Making surfing safer
September 12, 2012Internet crime is a fast-growing, billion-euro business, with hackers no longer just targeting the military.
At a forum organized by the Munich Security Conference and Deutsche Telekom, politicians, businessmen and security experts gathered on Wednesday (12.09.2012) in Bonn to take a closer look at the real threat from the Internet, a possible cyberwar, and how to tackle the problem.
Remote-controlled zombie computers
'Zombie computers' are right now the most efficient form of cybercrime, and the threat is growing at an immense speed. Hackers invade individual computers and control them remotely, creating so-called botnets that can grow to huge proportions.
Richard Kemmerer, a computer science professor at the University of California in Santa Barbara, has witnessed the phenomenon firsthand.
"Two years ago, we stole a botnet from the bad guys," the researcher told the seventh Future Security Conference in Bonn - ahead of this week's summit hosted by Deutsche Telekom. "We had 180,000 hijacked machines reporting to us every 20 minutes. That gave us great insight into the underground economy."
The botnet hacker controls all the compromised computers and can, for instance, prompt them to attack random computer networks. Kemmerer only had 10 days to investigate the captured botnet before the "bad guys" managed to "steal it back." That was time enough to get a better grasp on which machines, including computers from large companies, were infected, he said.
Kemmerer found out which security holes the criminals used, and how they managed to obscure their activities by creating so-called fast-flux networks, which are difficult to locate because they change their domain names several times every hour. "It's hard to find out what domain you want to take down," says the researcher.
Computers are easily infected nowadays, and Kemmerer is particularly concerned about "drive-by" downloads - viruses, Trojans and computer worms that users contract by simply surfing the Internet. "You go and visit an innocent site, but it has been compromised by the bad guys and infected with their software, so when you visit, it installs the software onto your machine," warns Kemmerer.
Shopping paradise for criminals
Two things make life easy for cybercriminals: straightforward programming software and careless system administrators. Hacking into political party websites and government agency networks therefore becomes easy for inexperienced hackers. Often enough, cybercriminals find easy access to other systems because administrators have neglected necessary software updates for years.
Do not underestimate malware programmers, warns Toralv Dirro, a security strategist at McAffee, a company that offers antivirus and anti-spyware software. Such programmers are highly adept and use every security breach they can find.
Hackers in Eastern Europe, for example in Russia, are seen as particularly diligent, Dirro says, adding that malware programmers there even compete with one another. Their work is so good that one doesn't have to be a computer whiz to get started with Internet crime, he says. "It's better if you know Russian, that is helpful in certain forums," says Dirro. "Everything else, you can buy."
Today's cybercriminals buy software tools - ready-made "crime packages" - to create their very own high-end Trojans. If the hackers don't succeed in letting their virus loose on humanity, Dirro says, they can buy that service for just a few hundred dollars online.
Millions of new viruses, Trojans and computer worms
Every day, about 100,000 new Trojans are unleashed on the Net, according to Dirro. There is no lack of providers offering server space for criminal activities, either. So-called bulletproof hosters are available not only in Russia, but also in the US, Germany, Switzerland, the Netherlands and many other countries. "The providers ask no questions, and if there are too many complaints, [the hosters] get a new IP address," Dirro said.
Thomas Tschersich, head of Group IT Security at Deutsche Telekom, says that since criminals take advantage of security loopholes as soon as they arise, the Internet sits wide open to them. For this reason, the fight against cybercrime has to be simultaneously undertaken by all those involved, says Tschersich. Internet service providers can systematically monitor data flows for malware to the end device, but require the consent of customers.
Tschersich thinks the legal framework needs to be expanded. So-called deep packet inspection should be utilized, says Tschersich, adding that customer privacy should also be protected.
Crash tests for new computers
Tschersich is also calling on computer manufacturers to improve the situation.
"Imagine if you buy a car without brakes, a seatbelt or airbag," he says, comparing the IT world to the automotive industry. Instead, he suggests customers be offered computers that have already passed a "crash test" against viruses.
However, this is made more complicated by the ease with which computers can be networked - computers nowadays sit in a thick network of smartphones, digital televisions, networked printers, alarm systems and much more. All of these devices depend on the Internet, and they are all susceptible to malware.
That's why McAffee strategist Dirro thinks less is more.
"Do I really need a digital refrigerator that can automatically restock the milk, or place an order for more salmon?" he asks. Because, he says, such a device might tempt a determined hacker to send a refrigerated truck to your home full of milk and three tons of fish.