I was privileged to attend the 5th Kaspersky Lab forum, held in the city of London, yesterday. It was actually a Cybercrime Forum (I have no idea if the other forums were as well, as this was my first), and so the main focus was – yeah, you guessed it – Cybercrime; criminals operating through the freedom and openness of the internet, causing all kinds of harm to internet, computer, and smart phone users not just for kicks and giggles as it used to be in the good old days, but now for money, and big money too.
It emerged that there is a steadily growing number of Malware developers and variety of threats (which is pretty obvious given the increase in the number of threat signatures since 1986 when the first virus was found). In addition, there are also strong indications that there is what Eugene Kaspersky (Co-founder and CEO) termed a, C2C – Criminal to Criminal – business network, which supports the trade of malware and botnets, SLAs, and malware brokers! I’m not joshing you. And what’s more, these networks transcend the borders of countries.
Please note, this is not to dispel the widely accepted notion that Malware developers don’t compete against each other, because I believe they do, much in the same way that AVG and Avira are competitors. However it is this idea of organised cybercrime that is more interesting, and would ultimately spell more doom for computer users (i.e. every person on earth in about ten years). Now David Emm, a Senior Technology Consultant at Kaspersky Lab was quick to point out that by “organised Cybercrime”, he meant “crime that is organised”, rather than ‘organised crime’ in the Sicillian-Mob family sense of the phrase. However, I disagree slightly with him there. If there are websites that you can go to for the purchase of malware, or the information that ID-theft Trojans have illegally obtained, and you can get support for the usage of said malware, who’s to say there’s no central character or corporation controlling it all? No e-Mafia family? I guess you will only agree with me, if you believe in some conspiracy theories, the impact of the Mafia in the United States in the 90s (maybe less so now), and that Hollywood is made up of more than just fantasists and overpaid, highly-opportuned dreamers. You’ve heard of Goodfellas, and American Gangster, both based on true stories and you must have seen Die Hard 4.0 too. Who’s to say that in three years time, there won’t be movie about similar, based on a true story? Only the future will tell.
However, whether or not the work of Cybercriminals – a Downloader Trojan on your home computer - comes from a central, technology-savvy mind, or a chain of criminal activities, is of little relevance to the average user. You would just like it to be gone, and to prevent it, or any distant cousins from coming back. Well my tips for you are:
1) Lockdown users’ access rights and privileges on any machine as much as possible
2) Teach those who have no idea, about basic Online-browsing safety, including how to identify obvious threats
3) If you don’t already, use an Anti-Malware software vendor that you trust, and whose product will be easy to use for yourself and any other users
4) Hope to high heavens that the makers of the Trojan don’t get wiser, at least not in your lifetime
I have listed these in order of importance in my opinion, because I believe prevention is better than cure.
Of course 4) will most likely not happen. And in any case with most things, I am usually more concerned about the root causes of problems rather than the problems themselves. I am not worried about being run over by a car on my way to the shops to get a chocolate bar, because there are laws and penalties in place to deter people from driving when they are not mentally fit to, and faster than they should be in a residential area. (And of course, I am lucky to have some common sense which prevents me from strolling carelessly into the middle of the street). In much the same way, I am not as annoyed about a copy of Trojan-Downloader.Win32.Hmir.izo appearing on my system, as I am about the sequence of events that got it there in the first place. Which means that I would like to see more IT professionals taking a pro-active interest in this issue; I would like to see more AM software manufacturers combining efforts, as I am told they already do. I would like to see Police Departments strengthening their Cybercrime teams. And I would like to see more governments recognise the threat that this new era of organised criminals pose, not just to citizens, but their economy, and the global economy as a whole. Don’t believe me? OK then, if a Thomas Gabriel-type personality was to gain control of/access to say BofA, Citigroup, and JP MorganChase, have his wicked way with them, and word got out, what would happen to the American stock market, i.e. confidence in companies, and value? Then what would happen to the UK market? And the rest of Europe? And the Asian companies? And Africa? The earth is still a global playground for a lot of industries, and no kid can expect to play by his lonesome forever.
I believe to really deal with this rising menace, things have to be looked at on a much higher level. Mr. Kaspersky closed the forum with some ideas, which I paraphrase: “safer products (safer OSes and networks), more government attention, and education on a large scale, are the keys to effectively combating this issue and the coming threats in the future”. And you know what? I think he’s onto something.