Security

Ineffective Law Enforcement, Bad Economy Fueling Cybercrime

Cybercriminals operating worldwide are benefitting from ineffective law enforcement and a growing economic recession that could make jittery people more susceptible to cybercrime scams.

So concludes security firm McAfee in its new report, "Virtual Criminology Report--Cybercrime vs. Cyberlaw." published Tuesday. The report pulls together the opinions of about two dozen legal experts, academic researchers and security-response professionals working as far afield as Britain, continental Europe, the Baltic countries, Brazil, India, Japan, Australia, New Zealand and North America.

"There have been a few cases where cybercriminals have been promptly arrested, but they're usually responsible for the small attacks," says Paulo Lima, a Brazilian lawyer specializing in computer-related crime. "Those responsible for the large operations have never been arrested. The public sector has usually acted in a mitigating manner, attacking the symptom and not the illness -- there is an antiquated system and a completely unprepared law enforcement body."

Lima's sentiment is echoed in Britain, India and elsewhere by those involved in trying to combat a worldwide cybercrime spree that includes phishing, denial-of-service (DoS) extortion rackets, botnets, spam, cyber-espionage and national attacks of a political nature.

"Cybercrime has become a big problem in India this year," says Vijay Mukhi, president of the Foundation of Internet Security and Technology in India. "However, politicians and judges do not understand how to deal with it, and in fact few of them ever use the Internet. Police are reluctant to register cases because they prove too difficult to prosecute."

The view among some in the United Kingdom is only slightly more optimistic. Peter Sommer, a British professor and consultant whose main research field is the reliability of digital evidence, says there's some progress being made in how the U.K. courts address technology-related crimes, but the computer forensics piece of the puzzle is not yet complete. "The Council for Registered Forensics Practitioners scheme to accredit experts is still not yet working," he adds.

Anther problem is talent: In many places around the world, private industry is siphoning the cybercrime fighting talent from government, offering them more money to work in the private sector.

In addition, many worry that the growing economic recession and banking fiscal crisis is being exploited by cybercriminals to prey upon jittery consumers.

"We are seeing rounds of phishing e-mails which purport to be from banks responding to the crisis," says Philip Virgo, secretary general of London-based EURIM, a group whose membership includes high-tech vendors, businesses and British and European legislators focusing on IT policy issues. "We are also seeing a round of phony CV [resume] sites, whose main aim is to collect personal details."

Politics is also an issue. China, Russia and Moldova are often blamed as international sources for all kinds of cybercrime, and the McAfee report takes up the issue of whether there are places around the world where prosecution of cybercrime is thought to be especially lax.

"Criminal behavior is still receiving political cover," says Eugene Spafford, professor of computer sciences at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security in the United States.

One example Spafford cites is the July cyberattack on Web sites protesting the Burmese military regime, in which the government in Myanmar was thought to have had a hand. "In the case of the Myanmar denial-of-service attacks, they took place with local Eastern European and Russian support," he says.

"Russia and China are especially reluctant to cooperate with foreign law enforcement bodies for reputation and intelligence reasons," Spafford adds.

Another contributor to the report, Dmitri Alperovitch, says he believes that Russian's President Vladimir Putin and political influence within the Federal Security Service (Russia's successor to the Soviet KGB) are hampering efforts to prosecute cybercrimes, such as those related to the Storm botnet. Alperovitch is director of intelligence analysis and hosted security at Secure Computing (recently acquired by McAfee).

McAfee  says Russia is the predominant source of the most sophisticated, well-designed malware.

"The vast percentage of 'professional' malware we see today is, frankly, coming out of Russia," acknowledges Dave Marcus, director of security research and communication at McAfee Avert Labs. "We find it on Russian hosting sites and the read-me documents are in Russian."

National concerns about political uses of malware and denial-of-service attacks are growing, according to the McAfee report.

Estonia, which suffered massive and crippling DoS attacks in April 2007, this year established a "top-secret cybersecurity hub," which has been "operational as of August 2008 and backed by NATO and seven EU countries (Estonia, Germany, Italy, Latvia, Lithuania, Slovakia and Spain)," the McAfee report states.

Estonia also is said to have pledged 50,000 Euros to back the Council of Europe Convention on Cybercrime.

But while some countries end up as high-tech crime scapegoats, the report notes, in reality it's very difficult to precisely identify origination points.

"In fact, obfuscation seems to be the name of the game," says Alana Maurushat, acting director of the Cyberspace Law and Policy Centre of the University of New South Wales in Australia. "It is easy to make it appear as if malware or espionage activities are originating from a county other than the original source. There is considerable misdirection as to origin of attacks. Much traffic is misdirected as a decoy. The actual attack may originate in the same city as the target. This is often done with cases of country espionage and corporate espionage."

Those out on the Web front lines say they can only speak about what they witness daily.

"We're getting hacking attempts constantly," says Clay Hill, Web site manager at the libraries division at Mississippi State University, which allows authorized access to research. "And most of it is from China."

Cybercrime toll mounts for business

http://www.networkworld.com/news/2008/092208-cybercrime.html

Council of Europe, ISPs draft anti-cybercrime tactics

http://www.networkworld.com/news/2008/040108-council-of-europe-isps-draft.html

Diary of a Deliberately Spammed Housewife

http://www.networkworld.com/news/2008/070108-mcafee-spam-experiment.html

Subscribe to the Security Watch Newsletter

Comments