VIRTUAL CRIMINOLOGY REPORT CYBERCRIME: THE NEXT WAVE

advertisement
VIRTUAL CRIMINOLOGY REPORT
CYBERCRIME: THE NEXT WAVE
The annual McAfee global cyber trends study into organised
crime and the Internet in collaboration with leading
international security experts
FOREWARD
CONTENTS
VIRTUAL CRIMINOLOGY. CYBERCRIME.
DIGITAL SECURITY BREACHES. ONLINE THEFT.
02
INTRODUCTION
04
CHAPTER ONE: THE INCREASING CYBERTHREAT TO NATIONAL SECURITY
05
CHAPTER TWO: THE INCREASING THREAT TO INDIVIDUALS AND INDUSTRY
13
CHAPTER THREE: HI-TECH CRIME: A THRIVING ECONOMY
23
CHAPTER FOUR: FUTURE CHALLENGES
29
CONTRIBUTORS
33
REFERENCES
38
NO MATTER WHAT YOU CALL THE DARK SIDE OF THE INTERNET, IT’S A GRIM REALITY THAT
IS GROWING ALARMINGLY FAST. GLOBAL CYBERCRIME IS A MAJOR PROBLEM, COSTING
BUSINESSES AND CONSUMERS BILLIONS OF DOLLARS A YEAR, AND THE WIDER USE
OF TECHNOLOGY IN DEVELOPING COUNTRIES ONLY FURTHER OPENS THE WINDOW OF
OPPORTUNITY FOR EVILDOERS.
Where is cybercrime today? Where is it headed? At McAfee we work around the clock to
answer these questions, but we recognise that we aren’t alone in our efforts. For this report we
consulted with more than a dozen security specialists at top institutions such as NATO, the FBI,
SOCA, the Centre for Education and Research in Information Assurance and Security (CERIAS),
the International Institute for Counter-Terrorism in Israel and the London School of Economics.
These experts are also on the front lines in the fight against cybercrime every day, and we asked
for their insights on the state of this dangerous underworld - as well as their predictions on
where it’s going next.
The conclusions? Read on for the details, but at the highest level the experts agree that cybercrime
has evolved significantly in complexity and scope. Espionage. Trojans. Spyware. Denial-of-service
attacks. Phishing scams. Botnets. Zero-day exploits. The unfortunate reality is that no one is immune
from this malicious industry’s reach — individuals, businesses, even governments. As the world
has flattened, we’ve seen a significant amount of emerging threats from increasingly sophisticated
groups attacking organisations around the world. And it’s only going to get worse.
Copyright © 2007 McAfee, Inc. All rights reserved
FOREWARD
At McAfee our charter is to develop technology that protects valuable data from the bad guys,
but technology is only part of the solution. From individual action, to organisations securing their
networks, and governments writing enforceable legislation to deter criminal behaviour, we are
in a virtual arms race, and we must work together to stay ahead.
Fighting cybercrime is a 24/7 battle, a global battle, and it is far from over.
Dave DeWalt
President & CEO
McAfee Inc.
02
INTRODUCTION
04
THREE MAJOR FINDINGS EMERGED.
Dave DeWalt, President & CEO, McAfee Inc.
In 2006, the findings showed how
cybercriminals had started to adopt KGB-style
tactics to recruit a new generation to its ranks
and capitalise on the growing opportunities to
exploit new technologies for financial gain. It
highlighted the increasing professionalism of
organised crime gangs and how businesses
and individuals alike are at risk of attack.
Second, there is an increasing threat to
online services because of the growth in
sophistication of attack techniques. Social
engineering, for example, is now being used
in conjunction with phishing techniques
- making the situation even more complex
and posing an increasing threat to public
confidence in the Internet.
This year, McAfee has collaborated with
law enforcement agencies and cybercrime
experts across the world to assess the biggest
looming cyber trends. The third McAfee Virtual
Criminology Report shows how cybercrime is
now a global issue for everyone.
The third and final trend is the emergence
of a sophisticated market in software flaws
that can be used to carry out espionage and
attacks on critical government infrastructure
networks. The findings indicate a blurred line
between legal and illegal sales of software
vulnerabilities.
Copyright © 2007 McAfee, Inc. All rights reserved
“Fighting cybercrime is a
24/7 battle, a global battle,
and it is far from over.”
THE FIRST MCAFEE VIRTUAL
CRIMINOLOGY REPORT REVEALED
HOW CYBERCRIME HAD EXPANDED
FROM GEEKS IN THEIR BEDROOMS
TO ORGANISED CRIME GANGS
AND HIGHLIGHTED HOW
OLD-STYLE CRIME GANGS
WERE GOING HI-TECH.
Commissioned by McAfee, Dr Ian Brown from
the Oxford Internet Institute and Professor
Lilian Edwards from the Institute for Law and
the Web in the UK, together with Eugene
Spafford and his team from the CERIAS centre
at Purdue University in the US, undertook
extensive research amongst law enforcement
agencies and cybercrime experts across
the globe to assess the current trends and
emerging threats to security.
First, there is now a growing threat to
national security as web espionage become
increasingly advanced, moving from curiosity
probes to well-funded and well-organised
operations out for not only financial, but
also political or technical gain. Are we in
the midst of a cyber cold war and a race for
cyber supremacy?
The report finishes with a look into future
trends and challenges beyond 2008.
CHAPTER ONE: THE INCREASING CYBERTHREAT
TO NATIONAL SECURITY
How the internet has become a weapon for political,
military and economic espionage
IN THIS CHAPTER:
•
Rise of cyber spying
and cyberattacks
•
120 countries using the
Internet for web espionage
operations
•
The new cyber cold war:
China at the forefront
•
Critical national infrastructure
network systems under attack
•
More sophisticated cyber
assaults
•
From curiosity probes to
well-funded and well
organised operations for
political, military, economic
and technical espionage
“There are signs that intelligence agencies around
the world are constantly probing other governments’
networks looking for strengths and weaknesses and
developing new ways to gather intelligence,”
Peter Sommer, an expert in information systems
and innovation at the London School of Economics.
SECTION ONE:
THETHE
INCREASING
CYBERCYBER
THREATTHREAT
TO NATIONAL SECURITY
CHAPTER
ONE:
INCREASING
How
the internet
has become a weapon for political,
TO
NATIONAL
SECURITY
GERMANY Germany’s respected weekly, Der Spiegel, reported that China was thought to
have hacked into the computer systems of Germany’s Chancellery as well as systems at
three ministries, infecting the networks with spy programs. The alleged attacks occurred
just before Chancellor Angela Merkel visited Beijing. Computers in the Chancellery and the
Foreign, Economics and Research ministries were targeted.
military
economic
espionage:
How
theand
internet
has become
a weapon for political,
military and economic espionage
The German Federal Office for the Protection of the Constitution (BfV) conducted a
comprehensive search of government IT installations and prevented a further 160 giga-bytes
of information being transferred to China. They described it as “the biggest digital defence
ever mounted by the German state.” The information was being siphoned off almost daily by
hackers in Lanzhou (northern China) in Canton Province and in Beijing. The scale and nature
of the stolen data suggested that the operation could have been steered by the state.
THE FOLLOWING CYBERATTACKS ON GOVERNMENT
TARGETS HAVE TAKEN PLACE IN THE LAST 12 MONTHS:
The Chinese Embassy in Berlin described the accusation of the state-steered hacking as
“irresponsible speculation without a shred of evidence.”v
ESTONIA In April 2007, Estonia experienced Distributed Denial of Service (DDoS) attacks on
government, news and bank servers for several weeks. The incidents followed the removal
of a Soviet statue from a central Tallinn Square to the outskirts of the city. At the height of
these attacks, 20,000 networks of compromised computers were linked, and analysis of the
malicious traffic showed that computers from the United States, Canada, Brazil, Vietnam
and others were involved. “It was a political campaign induced by the Russians; a political
campaign designed to destroy our security and destroy our society. The attacks had
hierarchy and co-ordination,” said Mikhel Tammet, director of the Estonian communication
and information technology department.iii It was a probing attack from which attackers and
defenders both learned a great deal.
Russian officials deny that claim. Kremlin spokesman Dmitri Peskov called it “out of the
question” that the Russian government were involved in the attacks. iv
Copyright © 2007 McAfee, Inc. All rights reserved
UNITED STATES In June 2007, a Pentagon computer network was hacked into by Chinabased perpetrators in “one of the most successful cyberattacks” on the US Department of
Defense. While it is questionable how much sensitive information was stolen, the incident
succeeded in raising concerns to a new level as it highlighted how systems could be
disrupted at critical times. Many were quick to point the finger at the Chinese military, but a
Chinese Foreign Ministry spokeswoman dismissed the allegations as “totally groundless.”ii
INDIA The National Informatics Centre (NIC) was reportedly attacked from dial-up Internet
connections in China. Key intelligence officials claimed that hackers broke into the email
accounts of 200 ministers, bureaucrats and defence officials and continue to raid Indian
servers at the rate of three to four a day.vi China has denied all claims that it is behind
the attacks.
NEW ZEALAND & AUSTRALIA Asia Pacific News reported that Chinese hackers had
allegedly tried to hack into highly classified government computer networks in Australia
and New Zealand as part of a broader international operation to glean military secrets from
Western nations. According to news.com.au, Canberra refused to either confirm or deny
that its agencies, including the Defence Department, had been subject to cyberattack. New
Zealand Prime Minister Helen Clark confirmed that foreign intelligence agencies had tried to
hack into government computer networks but had not compromised top-secret data banks.
The Chinese Government has denied any involvement.
08
SECTION ONE:
THETHE
INCREASING
CYBERCYBER
THREATTHREAT
TO NATIONAL SECURITY
CHAPTER
ONE:
INCREASING
How
the internet
has become a weapon for political,
TO
NATIONAL
SECURITY
10
military
economic
espionage:
How
theand
internet
has become
a weapon for political,
military and economic espionage
Evidence suggests that governments and
government-allied groups are now using the Internet
for espionage and cyberattacks on the critical
national infrastructure (financial markets, utility
providers, air traffic control) of other countries.
There were more reported cases in 2007 than any
previous year. This growing threat is acknowledged
by the United States Department of Defense.
“We have seen attempts by a variety of state
and non-state-sponsored organisations to gain
unauthorised access to, or otherwise degrade,
Department of Defense information systems,”
confirmed a Pentagon spokesman.i
Experts believe the Estonia attack is the first real
example of nation states flexing their cyber-warfare
capabilities. It certainly represents a landmark
change in the way the Internet is being used.
“The whole sequence of events (in
Estonia) looked a lot like the sort of thing
a government would do in order to check
how much it could get away with. The
whole thing bears the hallmark of a ‘false
flag’ operation. We’ve seen terrorists
carry out such ‘defence-probes’ ahead of
physical attacks,”
said Ms Yael Shahar, International Institute
for Counter-Terrorism, Israel.
NATO analysts said that while 90-95 per cent of
threats to NATO members’ information systems
can be avoided by standard tools and good IT
practice, the latest series of attacks has served
as a valuable wake-up call to governments and
key industries around the world.
HOW SOPHISTICATED ARE THESE
ATTACKS? FROM CURIOSITY PROBES
TO WELL-ORCHESTRATED ASSAULTS
Experts believe recent attacks have been far
more sophisticated in their nature, designed
specifically to slip under the radar of the
governmental systems they were targeting.
They have progressed from initial curiosity probes
to well-funded and well-organised operations for
significant political or economic gain.
“The incidents in Estonia should be viewed
as a wake-up call. Whether a cybercrime
is staged by a competing nation state, a
loosely organised cybercrime business or
a lone person, information stored on the
networks of governments and nationallyimportant organisations should be
considered high-value targets.”
“The software used to carry out
these intrusions (on the US Pentagon)
was clearly designed and tested by
organisations with much greater
resources than the usual individual
hackers,”
agrees Dr. Eugene Spafford, executive director of the
Center for Education and Research in Information
Assurance and Security (CERIAS)
at Purdue University .
said leading cyberexpert Dr Richard Clayton,
Cambridge University Computer Laboratory.
According to NATO analysts, many governments
are still unaware of the threats facing them,
and some governments are leaving themselves
open to attack: “Many government offices don’t
even know yet that they are leaking information.
Ninety-nine per cent of cases are probably still
not known. Attackers are using Trojan horse
(programs that don’t replicate but cause damage
or compromise computer security) software
targeted at specific government offices - because
they are custom-written, these Trojans are not
amenable to signature detection and they can
slip past anti-viral technologies, so this is a
big problem. Hackers have dedicated qualityassurance capabilities that they run on all of their
malware to make sure that their malware doesn’t
get detected.”
Copyright © 2007 McAfee, Inc. All rights reserved
HI-TECH CRIME IS NO LONGER JUST A
THREAT TO INDUSTRY AND INDIVIDUALS.
EXPERTS BELIEVE THAT CYBERTHREATS
TO NATIONAL SECURITY GLOBALLY
WILL CONSTITUTE ONE OF THE BIGGEST
SECURITY THREATS IN 2008 AND BEYOND.
