Today, criminals are making more money from cybercrime than from drug-related crime, according to an adviser to the U.S. Treasury. Think about that. Now that serious money is in the picture, organized crime may pull back from risky drug operations and pour more resources into relatively anonymous Internet crime. You may laugh, but federal authorities around the world are gearing up for more arrests in the near future; they're no longer novices at computer crimes, and they already know how to handle (at least keep a lid on) drug crimes. So how do you think they plan to deal with the war on cybercrime? Why, with interdiction, of course.
The war on cybercrime
Science fiction writer William Gibson first used drug trafficking as an analogy to data theft over the Internet in his Sprawl series of short stories and novels back in the mid-1980s. In his short story "Johnny Mnemonic," the main character is a walking data mule, hired to carry stolen programs in his brain, jostled around by organized crime. As in drug cartels, Johnny's middleman gets cut out (assassinated), leaving Johnny to either fend for himself or be eliminated as well.
 |
Gone are the script kiddies looking to make a name for themselves, replaced by the professional virus writers who'd prefer to make their money anonymously.
 |
|
Today, lurking on various Internet Relay Chats (IRC) are real-life code mercenaries, virus writers working for profit. They might not store data in silicon embedded within their brains, but they do fence stolen data. Gone are the script kiddies looking to make a name for themselves, replaced by the professional virus writers who'd prefer to make their money anonymously.
Trojans, root kits, and botnets--oh, my
We know the people writing these variants take their work very seriously. Early in 2004, there was a gang war around MyDoom, Bagel, and Netsky, with all parties clamoring to stake out and hold turf on the Internet. This past summer, we witnessed another gang war, this time over Trojans, with no fewer than 11 new viruses breaking out within a two-day period. This isn't just ego talking; there's serious money to be had by rounding up and 0wning vulnerable computers worldwide.
Over the last few weeks, I have been writing about the rise in root kits and botnets. Root kits provide a stealthy way to take over your computer, and botnets link compromised computers worldwide together. Botnets are the real prize, giving criminal hackers a platform upon which they can mount very sophisticated attacks, such as distributed denial-of-service attacks or targeted data thefts, then disappear quietly into the ether. Botnets are frequently bought, sold, or bartered over IRC.
|
According to Vincent Weaver, senior director of Symantec Security Response, there are not hundreds of new Trojans appearing these days--there are thousands.
|
|
According to Vincent Weaver, senior director of Symantec Security Response, there are not hundreds of new Trojans appearing these days--there are thousands. You may not know their names, and they're not making the daily news, but they're out there targeting specific businesses for specific reasons. And Weaver tells me that not only are these botnets harvesting credit card numbers and personal data, they're also collecting FedEx shipping account numbers--virtually any account that might have some monetary value.
Drive-by infections are real
How do these new Trojans get on your PC? Overall, there have been fewer computer virus pandemics in 2004 and 2005, yet there have been more viruses--all variants of Sober, Zotob, MyDoom, and Bagle. This trend actually started years ago when we first saw Sobig. Every couple of weeks, there'd be a new version of Sobig, each more powerful than the last. Without the media splash of a new virus infecting the Internet, public awareness of the dangers of computer viruses is again on the decline; because of this, professionals are crafting variants of MyDoom, Sober, and Bagle, hoping that the public will say, "Yeah, yeah, but I'm already protected from Sober, right?" In some cases, current antivirus technology won't automatically block the latest variation; you'll have to wait for a new update from your antivirus vendor (assuming your antivirus app is up-to-date).
And professional criminals are also going directly to the PC without your knowledge. There's a serious JavaScript flaw within Internet Explorer 5.x and 6.x that allows your PC to become infected just by visiting malicious Web sites. Although this flaw was made public May 31, 2005, by security researcher Benjamin Tobias Franz, Microsoft still hasn't patched the flaw. The urgency comes from exploit code that became available last week that allows a remote attacker to take control of your PC.
Will 2006 be the year of cybercrime?
Symantec's Weaver predicts we'll hear of more data thefts, and also of more arrests, during 2006. If anything, authorities know how to trace the money. Now that cybercrimes are being fueled by big money, we should see more arrests than when we had only a lone teenager writing a virus. Look for the identification and eradication of large botnets during 2006, part of a global interdiction effort designed to break black market distribution of illegal "warez." If you cut off the distribution, the bad guys won't make any money.
Security companies such as Symantec have been cooperating with the Department of Homeland Security and other agencies by sharing information gleaned through their customers. Companies such as F-Secure and Trend Micro have also worked with federal authorities around the world to expose individual virus writers and large identity-theft rings. In the coming year, these private/public arrangements will continue to shut down the botnets and otherwise disrupt the orderly flow of illegal online activities.
Yes, but are you helping or hindering?
So, is your computer a drug mule, helping the bad guys do their work? Hopefully not, yet hundreds of thousands of computers worldwide are being used to host and distribute illegal copies of software, movies, music, credit card numbers, and other assets. You can do your part in helping the interdiction effort by making sure your computer isn't part of the problem.
Here are some steps. Make sure your antivirus protection is up-to-date (if your computer came with McAfee VirusScan preinstalled two years ago, chances are you need to update). Employ a personal firewall (preferably a two-way firewall such as ZoneAlarm). Perform a Windows Update or set Windows XP to automatically update your system with new updates. And, until Microsoft issues a patch, turn off Active Scripting within Internet Explorer 5.x and 6.x. You need to do the above steps as a minimum. For extra credit, download Ad-aware or Spybot or Microsoft Antispyware (beta) to remove other sources of malicious code known as spyware.
Finally, safe PCs are also the result of good behavior; if you stay out of the bad side of town, you're less likely to run into trouble. If you surf safe sites, always delete your browser's cache and history files after banking or e-commerce purchases, and if you remember not to open attached files or simply question installation of new software from the Internet, you should be just fine.
Will law enforcement ever get the upper hand on cybercrime? Or is it folly to think so? Talk back to me.
