What keeps a world expert in malware awake at
night?
For Dan Hubbard, vice-president of security research at
Websense, it is the confluence of old and new criminality with the
capability to deliver devastating attacks on critical national
infrastructure.
It is all about costs and benefits, and criminals are no
different from legitimate businesses in this respect, Hubbard said.
"The old criminals are learning from the new ones how to launder
stolen credit cards, and they are learning how little risk they
face of being caught," he said.
The old criminal gangs have a lot of money that they can plough
into
cybercrime, which is potentially much more profitable that
traditional forms of crime and is less risky, he said.
"Wherever there is money, there are people willing to exploit
the prevailing circumstances," Hubbard said. As more companies go
online, there is greater commercial incentive as well as more
opportunity to exploit gaps in the technology and processes, he
said.
Extortion and blackmail have been updated, thanks to
botnets and distributed denial-of-service attacks, Hubbard
said. The possibility of these same attacks being used to target
critical national infrastructure such as energy and water supplies
is deeply worrying, Hubbard said.
"We [in the West] have not yet seen a big attack on
infrastructure of the scale of a 9/11 or Estonia," he said. "But
Estonia is a small country and their network skills are very high.
There is no knowing what could happen here," he said.
He expected the situation to worsen as the elements that control
critical national infrastructure become more connected and
integrated. But there are still a lot of old legacy systems that
are not - and might never be - connected, he said.
So far the US government's response was to play catch-up, he
said. "The government cannot compete on pay. People who join the
FBI and Secret Service get a lot of good case experience and then
leave for double the pay in the private sector," he said. In
addition, there was a "talent problem" caused by commitments to the
Iraq war, he said.
He was optimistic that international co-operation, especially on
criminal cases, was starting to work and to show results. "It is
not frictionless by any means, and the penalties are
disproportinate to the damage attackers cause, but there is
progress."
Hubbard said politicians and lawmakers needed education.
"[Cybercrime] is a complex issue and the level of naivete is very
high," he said.