Stop the cybercriminals

Given the central role of broadband communications in spurring innovation, it is good to see European countries taking seven of the top ten spots in the World Economic Forum’s latest rankings of the penetration of telecoms and computer networks in 127 nations around the globe.

This year the accompanying report focuses on the contribution networks make to innovation and subsequent economic development. And no doubt, the Internet and fixed and mobile networks are underpinning many new business models, inspiring numerous start-ups and helping established companies of all shapes and sizes to collaborate with external partners worldwide, and to develop new products and services.

But there is a downside: internet connections to homes and businesses alike have become a conduit for organised crime.

Before everyone began managing their bank accounts remotely and shopping online, criminal activity on the Internet was limited to “script kiddies” and hackers who wrote viruses or broached government systems for fun.

Now, as the Infosecurity Europe 2008 conference being held in London this week highlights, e-crime is the domain of organised gangs out to make money. Delegates were shown a film, “The New Face of Cybercrime”, commissioned by the security software company Fortify, which illustrates the impact cybercrime is having on consumers and businesses alike.  

Financial motivation

Gone is any desire to embarrass website owners or wreak mindless e-vandalism. It’s no longer an ego boost, or a case of bragging rights. The main targets are ecommerce web sites and the customer databases behind them. In many cases, according to the film, the data isn’t used directly by the hackers, but is sold to other gangs.

“Today’s cybercriminals are highly sophisticated,” says Richard Kirk, European vice president of  Fortify. “Their technical expertise is extremely good, as is their knowledge of the systems they're trying to break into.”

Outsourcing

And now (I am not making this up) it seems cybercriminals are taking a leaf out the business manual and outsourcing the management of their computer systems to third parties. This finding comes from the web security company Finjan Inc., which characterises the development as the “commercialisation of cybercrime”.

It appears that criminals have started to use online “commercial” cybercrime services instead of having to deal with the technical challenges of running their own servers.

“Cybercriminals and criminal organisations are getting better and better at protecting themselves from law enforcement by using [these] services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised, but only provides the infrastructure for it,” said Yuval Ben-Itzhak, Chief Technical Officer of Finjan.

Crimeware

During 2007, Finjan’s research uncovered a trend towards the development of software – or “crimeware” as it dubs these applications – that focus solely on financial gain, working out exactly how to get revenue out of each infection. More recently, the company says the delivery and distribution of crimeware has been upgraded to deliver a different type of malware to different geographical regions.

“Cybercriminals can now generate more targeted infections and deliver specialised Crimeware for specific geographical regions,” Ben-Itzhak said. Criminals are employing marketing and sales techniques to address the cybercrime economy and ensure that the market they are after gets the proper “product” localised for it.

Finjan foresees the next phase in the commercialistion process will involve services that tailor the victim data to a specific criminal purpose. “Cybercriminals continue to adapt legitimate technologies and business models to support their criminal activities,” said Ben-Itzhak.

It’s a sad fact that as networks become more pervasive – and more and more economically important – they create a larger, juicier target for organised crime.

Of course, Europe’s police forces and law enforcers need more resources and training to deal with this problem. They also need secure and flexible means to communicate and share intelligence.

But as Europe pins its knowledge-based future on more computer power and faster networks, there needs to be a parallel and concerted push to develop new security technologies. Without this, the value of having the most networked economies in the world could be fatally undermined.