“Increasingly, the press has been reporting
numerous cyber intrusions onto governmental
networks around the world. We also know that
defence contractors and other vendors who
provide intelligence and technical services to
governments have discovered IT breaches.
There have also been reported instances of
attacks against high-tech companies whose
leading-edge, proprietary technology should
be considered high-value targets by both
competitors and by other nations. It’s not
unreasonable to believe that some of these
attacks may have been directed – or conducted
– by competing nation-state governments.
There’s widespread consensus that we should
expect that these types of malicious activities will
dramatically increase over the next few years.”
HOW PREPARED ARE GOVERNMENTS
AND PUBLIC-SECTOR COMPANIES FOR
CYBERATTACKS?
Spafford also said that most government agencies
and companies around the world use common
computing technologies and systems – the same
products frequently penetrated by criminal
hackers and malware.
SECTION ONE:
THETHE
INCREASING
CYBERCYBER
THREATTHREAT
TO NATIONAL SECURITY
CHAPTER
ONE:
INCREASING
How
the internet
has become a weapon for political,
TO
NATIONAL
SECURITY
12
military
economic
espionage:
How
theand
internet
has become
a weapon for political,
military and economic espionage
DESIGNED TO TAP DEEP INTO A
NATION’S CORE INFRASTRUCTURE
NATO analysts believe that the sophistication and
management of recent attacks suggest that the
Estonia experience was just the tip of the iceberg
in cyber warfare. Each phase was designed to
tap deep into the nation’s core infrastructure
and seek out the extent to which systems and
networks could stand up to relentless cyberassault. The deliberate and abrupt start and end
points of the probe indicated that it wasn’t a fullscale attack, and the perpetrators will most likely
apply what they have learnt to the development of
future cyberattacks.
“Traditional protective measures were not
enough to protect against the attacks on
Estonia’s critical national infrastructure. Botnets
(collections of zombie PCs) unsurprisingly were
used, but the complexity and coordination seen
during the Estonia attacks was new. There was
a series of attacks with careful timing using
different techniques and specific targets. The
attackers stopped deliberately rather than being
shut down,” said a NATO insider.
Estonia showed just how easy it was for critical
national infrastructure to be compromised and
experts argue that all sovereign states must
properly isolate such core functions.
A CYBER COLD WAR? ARE WE IN
THE MIDST OF A CYBER COLD WAR?
EXPERTS BELIEVE WE ARE.
The Chinese have publicly stated that they are
pursuing activities in cyber-espionage and in the
government’s white paper, as read by McAfee
Avert Labs, they speak of technology being a
large part of war in the future. The United States,
United Kingdom, Germany and several other
countries are likely targets for political, military,
economic and technical espionage.
HOW A SUSTAINED AND TARGETED
CYBERATTACK COULD LEAD TO
NATIONAL CRISIS
The fall-out from a cyberattack on a country’s
national infrastructure could be devastating.
“Hackers could create chaos by manipulating
information and electronic systems that the
government, the military and the private industry
rely on,” said Joel Brenner of the United States
Office of Counterintelligence Executive. “Water
and sewer systems, electricity, financial markets,
payroll, air and ground traffic control systems ...
could all be subject to sophisticated attacks by
both state sponsored and freelance terrorists.”vii
And other nations may have similar plans to
conduct online spying operations.
“There are signs that intelligence agencies
around the world are constantly probing
other governments’ networks looking for
strengths and weaknesses and developing
new ways to gather intelligence,”
said Peter Sommer, an expert in information systems
and innovation at the London School of Economics.
“The attacks could have caused serious
problems for some national networks
in other European nations with less
sophisticated monitoring and defence
capabilities than Estonia. Detailed reports
have gone back to partner NATO nations
who are now doing more to defend
networks.”
Copyright © 2007 McAfee, Inc. All rights reserved
If Estonia was inadequately prepared, however,
the same NATO insider warns that the impact of
the attacks could have been far more critical and
long term for other countries:
“Everybody is hacking everybody,” said Johannes
Ullrich, an expert with the SANS Technology
Institute, pointing to Israeli hacks against the
United States and French hacks against European
Union partners. But it is aspects of the Chinese
approach that worry him. “The part I am most
afraid of is...staging probes inside key industries.
It’s almost like having sleeper cells, having ways
to disrupt systems when you need it if it ever
came to war.”viii
And with an estimated 120 countries working
on their cyberattack commands, in 10-20 years
experts believe we could see countries jostling
for cyber supremacy.ix
Sommer warns that countries are undoubtedly
gearing themselves to launch international all-out
online attacks. The present political environment
is one in which countries are testing the water
to gauge the potential influence (and risks)
of such assaults. “Government agencies are
doubtless conducting research on how botnets
can be turned into offensive weapons, but before
launching a weapon you need to be sure what
the outcome will be – you don’t want attacks to
spill over to your own allies by mistake. DDoS
attacks will remain a problem for public-facing
government web sites, but internal sites are
usually easier to protect,” he said.
“The Chinese were first to use cyberattacks
for political and military goals,” said James
Mulvenon, an expert on China’s military and
director of the Center for Intelligence and
Research in Washington. “Whether it is a
battlefield preparation or hacking networks
connected to the German chancellor they are
the first state actor to jump feet first into the
21st century cyber warfare technology. This is
becoming a more serious and open problem.”x
Hi-tech crime is no longer just a threat to industry
and individuals. National security is also under
attack from cyber-espionage and cyberattacks
and some governments are taking the threat
very seriously and shoring up their defences.
The Australian attorney general, for example,
announced after attacks this year that the
government was to spend AU$70m to improve esecurity. But can all countries afford to do this?
Who is at risk in the future? Experts believe
likely cybertargets are those countries which
are heavily networked and reliant on the Internet
as well as those countries with an unstable
political environment.
CHAPTER TWO: THE INCREASING THREAT
TO INDIVIDUALS AND INDUSTRY
How online services are becoming prime targets for cybercriminals
IN THIS IN THIS CHAPTER: :
•
Increasing threat to
online services
•
Genetically modified
‘super’ threats
•
New technology, new threats
– ‘vishing’ and ‘phreaking’
•
A run on the banks
“What we need is banks controlling transfers
more carefully, spotting patterns, limiting transfers
out to trusted recipients like gas companies.
Dr Richard Clayton, a cybersecurity expert
at Cambridge University
SECTION ONE:
THETHE
INCREASING
CYBERTHREAT
THREAT TO NATIONAL SECURITY
CHAPTER
TWO:
INCREASING
How
the internet has
become
a weapon for political,
TO
INDIVIDUALS
AND
INDUSTRY
16
military
andservices
economic
espionage:
How
online
are
becoming prime targets for cybercriminals
As Internet users bank and shop more online
and display more of their personal information
on social networking sites, cybercriminals are
employing increasingly sophisticated means to
prise this information from them. Office workers
who upload and share more sensitive data via file
sharing software are also a common target.
