Call for united effort against cyber crime

April 23, 2009

In light of a recent string of high-profile attacks, security professionals are being called on to band together to fight the highly organized cyber criminals of the world. RSA President Art Coviello said the online fraudsters "are not bound by any rules of law" and "control massive armies of zombie computers".1

Sophos, a security software company, said a web page was infected every 4.5 seconds and that every day more than 20,000 new samples of malware were discovered. "Attackers are shifting their approaches. They are moving away from the idea of mass distribution to a few threats being distributed to what we call micro-distribution where there are millions of distinct threats... They are targeted at individuals. They are targeted at trying to steal confidential information. Anyone can be a victim" warned Symantec CEO Enrique Salem.1

Cybercriminals are also increasingly using encryption to cover their tracks and hindering efforts of forensic investigators from recovering evidence, by using virtual private networks to transfer data from hacked companies, and encrypting their hard drives so that if captured by authorities, evidence stored on their computers cannot be uncovered.2

A report in April stated that cyberspies had penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. Authorities investigating the intrusions found software tools left behind that could be used to destroy infrastructure components. Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies.3

In March a vast electronic spying operation that had infiltrated computers and had stolen documents from hundreds of government and private offices around the world including many belonging to embassies, foreign ministries and other government offices, was also uncovered. Called GhostNet, it focused on the governments of South Asian and Southeast Asian countries.4

Although denied by the the Defense Department and Lockheed, the Wall Street Journal also reported that computer spies had hacked into government and contractor computer systems and stolen data about the design of the F-35 joint strike fighter program. The hackers could not access the most sensitive design data about the aircraft's flight controls and electronics, but they reportedly were "able to copy and siphon off several terabytes of data related to design and electronics systems."5

Joe Stewart, director of SecureWorks Inc.'s counterthreat unit, is pitching the idea that criminal cybergangs should be harried, hounded and hunted until they're driven out of business. "We need a new approach to fighting cybercrime... what we're doing now is not making a significant dent". Rather than pursue malware makers the old-fashioned way -- a tack Stewart argued is haphazard, at best -- he said that teams of paid security researchers should be created to stalk and disrupt specific criminal gangs or botnets. Set up like a police department's major crimes unit or a military special operations team, the researchers would take a long-term view, get to know their target, perhaps even infiltrate the group responsible for the botnet and employ a spectrum of disruptive tactics.6

1. "Call to rally against cyber crime", BBC News, April 21, 2009

2. "Cyber Criminals Industrialize to Increase Effectiveness", Wired, April 22, 2009

3. "Electricity Grid in U.S. Penetrated By Spies", The Wall Street Journal, April 8, 2009

4. "Vast Spy System Loots Computers in 103 Countries", The New York Times, March 28, 2009

5. "Defense Department, Lockheed deny that hackers stole sensitive F-35 data", Star-Telegram, April 21, 2009

6. "Researcher wants hacker groups hounded mercilessly", Computerworld, April 21, 2009