The Russians are Coming

“We woz robbed”, and it’s not football I’m referring to.

There are no penalties in cyberspace. Just ask AOL, which having just lost 92 million email accounts to the spammers, is doing it’s very best to assure customers, that as ever, security remains at the very top of the company’s priorities.

In fact, it’s hard to blame AOL when something like this happens. Back in the earliest days of the World Wide Web, when Netscape version 1.0 reigned supreme and Microsoft’s Internet Explorer was a small joke, I was the Director of one ISP, who had a call from the Police one morning, telling me that the entire subscriber database, with passwords, was sitting-up in a popular hacker newsgroup.

At the time, we didn’t realise how pathetically vulnerable the technology of the Internet was. Many of us at the beginning of the online revolution were at the mercy of a small team of ‘expert’ system administrators who frequently resembled refugees from a ZZ-Top concert and security was often secondary to building a network organically and fast enough to keep up with customer demand.

This month, I spoke at a MessageLabs Security Forum alongside Spamhaus’ Steve Linford and MessageLabs CTO, Mark Sunner. My job was to talk about information security as a board level responsibility and Mark and Steve presented a double act on the size of the security problem now facing society.

That problem now appears unstoppable, in that since legislation, against spam in particular, was introduced on both sides of the Atlantic, more spammers and more unsolicited traffic has been the consequence, with 70% of all traffic flowing over the Internet now being garbage, Of course, it will never reach 100% because there’s still room for legitimate email out there but as more end users appear online, such as 100 million new arrivals from the South China coast, the Internet’s storage and our own security is going to have to keep pace.

What encouraged the theft of the AOL list is that spam is big business and Steve Linford points out that ‘Spam Supermarkets’ are now a regular feature of modern cyberspace, where the bad guys go to trade information and addresses. Since the interests of organised crime, virus authors and the spammers started to coincide, most of not all viruses and worms that now reach our filters carry ‘RAT’s, remote access Trojans, that allow a victim’s PC to be taken over by remote control. This leads to 50,000 new zombies appearing each week, which are in turn traded in these supermarkets as potential open proxies for the spammers or as hosts for everything from paedophile images, DDoS attacks (distributed denial of service) to Phishing scams.

Computer crime is now a lucrative business, with very few risks and penalties. The bad guys in question are invariably a mix of leading Boca Raton spammers with their Servers hosted in China and the Russian Mafia, who can’t find ways of spending the money they are making from eCrime fast enough.

Meanwhile, back on the average user desktop, visiting Websites with Internet Explorer is now more dangerous than ever before. The most recent alarm involves a report that organised crime has been hacking into well-established and trusted corporate websites and installing exploit code, which in turn installs RATs and keyloggers into the unsuspecting visitors own PC, leveraging a known vulnerability in Microsoft’s Internet Explorer to create even more compromised PCs and larger ‘Bot nets’.

At what point, I wonder, does society reach a critical mass, a pain point where we concede that 15% or 25% of the earth’s PCs owned by spammers or criminal gangs makes the Internet unviable as a commercial proposition. My own guess, is that in the UK with four million people connected to Broadband, we may have as may as half a million Personal Computers infected at any time, maybe more but hardly less. Who’s in charge of the Internet I wonder and the answer I suspect is the Russian mafia.


Anonymous said…
A good solution to these problems is a mandatory
user-configurable firewall at the ISP level.
Explained here

Popular posts from this blog

Civilisational Data Mining

The Nature of Nurture?