Friday, July 15, 2011

The Global Battle Against Cybercrime

Some Recent Developments
  • Eugene Kaspersky, founder of Kaspersky labs and cybersecurity expert has used his blog to take a swipe at the state of current multilateral efforts combatting cybercrime. In his post he mentions that the Council of Europe Convention on Cybercrime is largely a waste of time and that the UN's IMPACT Alliance, which is based in Cyberjaya, Malaysia (and of which he is a member of the advisory board) is moving too slowly to be of any use. He has put his weight behind a newly launched non-profit organisation called the International Cyber Security Protection Alliance (ICSPA), which is based in London, and hopes that it can get things moving quickly. He points out that cybercriminals in most cases are beyond the borders of the country of their victims and that the mammoth task of bringing the majority of cybercriminals to justice will require joint efforts on a global scale.
  • On a more positive note, June 2011 did bring some notable successes for international law enforcement in the battle against cybercrime, with several successful operations resulting from joint efforts. The FBI and a team of international law enforcement organizations have shaken up two scareware (fake antivirus software) operations that infected nearly 1 million users worldwide and cost victims some US$74 million in losses, charging up to $129 to each victim for the fake software. The so-called Operation Trident Tribunal, an ongoing initiative fighting international cybercrime, has netted arrests of two Latvians and the seizure of some 40 computers and bank accounts, including 22 computers in the U.S. that supported the illegal operations. Another 25 systems overseas that were used by the scammers were shut down as well.  The Department of Justice, FBI, and authorities from Germany, Latvia, Cyprus, the Ukraine, Lithuania, France, The Netherlands, Sweden, Romania, and Canada teamed up in the operation. 
  • In Russia, Pavel Vrublevsky, the owner of ChronoPay, Russia’s leading payment processing provider, was arrested on charges of organizing a DDoS attack on a competing company, assist.ru. Also in Russia, researchers at Kaspersky Lab have discovered a new piece of malware targeting Russian users that silently runs a Bitcoin mining application on infected computers. The idea is to steal computer resources from infected computers to generate units of the valuable peer-to-peer virtual currency. The hacker behind the Trojan did not generate any riches from this attack however because the Bitcoin mining system detected the suspicious mining activity coming from multiple IPs and blocked the account.
  • In Brazil, cybercriminals used Amazon’s cloud to host and distribute malware that targeted Brazilian users and was designed to steal data from customers of nine large Brazilian banks. To improve its chances of success, the malware blocked the normal operations of Antivirus software as well as browser plug-ins that are supposed to make online banking secure. The malware also stole digital certificates and credentials from Microsoft Live Messenger.
  • In a sweeping move, Google has removed all of the sites hosted on .co.cc domains from its search results, explaining that because such a large percentage of the sites on that sub-domain are low-quality and malware-ridden they decided to de-index all of them. The .co.cc space is not an officially authorised second-level domain like .co.uk or .com.au. Instead, it is run independently by a Korean company (http://co.cc/) that just happens to own the domain name .co.cc. The .cc top-level domain belongs to the Cocos (Keeling) Islands, a small Australian territory in the Indian Ocean. Regular .cc websites are unaffected by Google's changes.
  • The US Department of Defense released the DoD Strategy for Operating in Cyberspace (DSOC) - the first ever DoD unified strategy for cyberspace. “By sharing timely indicators about cyber events, threat signatures of malicious code, and information about emerging actors and threats, allies and international partners can increase collective cyber defense,” the document notes. “Cyberspace is a network of networks that includes thousands of ISPs [Internet Service Providers] across the globe; no single state or organization can maintain effective cyber defenses on its own.” As General James “Hoss” Cartwright told reporters, “This strategy talks more about how we are going to defend the networks, the next iteration will have to start to talk about here’s a strategy that says to the attacker, ‘If you do this, the price to you is going to go up. It’s not just free.’ Today, we are on a path that is way too predictable. It’s purely defensive. There is no penalty for attacking right now, we’ve got to figure out a way to change that.”
  • Microsoft has released a detailed report on Rustock, the take-down effort it led in March, and the impact of its anti-botnet campaign. The number of Windows PCs infected with the Rustock malware has dropped worldwide from 1.6 million at its peak, to just over 700,000 by June. In the U.S., an estimated 86,000 Rustock-infected PCs in March had been reduced to some 53,000 by June, a drop of 38%. Other countries saw even bigger reductions: In India, the March tally of 322,000 infected machines plummeted by 69% to approximately 99,000 in June.

No comments:

Post a Comment