Does the Internet Need its Own Police Force?
2008 has been a year of growth in malware, infections, botnets and criminal profits. Recently, some security experts called for the punishment of these criminal activities.
Malware tripled in 2008
In its 'End of Year Data Security Wrap-up for 2008', Finland-based security company F-Secure said their detection count tripled in one year, which means that the total amount of malware accumulated over the previous 21 years increased by 200 per cent in the course of just one year.
Criminal activity for financial gain remains the driver for the massive increase in Internet threats. Today's malware is produced by highly organised criminal gangs using increasingly sophisticated techniques. This year has seen increasing botnet activity around the world.
These remotely controlled networks of infected computers remain a major challenge to the IT security industry because it is their vast computing power that is behind the unprecedented level of spam e-mail and malware distribution.
Roy Ko, a computer security expert based in Hong Kong, has seen an overall decrease in the number of virus incidents and phishing spyware, but an increased number of alerts in the past year. Ko is the manager of Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) at the Hong Kong Productivity Council.
Daniel Eng, a computer forensics expert, said the contemporary public IT security issues include data leakage, misuse of Foxy, potential security issues with Apple's 3G iPhone, the growth of Bonets, the vulnerability in Flash videos called 'Clickjacking' (viewers' computers put under attack upon clicking on flash videos), and anti-forensics tools.
Eng is the secretary of Asia Pacific International High Technology Crime Investigation Association, and the chairperson of Professional Information Security Association. He cautioned the upcoming threat of crimeware-as-a-service (CAAS), where rental service for botnets and spammers are available in the underground online community.
In the next six to nine months, Eng said that data recovery with computer forensics would be in huge demand as litigation increases under the financial tsunami.
Global security issues
Internet security issues made global news in 2008, from the huge rise in the amount of malware produced in the Chinese language during the Beijing Olympics, to attacks on the computer systems of the presidential candidates in the United States.
Three major London hospitals were affected by a computer virus outbreak, while the US department of defense decided to ban the use of USB memory sticks because of the security threat they pose.
In 2008 malware even went into space as an online games password-stealer made its way onto the International Space Station on an infected laptop.
Bringing Internet criminals to justice remains a challenging task but there have been some recent successes. An FBI operation closed down Dark Market, an online marketplace for stolen credit card numbers and illegal Internet services.
Investigative journalistic work led to the demise of McColo Corporation which hosted major botnets, resulting in a temporary fall in the amount of spam e-mail.
On the corporate level, Microsoft has filed lawsuits against the purveyors of rogue security applications attempting to scare Internet users into buying worthless products.
Call for Internetpol
Despite these successes, Internet crime is now more prevalent and more professional than ever before. F-Secure believes that against a background of steeply increasing Internet crime, the obvious inefficiency of the international and national authorities in catching, prosecuting and sentencing Internet criminals is a problem that needs to be solved.
Mikko Hyppönen, chief research officer of F-Secure, called for the establishment of 'Internetpol' to tackle online crime. "The bottom line today is that too few of the perpetrators get punished. As a result, we're sending the wrong message to criminals: here is a way to make lots of money and you will never be caught," he said.