Thought for the day: Daylight robbery

The internet is already dominated by spammers and organised crime - how long before it becomes unviable for business use, asks...


The internet is already dominated by spammers and organised crime - how long before it becomes unviable for business use, asks Simon Moores




“We was robbed”, and it’s not football I’m referring to.

There are no penalties in cyberspace. Just ask AOL which, having lost 92 million e-mail accounts to the spammers, is doing its very best to assure customers that, as ever, security remains at the very top of the company’s priorities.

In fact, it is hard to blame AOL when something like this happens. Back in the earliest days of the world wide web, when Netscape version 1.0 reigned supreme and Microsoft’s Internet Explorer was a small joke, I was the director of an ISP. I had a call from the police one morning, telling me that the entire subscriber database, with passwords, was sitting-up in a popular hacker newsgroup.

At the time, we did not realise how pathetically vulnerable the technology of the internet was. Many of us at the beginning of the online revolution were at the mercy of a small team of "expert" system administrators who frequently resembled refugees from a ZZ-Top concert. Security was often secondary to building a network organically and fast enough to keep up with customer demand.

This month, I spoke at a MessageLabs Security Forum alongside Spamhaus’ Steve Linford and MessageLabs' chief technical officer, Mark Sunner. My job was to talk about information security as a board level responsibility while Mark and Steve presented a double-act on the size of the security problem now facing society.

That problem appears to be unstoppable in that since legislation, against spam in particular, was introduced on both sides of the Atlantic, more spammers and more unsolicited traffic have been the consequence. Seventy per cent of all traffic flowing over the internet now is garbage.

Of course, it will never reach 100% because there’s still room for legitimate e-mail out there but, as more end users appear online - such as 100 million new arrivals from the South China coast - the internet’s storage and our own security is going to have to keep pace.

What encouraged the theft of the AOL list is that spam is big business. Linford points out that "spam supermarkets" are a regular feature of modern cyberspace, where the bad guys go to trade information and addresses.

Since the interests of organised crime, virus authors and the spammers started to coincide most, if not all viruses and worms that now reach our filters carry "Rats" - remote access Trojans - that allow a victim’s PC to be taken over by remote control. This leads to 50,000 new zombies appearing each week, which are in turn traded in these supermarkets as potential open proxies for the spammers or as hosts for everything from paedophile images, DDoS attacks to phishing scams.

Computer crime is a lucrative business, with very few risks and penalties. The bad guys in question are invariably a mix of leading Boca Raton spammers with their servers hosted in China, and the Russian Mafia, who can’t find ways of spending the money they are making from e-crime fast enough.

Meanwhile, back on the average user desktop, visiting websites with Internet Explorer is now more dangerous than before.

The most recent alarm involves a report that organised crime has been hacking into well-established and trusted corporate websites and installing exploit code, which in turn installs Rats and keyloggers into the unsuspecting visitors' PCs, leveraging a known vulnerability in Microsoft’s Internet Explorer to create even more compromised PCs and larger "Bot nets".

At what point, I wonder, does society reach a critical mass, a pain point where we concede that 15% or 25% of the earth’s PCs owned by spammers or criminal gangs makes the internet unviable as a commercial proposition.

My own guess is that in the UK, with four million people connected to broadband, we may have as many as half a million PCs infected at any time - maybe more but hardly less. Who’s in charge of the internet, I wonder? The answer, I suspect, is the Russian mafia.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of e-government and information security .

For further information on Zentelligence and its research, presentation and analyst services visit

Read more on IT risk management