Collaboration key to beating professional e-criminals, says
Pete Simpson
A frightening online development is the increasing
involvement of organised crime groups in internet scams. It
represents a significant challenge for corporate IT to defend
against as threats - particularly theft of confidential company
data and denial of service attacks - are likely to increase in
intensity.
Until recently, malign activity on the internet was essentially
an amateur affair - still serious, but unco-ordinated and
frequently unsophisticated. But now we are witnessing the emergence
of long-term and well-funded criminal projects, involving
sophisticated, co-ordinated multi-stage attacks using spam, worms,
Trojans, spyware and proxies. It is questionable whether the good
guys - cybercrime authorities such as the National Hi-Tech Crime
Unit - have the resources, the organisation and the expertise to
counter this emerging threat.
Particularly with denial of service attacks, larger enterprises
are the most popular targets, though they generally have the
resources to defend against the threat. Although targetted less
often, it is smaller businesses that are perhaps in more danger due
to their lack of resources. And since criminal organisations have a
history of exploiting the softest targets, denial of service
extortion rackets against ordinary firms are likely. This would be
nothing different in principle to traditional Mafia tactics seen in
the back streets of Naples.
Changing threat
The threat changed in 2003 because criminals, for the first
time, were able to integrate and deploy tools from three formerly
discrete skill sets - hacking, virus writing and spamming - on a
global basis, confuse their victims and, for a time at least, slip
under the net of countermeasures. And although organised crime did
not account for all of the Bagle, Netsky, MyDoom and other virus
variants on the internet, much of the activity was related to
extortion schemes.
In mid-2003, the mass mailing worm Sobig.F generated massive
amounts of spam around the world. This was the sixth version of
Sobig in 2003, all released in a complex, multi-stage experiment to
subvert tens of thousands of PCs for criminal purposes. And all
originated from criminals in Eastern Europe.
The end game was the creation of an army of hidden proxy
computers - so called "spam zombies" - from which to relay
malicious spam by luring unwary users to open an attachment on an
innocent-looking e-mail.
As an important sideline, it also monitored Internet Explorer
pages containing text such as "account access" or "bank". If found,
it activated a key stroke logger to steal user names and passwords.
This happened to both home and business users, since many users
conduct financial transactions via webmail at work or at home with
a corporate laptop. In fact, some of the compromising of corporate
systems has almost certainly come from this type of activity.
Phishing scams
Organised crime has also been responsible for many of the
phishing scams that have targeted banks in the US, UK and
Australia. According to analyst firm Gartner, 57 million Americans
think they have received a phishing
e-mail. And more than 1.4 million users have suffered from
identity theft fraud, costing banks and card issuers £650m in
direct losses in the past year.
The criminals will continue with identity theft, robbery from
internet banks and online protection rackets because it is too
lucrative to stop. And clever cybercriminals operating through a
complex chain of proxies can conceal their point of origin. The
environment for the emergence of a superworm capable of infecting
all vulnerable hosts on the internet in minutes, may be being set
now.
To defeat the threat from the digital mafia - which is growing
rapidly in scale and scope - will require all of us to take
measures that go beyond simply protecting ourselves.
This type of co-ordinated activity represents a major challenge.
Some suggest that radical regulatory measures are the only option.
Whichever way we go, it is clear that beating the cybercriminals
will require a lot more collaboration among law enforcement,
anti-virus researchers, ISPs and others than has been evident so
far. Unless we see more of it, we could all be paying a far higher
cost in future.
Pete Simpson is ThreatLab manager at web security group
Clearswift
E-commerce: boom or bust? >>