Organised crime is capitalising on every
opportunity to exploit these new Web-based
technologies to commit classic crimes such as
fraud and extortion.
McAfee Avert Labs believes attacks targeted at
Web-based services will constitute one of the ten
biggest global security threats in 2008.
As Internet crime, identity theft and violation
of privacy increasingly become a part of public
consciousness, consumer trust in online services
may be severely damaged.
IN SUMMARY, EXPERTS BELIEVE THE KEY
GLOBAL THREATS AFFECTING USERS IN
2008 WILL BE:
• New and sophisticated forms of attack
• Targeting new technologies, such as peer-topeer and VoIP services
• Targeting online social networks
• Targeting online services, in particular
online banking
GENETICALLY MODIFIED ‘SUPER’ THREATS
STORM WORM
There is a new level of complexity in malware not
seen before. These ‘super strength’ threats are
more resilient, are modified over and over again,
and contain highly sophisticated functionality
such as encryption.
Nuwar, also known as Zhelatin and ‘Storm Worm’,
is one of the most prevalent strains of malware
at the moment with new variants appearing
almost daily. Nuwar is a Trojan horse distributed
by way of massive spam campaigns with emails
containing a link to a site that attempts to
install the malware automatically or tricks the
user is into installing the code if the automatic
installation fails. All infected machines are
controlled via a peer-to-peer network. The entire
botnet is used to send out spam or run DDoS
attacks. It may be one of the largest botnets at the
moment, with the number of infected computers
worldwide running into the millions.
A recent example of these new super strength
threats to hit computer users in 2007 was Nuwar
(also known as the Storm Worm). It was the most
sophisticated threat experts had ever seen ‘in the
wild’. The Storm Worm set a worrying precedent.
McAfee Avert Labs expects others will ride the
coattails of Storm Worm, pushing up the number of
PCs turned into bots. Bots are computer programs
that give cybercrooks full control over PCs. Bot
programs typically get installed surreptitiously on
the PCs of unknowing computer users.
David Vaile of the Australian Legal Information
Institute and University of New South Wales
warned that his research in Asia Pacific has
uncovered a frightening world where custom
viruses are written in Eastern Europe to target
specific companies and government agencies.
According to Vaile and his team these viruses are
evolving incredibly fast, drawing a comparison to
recombinant DNA where all elements of the virus
or Trojan are constantly recombined in order to
form a new organism.
Eugene Spafford, a professor of computer
sciences at Purdue University and executive
director of the Center for Education and Research
in Information Assurance and Security (CERIAS)
agreed that the complexity of cyberthreats is
evolving rapidly:
“As a trend we will continue to see fewer overt
viruses and worm programs as attacks but an
increase in threats that hijack PC machines
with bots, Trojans and Web browsers. Another
challenging trend will be the arrival of self
modifying threats and threats which attack back.”
Copyright © 2007 McAfee, Inc. All rights reserved
CYBERCRIMINALS CONTINUE TO REFINE
THEIR MEANS OF DECEIT AS WELL AS
THE VICTIMS THEY ARE TARGETING.
Professor Keiji Takeda of Carnegie Mellon CyLab
Japan said: “The WINNY virus was probably
originally written for kicks and/or copyright violation
rather than for malicious use or by organised crime,
but the effect has been catastrophic.”
“Many workers load the WINNY p-to-p system on
work networks, or take home laptops with work
data on them between home and the office – and,
as a result, corporate data has been uploaded
to terrific embarrassment. Since leakages are
not always via corporate network but from the
home, data breaches are also not being stopped
by corporate firewalls and we’ve also seen many
cases in which ex-employees keep corporate
data on their private PC or Hard Disk even after
they have left the company and accidentally leak
sensitive information.”
HOW CRIMINALS ARE TARGETING
NEW TECHNOLOGIES
WINNY P-TO-P MALWARE: THE COMING
THREAT FROM JAPAN
As the adoption of new Internet technologies grows,
so does the opportunity for cybercriminals to extort
and exploit individuals and industry. In Voice over IP
(Internet Protocol) applications, for example, more
than double the number of security vulnerabilities
have been reported in 2007 than in all of 2006.
We have also seen several high-profile ‘Vishing’
(phishing via VoIP) attacks and a ‘phreaking’
(hacking the telephone network to make free longdistance calls) conviction. VoIP technology is still
new, and defence strategies are lagging. McAfee
Avert Labs expects a 50 per cent increase in VoIPrelated threats in 2008.
In the Japanese corporate sector, some 50 percent
of all data breaches have been linked to malware
infecting WINNY. When WINNY is corrupted, it
uploads vital data from the user’s hard drive to
others on the p-to-p network. When this happens to
a corporate service, the results can be catastrophic.
In Japan, data has been leaked from nuclear power
plants and sensitive policing investigations. Japan
requires responsible corporations to make public
disclosure of data breaches. However, since the
data is freely available on the WINNY network,
disclosure merely alerts ID thieves to what data has
been newly leaked.
Another new target for cybercriminals is peerto-peer (p-to-p) services, in particular in Japan’s
WINNY, the most popular p-to-p service in
Asia. While not yet prevalent in the West due to
bandwidth constraints, p-to-p networks such
as WINNY will undoubtedly spread as global
technology catches up.
As p-to-p threats arrive in the West, regulators will
need to be alert and not apply outdated solutions
to new threats. McAfee Avert Labs have already
warned that Nuwar, which uses peer-to-peer
technology, may be the most dangerous piece of
malware ever seen.
SECTION ONE:
THETHE
INCREASING
CYBERTHREAT
THREAT TO NATIONAL SECURITY
CHAPTER
TWO:
INCREASING
How
the internet has
become
a weapon for political,
TO
INDIVIDUALS
AND
INDUSTRY
18
military
andservices
economic
espionage:
How
online
are
becoming prime targets for cybercriminals
Assaults on consumer networking sites are
becoming more unnerving. It was reported
on November 8, 2007 that cybercriminals had
hijacked pages on News Corp’s (NWS) social
networking site MySpace including the home
page of US singer Alicia Keys. Clicking nearly
anywhere on the page would lead viewers to a
Web site in China that tried to trick PC users into
downloading software that took over their PCs.
Social networking sites such as MySpace and
Facebook have become an attractive target
for cybercriminals looking to mine personal
information, to trick users with phishing scams
and to serve up malware.
A new opportunity for cybercriminals is the
popularity of applications on social networking
sites, for example those on Facebook that allow
users to send each other virtual ‘rounds of drinks’
and ‘birthday gifts’. Invariably malware writers
will attempt to exploit this capability to trick users
into granting access to personal information.
