Thursday, February 01, 2007

SECURITY / ORGANISED CRIME PLAYING A BIGGER ROLE

Banks, ISPs 'should meet cyber police'

TONY WALTHAM

Banks, Internet service providers and other companies here should send representatives to meet the staff at Thailand's cyber crime unit and introduce themselves, when they should offer to provide a tour of their network and even to help with some cyber security training, according to a Cisco Systems Internet security architect. ISPs, banks and other institutions really needed to ''invest in their law enforcement officers,'' according to Barry Raveendran Greene of Cisco's SP Architecture and Engineering Group, who was here to conduct two cyber security seminars.

These organisations should offer to familiarise the cyber police officers with their networks and possibly help out with security training, he suggested.

Greene spoke of a huge shift that has taken place for Internet security that has seen organised crime come to the Internet bringing extortion and fraud, where extortion can manifest itself as the threat of a distributed denial of service (DDoS) attacks on a web site or network and ''click fraud'' can rob a company of its online advertising budget in favour of a competitor or generate money fraudulently from clicks.

And a complex underworld economy, or ''miscreant economy,'' has sprung up, one which has its own business cycles, which peak after criminals figure out a new way to make money, and then dips once the potential victims collaborate and find a way to mitigate losses or protect themselves. The weapons used are very often millions of home PCs that have been turned into ''bot nets'' and which are used to attack web sites, send spam or generate fraudulent clicks on web sites.

Even the way that computers are being taken over or co-opted into these underworld robot armies and the way they are being controlled is changing in what Roland Dobbins of Cisco's SP and Enterprise Security Division likened to an arms race.

Asked how large the miscreant economy might be, Greene said that one report he had seen had said that the amount of money being made by the ''bad guys'' exceeded the amount of money being made by people selling software to fix it, such as Symantec, McAfee, Trend Micro and others selling virus protection.

The fundamental problem with cyber-crime was that there were no physical boundaries _ such as doors or locks, peer-pressure or family pressure on participants _ or even laws to keep international online criminal activity in check. He added that service providers were impacted when their customers were victimised, although helping them to protect themselves could be a service opportunity, he said, making the analogy of selling a lock, a guard or a security camera.

Children using computers were now being targetted by organised crime as a gateway into a home network of computers by infecting sites they would patronise, such as those that hosted the popular game YuGo, he said, adding that ISPs might be able to counter this by offering a ''kids safe'' service.

There has been a change in attitude with law enforcement authorities, and the arrival of organised crime on the Internet _ bringing rackets such as fraud and extortion to the cyber world _ is something that law enforcement agencies understood and knew how to deal with, Dobbins said. Today, no one in law enforcement is pointing fingers and economic-driven crime was well understood, he added.

Even so, the criminal hackers' techniques were constantly being refined and whereas it used to be high-profile sites that were subjected to DDoS attacks, particularly gambling and adult entertainment sites, today it was online traders that tended to be attacked.

Dobbins cited the example of an estimated half a million misconfigured open recursion DNS servers on the Internet that could be exploited or spoofed by criminal hackers to generate a flood of attacks that could lead to denial of service _ and which were much harder to spot when compared to a traditional DDoS attack using raw bandwidth.

Other new techniques being seen were for criminals to investigate back-end application vulnerabilities on a potential victim's site, such as lengthy database transactions and, if so, they might trigger many of these to bring a site to its knees, and this would be much harder to trace.

Dobbins said that DDoS attacks using bandwidth could be easily monitored and steps taken to counter, whereas ''database churn'' would be harder to spot with a traffic-based approach.

Bangkok Post
Wednesday January 31, 2007

No comments: