“Is it safe?” The famous line from a scene in the film, “Marathon Man” and a question which reflects the dangerously’ joined-up’ nature of world in which we live today.
Next month sees the 6th international ecrime congress in London, an annual event which gives business, finance, government and law enforcement an opportunity to discuss the new threats and challenges presented by the growing influence of serious and organised crime in cyberspace.
And the internet, “Is it safe?” Certainly not and the statistics argue that while in some areas, the risk of crime is being reduced through the introduction of new technical measures and policies, elsewhere and under the extreme pressures of criminal interests, new leaks are appearing in the collective firewall, which may become a flood if not acted upon quickly.
This year, even David Davis, the Conservative, Shadow Home Secretary, will be joining the directors of the FBI, US Secret Service, NATO and the likes of PayPal, Lloyds TSB and Unilever in London to reflect on a shared problem which threatens the world’s most advanced economies.
Over the last twelve months, leading UK banks such as Barclays, have been increasingly successful in reducing online fraud but corporate losses from computer crime have reportedly doubled and the incidence of identity theft among the broader population continues to rise dramatically with criminals increasingly focusing on individuals in cases of financial fraud rather than a business.
As business continues to develop their security counter-measures to deal with the more common, asymmetric, ‘mass-attack vector’, whether this has been a consequence of ‘spamming’, ‘phishing’, ‘Bot-nets’, ‘Denial of Service’ and all manner of other exploits, organized crime groups have been busily refining their activities. This, in turn, has led to the appearance of new tools and techniques to develop ‘Under the Radar’ targeted attacks on individuals and organizations, ‘neither broadly distributed nor unique in nature’ and displaying a much improved use of social engineering tactics.
Identity theft and what is being called, “data indifference”, continues to be a significant and steadily growing problem, whether this lies in the almost regular loss of confidential personal data by large companies and government agencies, such as HMRC or at the more sophisticated end of the spectrum, advanced identity theft from persistent bots and new exploits that seek to compromise home routers.
Compromised ‘Bot’ networks of personal computers continue to make headlines in greater and greater numbers and with increasing sophistication and effectiveness. Last month, in the United States, one hacker pleaded guilty to creating a network of more than 400,000 computers, which included those belonging to the country’s Defense Information Security Agency and in April of 2007, Estonia, the former Soviet Baltic republic was paralysed by an unprecedented online attack from networks in Russia. Estonian MP Silvar Meikar, a member of the country’s defence committee will be describing this attack at the ecrime congress.
Earlier this month, Silicon.com reported that Russia has now passed China to become the largest generator of spyware and malicious code and in terms of the source of criminal exploits. But Russia and China are not the only problem. IBM’s X-Force reports that the United States and Germany were the only two countries consistently among the top three hosting sources for each classification of “unwanted” Internet content monitored throughout 2007 and that the former “Far outpaces other countries as the primary hosting source of adult, socially deviant and criminal content on the Internet.”
The urgent question we need to answer, whether this be at conference, government, business or law-enforcement level, , surrounds the fundamental questions of online safety and data security. In concert with the clear and present danger from international and domestic terrorism, which sucks the funds away from the fight against ecrime, does any effective counter-measure solution exist to challenge the threat from the organised crime interests which are starting to dominate the trade routes of the internet much like the pirates of the Caribbean once did in the past?
Without a doubt, every country requires more resources and an urgent requirement that government treats the problem more seriously than it has in the past but I’m not convinced this will ever happen until the problem , like the Elephant in the living room, becomes too large to ignore.
Pandora’s Box has been opened and no single country is strong enough to close it. As an analogy, it’s really no different to the debate on tighter European immigration and border controls because the internet is as open and porous as the borders of Europe and the legislation is only as strong as the will and resources of the poorest country. And without the cooperation of Russia and China any proposal remains of academic interest only.
So what can we do to fight the threat? Buy shares in information security companies perhaps because business and finance is largely on its own, as is the man in the street. Unless there is a truly joined-up and international initiative to tackle the growing problem of organised crime online, involving significant funding, resources, legislation and most of all will, at every level, we will have to accept that millions of people and businesses will be robbed and duped and conned as an integral benefit of the internet’s total cost of ownership. After all, if the FBI only has a team of 100 officers tasked to deal with all cyber crime offences and Interpol has perhaps only three in EMEA, the level of priority and the scale of the challenge now facing our joined-up and interdependent economies becomes depressingly clear.