On Sept. 13, a Moroccan court handed out short-term jail sentences to two college-age malware code writers found guilty of launching the Zotob worm virus in August 2005. The conviction of the two young men?along with the pursuit of other virus writers who take down computer networks for the sake of it?highlights law enforcement officials’ ability to trace the roots of such attacks. Still, law enforcement officials, consumer advocates and security researchers concede they are making little progress in tracing the finances of those individuals who are using IT-based crimes to make a profit.
While attacks such as Zotob cripple productivity on computer networks around the world, most technology experts say that a more serious threat is current money-thieving schemes that attack corporate infrastructure and lurk on the Internet. As criminals have shifted their activity from scattershot attacks on IT infrastructure to targeted fraud leveled at specific businesses and individuals, they have become even harder to track down.
And although laws that force businesses to disclose data breaches are shedding light on those incidents, there is likely an epidemic of unreported computer crimes that involve the theft of cold, hard cash, said David Marcus, security research manager at software maker McAfee.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub .
Deciphering the web of finance and money laundering shared by those committing the attacks is virtually impossible, he said.
“It’s likely that there are many, many attacks that steal money from businesses that never even get reported, so these guys are getting away with it and no one can follow where the money is going,” said Marcus, who works in McAfee’s Avert Labs, in Santa Clara, Calif. “[Thieves are] using online payment companies to launder their profits and exploiting the shortcoming of international law enforcement [so that they can] run and hide their money in any number of ways.”
Underground networks aside, criminals are still capable of using popular payment networks including online sites such as PayPal and E-Gold to mask their activities, the researcher said. E-Gold is becoming increasingly popular, since users can circumvent government tracking of paper currency by dealing in shares of precious metal.
Law enforcement officials agree that it’s almost pointless to go after the fraudsters carrying out targeted attacks such as phishing schemes against banks and other financial institutions. Instead, they’ve turned their attention toward stopping the influx of adware and spyware being distributed on the Internet. At least there is some hope in tracing spyware attacks?believed to feed into widespread identity fraud efforts?and the unscrupulous Web advertising programs to which the attacks are often linked, said Justin Brookman, an assistant attorney general for the state of New York.
“We haven’t even begun to look at the finances behind a lot of the pure fraud, such as phishing, because of the sheer volume of what is going on; we can have a greater effect in hunting down adware and spyware purveyors,” Brookman said in New York. “We’re primarily looking at adware right now because there is so much money going into it; we’re dealing with large companies that make millions of dollars per year who are much easier to find.”
Read more here about the current state of cyber-crime.
Brookman, who led the New York state attorney general’s case against Intermix Media for distribution of spyware that led to $7.5 million in penalties levied against the company, said that progress is limited by state and federal governments’ lack of resources to solve the problem in the United States and by some foreign governments’ lack of concern over the issue.
However, even in the adware and spyware arenas, there remain serious impediments to following and stemming the money stream, experts say. In some cases, the lax enforcement of standards used to determine the legitimacy of online advertisers by major technology companies?including search giant Yahoo and Internet phone software maker Vonage?is helping to sustain the adware and spyware sectors, researchers contend.
Those companies are guilty of feeding the finances of the malware industry by dealing with companies such as Intermix and Direct Revenue, another company pursued by New York State Attorney General Eliot Spitzer for distributing adware and spyware, said Ben Edelman, an attorney and IT security researcher, in Cambridge, Mass.
Author: Matt Hines