Cybercriminals could thus gather vast amounts of
highly valuable and marketable information.
Google’s new Open Socialxi protocol has already
been adopted by MySpace and allows the
migration of personal data between social
networking sites, it too could pose a threat,
according to Lilian Edwards, a leading hi-tech
security expert at the Institute for Law and the
Web, University of Southampton, United Kingdom.
THE ‘COMPARE ME’ SCANDAL
THE INCREASING CYBERTHREAT TO THE
FINANCIAL INDUSTRY
One of the most popular applications on Facebook
is “Compare Me”. Users are asked to say which
of their friends are the hottest, the best fun to
go shopping with, the most trustworthy, etc.
The app writers originally promised that only
general results would be made public (e.g. “X is
3rd hottest in your friends circle!”). A few weeks
later, however, it turned out that non-anonymous
data (e.g. “Your friend X said Y was a better friend
than you”) was being sold for US $9.
Online fraud is already costing Internet users
and businesses millions of dollars annually, but
experts believe sustained targeting of customers
by cybercriminals could also severely damage
public trust in online banking services, and
believe that to maintain trust in online banking,
banks and customers need to assume joint
responsibility, i.e. banks must invest in superior
security measures and customers must use the
tools provided.
“People are said to fear e-crime more than
mugging,” said the United Kingdom’s Lord
Broers in the House of Lords Report on Personal
Internet Security. “That needs to change or else
confidence in the Internet could be destroyed.
You can’t just rely on individuals to take
responsibility for their own security. They will
always be out-foxed by the bad guys. We feel
many of the organisations profiting from Internet
services now need to take their own share of
the responsibility.”
Although the potential ‘Compare Me’ damage is
trivial, it shows how easy it is for cybercriminals
to extract personal information from users on
social networking sites. It also shows how little
personal restraint users often demonstrate when
sharing information and opinions online.
“Given the exponential growth in social
networking sites, social engineering may
shortly become the easiest and quickest
way to commit ID theft. Who needs to
hack or dumpster dive when all you need
to do is turn on your PC and log on?”
said Lilian Edwards.
SO WHAT IS THE FINANCIAL SECTOR
DOING TO COMBAT CYBERCRIME?
Copyright © 2007 McAfee, Inc. All rights reserved
SOCIAL NETWORKING:
CYBERCRIMINALS
GO WHERE THE PEOPLE ARE
The financial sector is not standing still. Many
banks have introduced sophisticated security
methods such as secondary authentication,
though this type of advanced security is
sometimes limited to high net-worth customers
and availability varies by geography.
Brazil, for example, has one of the most advanced
online banking systems in the world. Nearly 100
percent of Internet banking sites use HTTPS and
two PINs (one to log onto the system and one
to perform a transaction). Some banks also use
an additional one-time-password to provide an
additional layer of security. Many European banks
do the same and banks in North America also are
implementing additional security systems.
Not everyone, however, is convinced that efforts
to address online banking security will prove
effective enough, fast enough. Critics include
Dr Richard Clayton, a cybersecurity expert at
Cambridge University.
“User-interface tricks to improve customer
security do not seem promising and
customer testing will be very problematic
with card readers.” he said. “What we
need is banks controlling transfers more
carefully, spotting patterns, limiting
transfers out to trusted recipients like gas
companies. Two-factor authentication
could lead to huge drop in phishing by
2009. It is not yet clear whether much
online fraud is due to non-phishing
tactics.”
SECTION ONE:
THETHE
INCREASING
CYBERTHREAT
THREAT TO NATIONAL SECURITY
CHAPTER
TWO:
INCREASING
How
the internet has
become
a weapon for political,
TO
INDIVIDUALS
AND
INDUSTRY
22
military
andservices
economic
espionage:
How
online
are
becoming prime targets for cybercriminals
DECLINE IN PUBLIC TRUST?
While direct losses to Internet users via privacy
breaches may be small, recoverable or even
unnoticed, experts fear the cumulative effect
could be the erosion of trust in public institutions
such as banks and government agencies and in
particular in doing business over the Internet.
The impact of cybercrime on consumer confidence
is already being felt in the United States. According
to Gartner analysts, most consumers do not open
email from companies or individuals they do not
know from prior experience. Three out of four
online shoppers are more cautious about where
they buy goods online, and one-third report buying
fewer items than they otherwise would because
of security fears. US banks are already losing
customers because of security concerns.xii
Sommer at the London School of Economics
said communication is the key to maintaining
consumer trust:
“Critical in avoiding a run on online
banks will be their public relations
effectiveness in the few hours after
significant and successful attacks are
first publicised. Inept PR combined with
an event that couldn’t be disguised
with victims available to the press
could cause serious problems for an
online bank. UK bank Northern Rock
showed that it is very difficult to calm
market panic once it is set in train.”
Copyright © 2007 McAfee, Inc. All rights reserved
A recent Ponemon Institutexiii study reveals that
data breaches undermine consumer confidence
and fear of identity theft has changed consumers’
purchasing behaviour.
SECTION ONE:
THETHE
INCREASING
CYBERTHREAT
THREAT TO NATIONAL SECURITY
CHAPTER
TWO:
INCREASING
How
the internet has
become
a weapon for political,
TO
INDIVIDUALS
AND
INDUSTRY
UNITED STATES Individuals lost at least $200 million to online fraud in 2006 - and that’s just
the people who took the time to report their misfortune to the FBI’s Internet Crime Complaint
Centre. Those 200,000 cyberfraud victims said they were swindled out of an average of $724.
military
andservices
economic
espionage:
How
online
are
becoming prime targets for cybercriminals
ONLINE FRAUD FROM AROUND THE WORLD
UNITED KINGDOM The Metropolitan Police broke up a UK phishing gang that had 2000 UK
victims, with hundreds of thousands of pounds each month being transferred to one of five
phishing accounts.
SOUTH AFRICA According to Neville Melville, South Africa’s outgoing ombudsman for
banking services, Internet banking has increased by 20 per cent in the past year.
As South Africans’ use of the Web to perform business transactions, including banking
and shopping, grows, they run an increased risk of becoming victims of cybercrime, which
research indicates has become the fastest growing white collar crime in the country.
Melville said that cybercriminals are taking advantage of the fact that the country lacks
proper legislation to deal with Internet crime, adding that the police and judicial system also
lack resources and equipment to effectively investigate crimes and successfully prosecute
cybercriminals.
BRAZIL Brazil has been suffering for some years from a plague of Trojans called PWSBankers (PWS stands for password stealers). The finance industry is by far the preferred
target for cybercrime in Brazil.
