticated on-line, or e-government, services.
Either way, malware attacks are going to be worse and the world's police will need to collaborate more to fight these cyber criminals.
No comments:
Post a Comment