Rise of the digital mafia

Collaboration key to beating professional e-criminals, says Pete Simpson

New Asset  
Collaboration key to beating professional e-criminals, says Pete Simpson





A frightening online development is the increasing involvement of organised crime groups in internet scams. It represents a significant challenge for corporate IT to defend against as threats - particularly theft of confidential company data and denial of service attacks - are likely to increase in intensity.

Until recently, malign activity on the internet was essentially an amateur affair - still serious, but unco-ordinated and frequently unsophisticated. But now we are witnessing the emergence of long-term and well-funded criminal projects, involving sophisticated, co-ordinated multi-stage attacks using spam, worms, Trojans, spyware and proxies. It is questionable whether the good guys - cybercrime authorities such as the National Hi-Tech Crime Unit - have the resources, the organisation and the expertise to counter this emerging threat.

Particularly with denial of service attacks, larger enterprises are the most popular targets, though they generally have the resources to defend against the threat. Although targetted less often, it is smaller businesses that are perhaps in more danger due to their lack of resources. And since criminal organisations have a history of exploiting the softest targets, denial of service extortion rackets against ordinary firms are likely. This would be nothing different in principle to traditional Mafia tactics seen in the back streets of Naples.

Changing threat

The threat changed in 2003 because criminals, for the first time, were able to integrate and deploy tools from three formerly discrete skill sets - hacking, virus writing and spamming - on a global basis, confuse their victims and, for a time at least, slip under the net of countermeasures. And although organised crime did not account for all of the Bagle, Netsky, MyDoom and other virus variants on the internet, much of the activity was related to extortion schemes.

In mid-2003, the mass mailing worm Sobig.F generated massive amounts of spam around the world. This was the sixth version of Sobig in 2003, all released in a complex, multi-stage experiment to subvert tens of thousands of PCs for criminal purposes. And all originated from criminals in Eastern Europe.

The end game was the creation of an army of hidden proxy computers - so called "spam zombies" - from which to relay malicious spam by luring unwary users to open an attachment on an innocent-looking e-mail.

As an important sideline, it also monitored Internet Explorer pages containing text such as "account access" or "bank". If found, it activated a key stroke logger to steal user names and passwords. This happened to both home and business users, since many users conduct financial transactions via webmail at work or at home with a corporate laptop. In fact, some of the compromising of corporate systems has almost certainly come from this type of activity.

Phishing scams

Organised crime has also been responsible for many of the phishing scams that have targeted banks in the US, UK and Australia. According to analyst firm Gartner, 57 million Americans think they have received a phishing

e-mail. And more than 1.4 million users have suffered from identity theft fraud, costing banks and card issuers £650m in direct losses in the past year.

The criminals will continue with identity theft, robbery from internet banks and online protection rackets because it is too lucrative to stop. And clever cybercriminals operating through a complex chain of proxies can conceal their point of origin. The environment for the emergence of a superworm capable of infecting all vulnerable hosts on the internet in minutes, may be being set now.

To defeat the threat from the digital mafia - which is growing rapidly in scale and scope - will require all of us to take measures that go beyond simply protecting ourselves.

This type of co-ordinated activity represents a major challenge. Some suggest that radical regulatory measures are the only option. Whichever way we go, it is clear that beating the cybercriminals will require a lot more collaboration among law enforcement, anti-virus researchers, ISPs and others than has been evident so far. Unless we see more of it, we could all be paying a far higher cost in future.

Pete Simpson is ThreatLab manager at web security group Clearswift

E-commerce: boom or bust? >>

Read more on IT risk management