In 2005, Febraban (the Brazilian Banks Federation) estimated the losses at R$300m
(US$165m) due to virtual fraud.
Once the Trojan was downloaded it recorded keystrokes that were activated as users tried
to log into the Nordea online banking site. They were then redirected to a false homepage,
where their log-in details were recorded and used by criminals on the real bank site to steal
money from their accounts.
Copyright © 2007 McAfee, Inc. All rights reserved
“At the moment, cybercriminals see Africa as a safe haven to operate illegally with
impunity,” said Hamadoun Toure, secretary-general of the Geneva-based ITU. “Cybercrime
in Africa and other developing regions will become even worse as broadband technology
takes off, allowing criminals to operate more effectively.”xiv
SWEDEN In what is believed to be the biggest online heist to date, in early 2007, Internet
fraudsters stole around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank
Nordea. An estimated 250 customers were duped into falling for phishing emails containing
a tailor-made Trojan sent in the name of the bank encouraging people to download a ‘spam
fighting’ application.
20
According to Febraban, “Brazilian banks are concerned with this new fraud / hacking
scenario, but they are aware that the technology innovation has gone past the point of no
return, either due to the evident benefits to customers – who gain time and convenience for
transactions anywhere or due to the sheer efficiency gains provided by the new channels to
the Brazilian financial system.”
BANCO DE BRASIL On June 16, 2007, Banco de Brasil released a new Internet banking Web
site, updating everything in its design. Banco de Brasil is one of the most targeted banks in
the country and most data-thieving malware aimed at the bank’s customers was designed
for the old site.
Within a few days, a source-code repository of PWS-Bankers was discovered by McAfee
Avert Labs revealing plenty of files targeting Brazilian banks. One file in particular caught
their attention – ‘New Banco de Brasil Screen.jpg’. It was dated June 21 and had the new
password screen of the Banco de Brasil Web site. Assuming the dates are accurate, in
fewer than five days the criminals had created a functional PWS-Banker Trojan that was
ready to pose as the new bank site.
CHAPTER THREE: HI-TECH CRIME: A THRIVING ECONOMY
The growing market in zero day threats
IN THIS CHAPTER:
•
Cybercriminals offer
customer service
•
Laws of supply and
demand apply
•
‘White market’ fuelling
thriving black market
•
The Virtual Arms Trade
Competition is becoming so intense that
‘customer service’ has now become a
specific selling point
SECTION ONE:
THE INCREASING
CYBERATHREAT
TO NATIONAL
SECURITY
CHAPTER
THREE:
HI-TECH CRIME:
THRIVING
ECONOMY
26
Howgrowing
the internet
hasinbecome
weapon for political,
The
market
zero daya threats
military and economic espionage:
THE THIRD GLOBAL SECURITY TREND
IDENTIFIED BY SECURITY EXPERTS CONSULTED
IS THE EMERGENCE OF AN ENTIRE ECONOMY
GEARED TO OUTFIT CRIMINALS WITH THE
TOOLS FOR CYBERCRIME.
An entire economy now exists to outfit criminals with
the virtual tools they need to commit cybercrime.
This thriving underworld includes specialised auction
sites, product advertising and even support services.
Competition is becoming so intense that ‘customer
service’ has now become a specific selling point
when organised crime gangs are looking to use or
rent botnet time (to send out spam, jam a website
or even monitor keystrokes to detect people’s
passwords) or have malware created for them. Here
is an overview of the emerging trends in this sector
of the cybercrime economy:
Whilst many of these services are labeled as being
sold for ‘education purposes’ or purely for proof
of concept testing, it is clear that they could do
damage if they fell into the wrong hands or were sold
by people with malicious intent. The cycle of supply
and demand is enabling the commercialisation
of cybercrime.
LEASE A BOTNET
Computer skills are no longer necessary to execute
cybercrime. Botnets have become tools which can
be bought, sold and stockpiled like guns or drugs;
they can even be traded or leased. This enables
perpetrators with fewer technical skills to commit
crimes.xv On the flipside, malware writers do not even
need to commit the crimes themselves to make it
financially viable; they can simply sell the tools to
do so. People can subscribe to tools that keep
them up to date with the latest vulnerabilities, for
example MPACK or Pinch which includes a support
service to ensure it utilises the latest vulnerabilities
and even tests itself against security solutions to
validate effectiveness.
HOW THE SECRET VIRTUAL ARMS
TRADE IS CAUSING CONCERN FOR
GOVERNMENTS
The black market for stolen data (e.g. credit cards,
emails, Skype accounts, etc.) is now well-developed
and the cost of obtaining credit card details could be
from $US.50 to five dollars or more.
However, it is another black market that is
causing alarm to governments and world capitals
- zero day exploits.
CHEAP AS BOTNETS
Zero-day exploits: Computer code that exploits a
vulnerability for which a patch is not yet available.
MADE TO MEASURE
A budget of as little as $US25 to $1,500 can buy you a
Trojan that is built to steal credit card data and mail
it to you. Malware is being custom written to target
specific companies and agencies.
Copyright © 2007 McAfee, Inc. All rights reserved
With so many PCs now infected, competition to
supply botnets has become intense and the cost of
buying and leasing them has tumbled. Around five
per cent of all global machines may be zombies
– and the cost of renting a platform for spamming is
now around $US.037 per zombie per week (Source:
UK House of Lords Report into Personal Internet
Security, 2007).
Exploits are a weapon that can be used to
inflict damage on corporations, competitors or
governments. They open ‘back doors’ in programs,
allowing theft of personal data such as bank
account details, and they can even inflict significant
damage on the infrastructure of a nation or be used
for cyber-espionage. “There is no magic involved
in cyber-espionage, all anyone has to do is exploit
some flaw or vulnerability,” said Shawn Carpenter,
principal forensic analyst at Netwitness. These
vulnerabilities can also be used to blackmail the
vendor of the affected software.
In January 2006, a Microsoft WMF exploit was sold
in an online auction for $US4,000 and it was believed
to have been be sold to more than one ‘black hat’
buyer (a person who compromises the security
of a computer system without permission from an
authorised party, typically with malicious intent).
Investigations showed that the exploit was later
used by at least one buyer to capture machines
to spread ‘pump and dump’ spam (email campaigns
designed to inflate stock prices with bogus
insider information.
There is also evidence to suggest that $US4,000
is fairly low and perhaps ‘devalues the market’.
The pictured email [I will buy for more] implies that
exploits can fetch up to $75,000.
