Where do we start in defending ourselves against the
ever growing internet scams, asks Simon Moores
Anything is possible on the internet. In this case the
NHTCU have, with the help of the Russian Federation police,
"bagged" 10 of the bad guys who have been attempting to extort
money from online sports books, the online equivalent of the high
street bookmaker.
These hackers have been plaguing British bookies since October
2003 by attacking their websites before major sporting events, such
as the Cheltenham Festival, the Grand National and the Six
Nations.
Illustrating the power of distributed denial-of-service attacks
(DDOS), the Russian gang were reportedly demanding payments of up
to $40,000 (£21,000) to go away. But such is the growing popularity
of computer crime in the old Soviet Union, one can bet that for
every gang that succeeds or ends up doing time in the Siberian
Gulag, several more will spring up to take their place.
It’s just as bad in Nigeria with any attempt to halt the tide of
419 (advance fee) scams from bogus businessmen and dictators who
claim that they would like to borrow your bank account because you
are a trustworthy person.
A major attempt by the Dutch police to clamp down on the fraud
collapsed in court this month with the defendants walking free and
in Nigerian capital Abuja, the trial of three people, all accused
of 86 counts of defrauding an employee of a Brazilian bank of $242m
also collapsed after the judge said he had "no jurisdiction to hear
it".
That said, I did find myself speaking with two leading
international police officers this month, who both winced when I
mentioned Nigeria and the problem of 419 scams.
It appears that nobody has ever been convicted for this kind of
fraud and the most successful of the con men all cluster around a
well-known private lake development in the country which is named
after them, allegedly.
So there’s the problem. Each nationality appears to have its own
style or favourite scam on the internet. The police hardly need to
look at the IP addresses, they can take an educated guess and catch
an EasyJet flight to the capital of the most likely country and
hope that their government has some legislative framework for
dealing with computer crime as it is described and defined by the
Council of Europe Cybercrime Convention.
Until not so long ago, robbing the British of "Danegeld" on the
present scale involved wearing a horned-helmet, having a small boat
or perhaps an army and at least some kind of physical presence.
Today, however, looting and pillaging is an armchair sport with
a minimal risk, with a cheap personal computer acting as a force
multiplier that the Vikings could never have dreamed of.
Unfortunately, no country that I’m aware of has sufficient
resources to do more than fight the fires as they break out. As an
example, Interpol has three officers tasked with its computer crime
remit in Europe, Africa and the Middle East.
Computer crime pays and it pay very well indeed for the
organised criminal gangs that are busy buying-up properties across
Europe and exotic locations such as Dubai.
All business, in particular bookies, can do is adopt an
expensive defensive posture and wait for the next attack but with
Spamhaus telling me that thanks to Trojan viruses as many as 50,000
new proxies are appearing each week.
How, I wonder, do we even attempt to defend ourselves against
denial-of-service attacks and the other new and highly effective
weapons that make up the new digital arsenal of organised
crime? It’s not a question of whether we can win but more of a
question of where do we start?
Setting the world to rights with the collected thoughts and
opinions of leading industry analyst Dr Simon Moores of
Zentelligence.
Acting globally, Zentelligence (Research) advises
governments, suppliers, business and the media on the evolution,
application and delivery of leading-edge technologies and
specialises in the areas of eGovernment and information
security.
For further information on Zentelligence and its research,
presentation and analyst services visitwww.zentelligence.com