The truth about cyber-crime

There are some terms that are thrown around so much that the actual meaning is sometimes forgotten. The term computer virus is very old, and if you think about it, it’s not the most accurate of phrases to describe what we now understand a malicious piece of code to be.

Does it act like a biological virus? Perhaps the analogy held more weight in the mid-nineties, when self replicating programmes would very obviously make a computer ‘ill’ in the sense that it would stop working and ‘infect’ others that came into connected contact with it. And much like a virus, it didn’t really have any purpose other than to reproduce itself.

These days the dangers we’re warned about are far less overt. Unlike viruses, most of today’s malicious programmes are symptomless (any programme created to cause harm will be designed to be as undetectable as possible) and they now have a mission statement above self-replication – usually to gather information about the host and send it back to the creator. It’s just an example – but it highlights a wider issue.

As an industry we are generally very good at warning the wider world that there is a danger presented by malware (itself a term which is unlikely to be very transparent to the layman), and indeed reminding people that it’s just another form of crime. But unlike other forms of crime, we rarely see a discussion as to who the perpetrators are, why they do it, if the problem is getting worse, and if we are doing enough to stop it.

UNDERGROUND ECONOMY

The common misconception regarding the roots of these programmes is probably that virus and malware come from a mischievous teenager acting alone in a basement somewhere. This was probably something close to the
truth 15 years ago, however organisations tasked with tracking and combating malware liken the perpetrators to something more like a professional crime ring –a tier system, with programmers, distributors, card fraud
specialists and money launderers all working as part of a balanced underground economy. It sounds like something out of a mafia report. The key difference is that unlike a tightly knit real life crime ring, those involved in cyber-crime usually never know or even communicate in any real sense with who they are collaborating with.

“There is, without question, an underground malware economy,” says Roger Thompson, chief research officer at AVG. “The processes used to develop malware are interesting to track, with our research uncovering several groups building and selling exploit kits, just like legitimate software development shops. These kits allow unskilled webmasters to launch online attacks, just by installing some pre-packaged software. These threats are fairly easy to detect, because they are the same every time. However, they do work and are effective on computers that are not adequately protected.”

David Harley, director of malware intelligence at ESET adds: “Much of it is negotiation between freelancers, but cooperation often roughly mirrors free economy models. In general the top tier ‘service provider’ either rents access to a botnet to a ‘customer’ or stages attacks for them in return for a fee.”

We’re often told of the dangers of identity theft, in ‘real’ terms and online. While it’s well known an unprotected PC can easily become subjected to a Trojan stealing the info, the processes of turning that information into hard cash are becoming increasingly sophisticated. “The ultimate goal of cyber- criminals is to profit from their
malware,” says Petter Lautin, managing director, Panda Security UK and Ireland. “While Trojans are adept at
stealing information, this stolen information must still be turned into hard cash and cyber-criminals must find innovative methods to accomplish this. Enter fake antivirus programs.

These applications pass themselves off as antivirus products, and claim to detect hundreds of threats on their victims’ computers. When users try to eliminate the threats with the application, they are then asked to purchase a corresponding licence. Users, naturally worried about the supposed infection, will often buy the licence. Oncethey have handed over the money, they will no longer hear from the ‘vendors’ and the fake antivirus will remain on their computers, for possible later use, such as false renewal charges.”

It’s notoriously difficult to track down an actual perpetrator at any of these levels, since the anonymity of the web makes it very easy to hide your tracks if you know what you’re doing. Since there is no real central authority, and those tracking it are corporations working independently, there is also some disparity as to where the main threats originate geographically – however China, Eastern Europe, Latin America and the United States are frequently mentioned in security reports.

CYBER-TERRORISM

While there seems to be a consensus on the existence of sophisticated criminal organisations working behind malware, security firms are divided as to whether entire states and governments are orchestrating activities of this kind, though there have been rumours. “It is difficult to give a yes or no answer since this is usually state classified information and very few have access to it. Still, for the rumours and speculations, probably the best examples are to be sought in the last year’s conflict in the Republic of Georgia, and last month’s alleged attacks on Twitter and Facebook,” states Bit Defender country manager Nick Billington.

With the lack of any substantial evidence, one retort to these rumours is that often individuals can act in nationalistic, but isolated, ways – much like standard terrorism –which provides a possible explanation for the
activity monitored during the conflict between Russia and Georgia. What is taken more seriously, however, is state defence against these sorts of attacks.

Western authorities and governments in particular are increasing their defence and intelligence towards these – in this respect the IT industry is crucial to keeping important mainframes protected and officials educated. Experts are divided as to the existence of ‘cyber terrorism’, but it’s certainly something governments are increasingly looking into. “It’s clear from recent comments by the UK Government and others that governments are becoming aware of the potential risk to national systems from a cyber attack, and they’re clearly looking at ways of defending against possible attacks,” says David Emm, Security Researcher at Kaspersky.

FUTURE SHOCK

Most experts agree that in the future malware will continue to get more sophisticated and nefarious. Things like fake anti-virus software and businesses will rise, while older types of malware, such as worms and Trojans, will continue to evolve and get better at staying undetected.

Meanwhile, older viruses and worms will be resurrected, as they will find it easier to get under the radar of security software looking for more advanced threats. As computer usage grows in emerging markets, and as developed economies increasingly see houses with multiple computers, as well as smartphones and umpteen other connected devices, it would seem logical to suggest that there will be more opportunities for cyber- criminals, despite increasingly powerful protection. Some have suggested an effective way of combating future threats would be a greater degree of collaboration between security companies, as well as governments and police organisations.

“Changes in the current threat landscape – such as the increasing complexity and sophistication of attacks, the evolution of attackers and attack patterns, and malicious activities being pushed to emerging countries – show not just the benefits of, but also the need for increased cooperation among security companies, governments, academics, and other organisations and individuals to combat these changes,” says Kevin Hogan, senior manager at Symantec Security Response.

We may be some way off from a more formal degree of cooperation between security firms, since they’re nature is entrenched in rivalry. However, a drive towards tighter cohesion between the IT industry as a whole and government, police and wider industry would seem to be beneficial to tackling the security threats of the future.