SECTION ONE:
THE INCREASING
CYBERATHREAT
TO NATIONAL
SECURITY
CHAPTER
THREE:
HI-TECH CRIME:
THRIVING
ECONOMY
28
Howgrowing
the internet
hasinbecome
weapon for political,
The
market
zero daya threats
military and economic espionage:
Many people might be shocked to learn there
is a legal ‘white market’ in the buying and
selling of these zero-day vulnerabilities. Using
contracts and non-disclosure agreements with
legitimate organisations, companies openly buy
these software flaws. Examples include Tipping
Point (owned by 3Com) and iDefense (owned
by Verisign). Governments also actively employ
experts to hunt for flaws.
SHOULD THE SALE OF EXPLOITS
BE ILLEGAL?
Security experts and economists do not agree on
whether a ‘white market’ should be allowed. There
is a school of thought that believes that discovering
an exploit is hard work and that researchers should
be paid for it, since their work is for the public
good. On the other hand, software writers argue
that a bug in their software is not something that
should be saleable back to them, or worse still,
someone else.
Whilst experts agree vulnerabilities need to be
discovered, many still feel uneasy about this
‘white market’. Both the aforementioned major
players on the white market engage in ‘responsible
disclosure’, i.e. they disclose the vulnerability to
the software vendor after they have made it known
to their own customers. The vulnerability is thus
eventually fixed or patched. However, a time gap
inevitably exists between when a vulnerability is
found and when the vendor patches it.
Evidence suggests that where a ‘white market’
exists, there is always a danger that exploits can
fall into the wrong hands. The United States, to
prevent exactly that from happening, is currently
attempting to pass legislation to block the sale of
3Com, which owns Tipping Point, to a large Chinese
company with government links.
As a member and contributor to the Organisation
for Internet Safety (OIS), McAfee believes that the
existence of a legal ‘white market’ is not in the best
public interest and advocates ethical disclosure.
“We believe that the only way to secure networks
is to make disclosure solely about ethics rather than
notoriety or financial reward,” said David Coffey,
Director of Product Security at McAfee.
“The more efficient the market for exploits
becomes, the higher the recognised
potential for gain by cybercriminals. The
only concern should be to ensure that
vendors are alerted to the need to patch
and that ultimately people are protected
from risk of attack. ”
Unfortunately, a black market for exploits will
always exist, but by allowing a ‘white market’ it is
possible that we are increasing the danger that
vulnerabilities will fall into the wrong hands.
Copyright © 2007 McAfee, Inc. All rights reserved
CAN THIS MARKET EVER BE LEGAL?
CHAPTER FOUR: FUTURE CHALLENGES
IN THIS CHAPTER:
•
Some countries to become
known as safe havens for
cybercriminals
•
We will see the first
international action on
countries harbouring
cybercriminals
•
Governments will pursue
punitive action against
specific individuals and
companies that attack
countries regardless
of location
•
Action will prompt a dynamic
change in the landscape
The belief is that in the next few years,
governments will pursue punitive action against
the specific individuals and companies that attack
countries. They will get aggressive and go after
them, regardless of the location.
SECTION ONE:
THE FUTURE
INCREASING
CYBER THREAT TO NATIONAL SECURITY
CHAPTER
FOUR:
CHALLENGES
32
How the internet has become a weapon for political,
military and economic espionage:
Increase in safe havens for cybercriminals:
The need for international agreement
The inevitable reality is that some countries will
become known as safe havens for cybercriminals
and international pressure to crack down won’t
work well in those countries where the government
has financial ties to criminals or has a political
agenda encouraging them. Watch for the first
international action on this issue within the next
five years.
“I don’t think cybercriminals have any real
fear of law enforcement yet, right now the
only cybercriminals who are really afraid
are the paedophiles, because there’s been
a huge amount of effort put in there over
the last few years, and now they know
they can’t just put their credit card details
online and not be caught. Our job is to
create a similar climate of fear for other
types of cybercrime.”
said Sharon Lemon, SOCA, the United Kingdom’s Serious
Organised Crime Agency.
The good news isthat some countries that are
known sources of malware are already taking
action to effect change. Russia, for example, has
just formed an e-crime unit. In cyber-policing, the
West is recognising that being international is a
requirement rather than an option.
International collaboration on this level,
however, will not happen overnight. Despite the
Cybercrime Convention and EC initiatives on
information attacks, global co-operation on cyberenforcement is still difficult and costly. NATO and
the U.S. Airforce Command have been brought
in specifically to look at threats against nations,
but mainstream cybercrime needs to rise up the
international agenda.
Unfortunately, there is some belief that it will take
cybercrime to become firmly rooted in society
and to grow beyond a ‘manageable risk’ before it
is tackled on a large scale. When that happens,
just as with drugs and gambling, it will receive the
resources and attention to properly start tackling it
on a national and global level.
The belief is that in the next few years,
governments will pursue punitive action against
the specific individuals and companies that attack
countries. They will get aggressive and go after
them, regardless of the location.
Once this happens, this will prompt a dynamic
change in the landscape. Cyber-criminals will
no longer undertake cybercrime in certain areas
because it will present a much greater risk, even to
their personal safety.
LEGAL SOLUTIONS TO MITIGATE
CYBER-INSECURITY
CHANGES IN HOW WE THINK
OF SECURITY
We will see governments putting pressure on
intermediary bodies that have the skills and
resources, such as banks, ISPs and software
vendors, to protect the public from malware,
hacking and social engineering. We’ve already
seen the Federal Trade Commission in the US
calling for action. It’s likely that industry will resist
these moves and governments will need to balance
the economic impact on industry sectors with
public concern for cyber-security. The likeliest
outcome will be a growth in ‘soft-law’ – industry
sector codes of practice demanding improved
security measures, backed possibly by kitemarking, guarantees and insurance.
We will also see greater connectivity, more
embedded systems and less obvious perimeters
which will all require a change in how we think
about security. But the changes will be slow
in coming.
Compliance rules and laws will drive some
significant upgrades and changes, but not all will
be appropriate as the technology changes. Some
compliance requirements may actually expose
organisations to attack. Related to compliance,
the enforcement of external rights (e.g. copyright
using digital rights management will lead to greater
complexity in systems and more legal wrangling.
Individual civil suits for security breaches will start
to appear, although their growth in Europe is likely
to be slower due to a different class action culture
than in the US. Security standards of reasonable
care for industry will need to be far more closely
defined as regulators become more interested in
both corporate and user security.
Finally, there is a growing realisation that massive
data stores, mirroring, RAID, backups and more
mean that data never really goes away. This will be
a boon to some law enforcement activities, but it
will also be a burden for companies in civil lawsuits
and a continuing threat to individual privacy.
