Simon Heron – SecureNet

Our recent paper, The State of International Co-operation on Cybercrime, explored what the international community has done, or tried to do, to tackle the cybercrime issue. It’s quite rare to have the opportunity to highlight a great example of international co-operation, but according to V3.co.uk, a hacker responsible for one of the largest botnets ever created has been arrested thanks to an international effort. The arrest comes months after Spanish police arrested three people, alleged to be the ringleaders of the operation.

The Mariposa botnet, which infected some 12 million computers and some HTC mobile devices, also impacted major banks and US Fortune 500 companies. The virus allowed hackers to steal online banking and credit card details, as well as giving them access to other sensitive data.

This further arrest is a good example of what can be done when nations co-ordinate their fight against cybercrime, and it does serve as a warning to other hackers that their business is more risky than they may imagine. However, at the moment the major ‘wins’ in the fight against cybercrime – at an international level – seem to be high profile attacks that target major corporations and financial institutions. Which is somewhat inevitable given the work required to co-ordinate efforts across borders. Somehow, this co-operation has to be encouraged and eased so that the vast number of smaller attacks which are businesses and home users can be dealt with.

The British government recently announced a major re-organisation of law enforcement bodies in England. Changes that will impact the way authorities tackle cybercrime. Whilst it’s true that cybercrime is an international problem, individual Governments need to ensure that they have a strong, coherent cybercrime strategy and taskforce in place to tackle the rising threat that internet fraudsters represent to homes and businesses.

Our July internet threat statistics, which have just been published, clearly demonstrate that now is not the time to neglect the fight against cybercrime (something which the recent policing green paper may indicate).  The UK now produces around five per cent of the world’s viruses and spam, coming in fourth place in the top 10 worldwide hotspots. The United States still dominates the charts, producing over 14 per cent of viruses and 11 per cent of spam in the world.

If we compare the most recent statistics to January 2010, a few things become apparent:

-    Brazil, responsible for 15 per cent of the world’s viruses in January, doesn’t feature in the top ten virus producers in July, and produces 2.7 per cent less spam than it did (it’s now responsible for 4.9 per cent).
-    The UK, which was in neither the spam or virus charts in January, is now producing five per cent of the world’s spam and viruses.
-    The US remains a top three virus and spam producer, increasing virus production by 3.4 per cent (to 14.6 per cent) and spam production by 1.4 per cent (to 11.4 per cent).
-    India’s virus production has risen by six per cent (and is now 9.5 per cent) and spam production has risen by two per cent (to 8.7 per cent).

The figures show how dynamic the cybercrime ‘industry’ is. Often comprised of a global network of infected computers, employing people working alone or in small teams, these gangs can operate in a far more fluid way than legitimate organisations and will move their base of operations to less stringent jurisdictions if they feel threatened. This is why there needs to be an international solution to the problem, otherwise it will continue to get worse and we’re likely to see more countries being responsible for less malware as the cyber gangs spread around the world – making it harder for law enforcement to put out the fires.

Recent articles published in the Guardian have revealed that fraudsters are continuing to cold call people, claiming to be a Windows support tech and getting the users to give them remote access to their PCs in the guise of helping them update their systems – as long as the user hands over £185.

This scam has actually been around for quite some time and whilst police may struggle to stop criminals from setting up business under a new name once they have been shut down, the potential victims can take control of the situation by putting the phone down.

It is, however, concerning that people are still willing to not only give a cold caller their card details, but also allow them remote access to their computers. These people are taking huge risks with their personal data, not to mention the potential illegal content that could be installed whilst the machine is under someone else’s control.

It’s not clear where these criminals are getting their call lists from. Comments on a Guardian article reveal that the data could be leaking from other Indian call centres that call people for legitimate reasons. What is clear is that the callers know what they are talking about. They seem to be highly trained technicians and can therefore easily befuddle the less technical-minded computer user into granting unfettered access to their PC and handing over their card details for the privilege.

The easiest way to prevent becoming a victim of this scam is by knowing that you only allow someone you know and trust to have access to your computer, and by putting down that phone on all others.

The Government is right to ask for help in reviewing the Data Protection Act, which undoubtedly needs an overhaul. But is the best way to do this really to survey UK citizens on their views? There may be some people who have in-depth knowledge of the ways that data can be used to carry out identify fraud, or compromise accounts, but surely a more sensible way to go would be to create a panel of experts who could come up with a workable review?

My concern is that, at a time when government has to be seen to be cutting down on quangos, there will be resistance to creating a DPA review panel. But asking the public what do to about the data protection – a complex technical issue about which the majority of informed citizens will probably have only a passing knowledge – seems a step too far in popularist government.

Of course, most people are going to say data protection is A Good Thing. No-one wants their child’s details to be lost or stolen (as we saw today by the ICO’s action against London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council). But understandably, most people (unless they have a real interest in this area) won’t know the multiplicity of ways that data can be used to carry out identity theft, fraud or other criminal activity. If they did, the problem wouldn’t be as serious as it is.

Even people who should be really informed in this area have been caught out. We have seen Yahoo again compromised with Bob Dvorsky (a US senator). This is probably done in the same way as Sarah Palin’s account was compromised, weak password reset questions being just one way of exploiting people.

Let’s hope, then, that those citizens the government chooses to survey are those who are experts in this area, who know that workable solutions are not always straightforward; and even so-called experts don’t always get it right (the Digital Economy bill showed us that).

At the beginning of May, I wrote that the Russian hosting service, PROXIEZ-NET – which was notoriously used by criminal gangs – was taken down by the authorities.

The result was a temporary decline in malware originating from Russia which suggested that this botnet was largely populated by systems in Russian itself though this might have been co-incidence.  However, as predicted, those figures are up to their usual levels again this month. Russia is once again one of the top four virus-producing countries, behind the US, Korea (South Korea in the main), and India.

The lesson from this is that, unfortunately, criminal gangs are not as easy to shut down as the hosting services they use. Shutting down the site will inconvenience the criminals for a short period – but the financial gains to be made in criminal activity online are sufficient that they will find a way of getting back up and running.

Our analysis – which you can see here – also showed that the levels of spam and viruses coming from the UK are still high. In times of economic uncertainty, criminal activity naturally increases. As ever, our advice to all internet users is to be cautious. If a deal seems too good to be true, it probably is.