Organized crime armed with botnets


TORONTO – It’s the year of skinny pants, hybrid cars, Facebook – and botnets.

In the world of cyber-crime, the theme of the year is botnets, said James Lewis, director and senior fellow of the technology and public policy program with the Center for Strategic and International Studies in Washington, D.C.

Just a few weeks ago, botnets were responsible for the attacks against government sites in Estonia. Cyber-criminals are organizing these botnets into a weapon in order to steal information, block a service or send spam, said Lewis, who was speaking at a press conference for Monday’s release of the McAfee North America Criminology Report: Organized Crime and the Internet 2007.

And users are unlikely to notice if they have a bot, since bots hide themselves and may even have a legitimate name. Bots can also be reconfigured for instant messaging, which is often allowed through corporate firewalls and across networks.

The report looks at the “professionalization” of theft, fraud and extortion over the Internet. The problem is that it’s difficult for police to collect evidence from other countries, and skillful cyber-criminals are recruiting low-level criminals (often youth) or “cyber-mules” in the target country. A 2006 survey found that almost two-thirds of Canadian businesses had lost income, customers and productivity due to cyber-crime. Many report cyber-crime costs them more than traditional theft or robbery. And one FBI estimate put the cost of cyber-crime to the U.S. economy at US$67 billion in 2005.

Much like Facebook or other online communities, cyber-criminals have created their own communities, and it’s easy to access tools such as keystroke loggers, which are available for sale (in some cases you can pay with a credit card).

“What is the risk of being caught?” said Lewis. “It’s not zero, but close to zero. If you live in Kazakhstan or Romania, you don’t really face any risk.” Because the odds of being caught are so low, these cyber-crime communities are thriving.

At this point, we’re seeing 125 to 175 new unique pieces of malware every day, said Dave Marcus, security research and communications manager for McAfee Avert Labs in Santa Clara, Calif.

Rootkits are the most insidious form of malware, and attacks are generally stealthier than we’ve seen in the past. “You won’t see an outbreak of rootkits,” said Marcus. McAfee has a rootkit stinger in its security suite; most security software has that capability built in. But the problem is becoming more of an education issue, he added. Some 35 per cent of shared music, for example, is infected.

Eventually we’ll see more malware on handheld devices, RFID tags and any new technology coming down the pipe (McAfee sees five to 10 samples a week of malware for handhelds). Most malware is written for Windows because it’s the largest target of opportunity. Similarly, in the world of mobile technology, most malware is written for Symbian at this point.

Social engineering is the weakest link going forward. “That’s why pyramid schemes still work,” said Marcus. A lot of malware, such as spyware, is easy to deal with from a technical point of view, but social engineering attacks – like phishing – require user education.

When criminals believe that cyber-crime is no longer risk-free, fewer will engage in it, the report says. But until then, cyber-crime will continue to increase.

McAfee also released an update to its study on the safety of search engines, which shows that while the overall safety risk to search engine users declined by about one percentage point, sponsored results (paid for by advertisers) remain significantly more risky than non-sponsored results. Overall, it estimates that U.S. consumers make approximately 276 million monthly searches that lead to Web sites that could compromise online safety.


Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now