Copyright © 2007 McAfee, Inc. All rights reserved
HAVING ANALYSED THE EVOLUTION AND
DEVELOPMENT OF CYBERCRIME TO DATE,
MCAFEE AND EXPERTS FROM THE CENTRE FOR
EDUCATION AND RESEARCH IN INFORMATION
ASSURANCE AND SECURITY (CERIAS) IN THE
UNITED STATES BELIEVE THE FOLLOWING
TRENDS WILL START EMERGING OVER THE
COMING YEARS.
SECTION ONE: THE INCREASING CYBER THREAT TO NATIONAL SECURITY
CONTRIBUTORS:
34
How the internet has become a weapon for political,
military and economic espionage:
DR IAN BROWN – RESEARCH FELLOW
AT THE OXFORD INTERNET INSTITUTE
OXFORD UNIVERSITY
Dr Ian Brown is a research fellow at the Oxford
Internet Institute, Oxford University, and an
honorary senior lecturer at University College
London. His work is focused on public policy issues
around information and the Internet, particularly
privacy, copyright and e-democracy. He also works
on the more technical fields of information security,
networking and healthcare informatics.
He is a Fellow of the Royal Society of Arts and
the British Computer Society, and an adviser to
Privacy International, the Open Rights Group,
the Foundation for Information Policy Research
and Greenpeace. He has consulted for the US
government, JP Morgan, Credit Suisse, the
European Commission and the UK Information
Commissioner’s Office.
In 2004 he was voted as one of the 100 most
influential people in the development of the
Internet in the UK over the previous decade.
LILIAN EDWARDS – INSTITUTE FOR LAW AND THE
WEB (ILAWS), UNIVERSITY OF SOUTHAMPTON
SHARON LEMON – HEAD OF E-CRIME, SERIOUS
ORGANISED CRIME AGENCY (SOCA)
Lilian Edwards is Professor of Internet Law
at Southampton, and Director of ILAWS. Her
research interests are generally in the law relating
to the Internet, the Web and new technologies,
with a European and comparative focus. Her
current research focus is on Internet content
(pornography, libel, spam, etc.); intermediary/ISP
liability on the Internet; jurisdiction on the Internet;
privacy and data protection on-line; cybercrime
and cyber-security; and consumer protection on
line. She has co-edited two bestselling collections
on Law and the Internet and a third collection
of essays The New Legal Framework for ECommerce in Europe.
The Serious Organised Crime Agency (SOCA)
is an Executive Non-Departmental Public Body
sponsored by, but operationally independent from,
the Home Office.
Detective Superintendent Sharon Lemon is the
Head of E-Crime at SOCA.
BOB BURLS MSC – DETECTIVE CONSTABLE,
METROPOLITAN POLICE COMPUTER CRIME UNIT
The Computer Crime Unit is a centre of excellence
in regard to computer and cybercrime committed
under the Computer Misuse Act 1990, notably
hacking, maliciously creating and spreading
viruses and counterfeit software. The unit provides
a computer forensic duty officer and offers
computer evidence retrieval advice to officers.
Personal biography not available.
Her work in on-line consumer privacy won the
Barbara Wellbery Memorial Prize in 2004 for
the best solution to the problem of privacy and
transglobal data flows. She is an adviser to
BILETA, EURIM, Creative Commons Scotland, and
the Online Rights Group and has consulted for the
European Commission.
YAEL SHAHAR - DIRECTOR, DATABASE PROJECT
INSTITUTE FOR COUNTER-TERRORISM, IDC
HERZLIYA
Yael Shahar heads ICT’s OSINT and database
project. She designed the ICT terrorist connections
database and the terrorist incidents database,
used for tracking links between terrorist
individuals, front companies, and organisations.
Ms. Shahar specialises in the study of
technological trends as applied to terrorism and
intelligence sharing. She lectures on terrorism
trends, non-conventional terrorism, and threat
assessment at the International Policy Institute
for Counter Terrorism, Interdisciplinary Center
Herzliya, as well as security conferences and
seminars worldwide.
Ms. Shahar’s primarily responsibility is conducting
open-source datamining in support of ICT
research projects, as well as venue-specific threat
assessments for ICT’s commercial clients.
Her background is in physics, database design, and
security and installation protection. She served as
a reservist in the IDF hostage rescue unit, and as a
sniper in Israel’s Border Guard ‘Matmid’ units.
Copyright © 2007 McAfee, Inc. All rights reserved
EMEA:
SECTION ONE: THE INCREASING CYBER THREAT TO NATIONAL SECURITY
CONTRIBUTORS:
36
How the internet has become a weapon for political,
military and economic espionage:
Peter Sommer’s main research interest is the
reliability of digital evidence, a subject which
encompasses forensic computing and ecommerce. He has helped developed the LSE’s
social -science orientated courses on information
security management. In the last Parliament
he was Specialist Advisor to the UK House of
Commons Trade and Industry Select Committee
while it scrutinised UK policy and legislation on
e-commerce. He was part of the UK Office of
Science Technology’s Foresight Study, Cyber Trust,
Cybercrime. He sits on a number of UK Government
Advisory Panels. Recent research contracts have
been carried out for the UK Financial Services
Authority and the European Commission’s Safer
Internet Action Plan. He is currently part of the
European FIDIS Network of Excellence and
also a member of the Reference Group (review
mechanism) of another European Commission
initiative, PRIME.
He is an external examiner at the Royal Military
College of Science and an advisor on a number of
law enforcement and other committees concerned
with cyber-crime and emergency response. He
has advised Centrex, which provides hi-tech crime
training to UK law enforcement, and TWED-DE,
a US DoJ-funded exercise to develop training on
digital evidence. He has also lectured at UK and US
law enforcement seminars on cyber-evidence and
intelligence matters.
He was on the programme committee for
FIRST 2000 in Chicago.
Peter Sommer acts as an advisor and surveyor for
leading insurers of complex computer systems. His
first expert witness assignment was in 1985 and his
casework has included the Datastream Cowboy /
Rome Labs international systems hack, the Demon
v Godfrey Internet libel, NCS Operation Cathedral,
Operation Ore and many other cases involving
such diverse crimes as multiple murder, forgery,
software piracy, bank fraud, credit card cloning
and the sale of Official Secrets.
UNITED STATES:
EUGENE H SPAFFORD – PROFESSOR OF
COMPUTER SCIENCES, PURDUE UNIVERSITY
AND EXECUTIVE DIRECTOR OF THE CENTRE FOR
EDUCATION AND RESEARCH IN INFORMATION
ASSURANCE AND SECURITY (CERIAS)
Eugene H. Spafford is one of the most senior and
recognised leaders in the field of computing. He
has an on-going record of accomplishment as a
senior advisor and consultant on issues of security,
education, cybercrime and computing policy to
a number of major companies, law enforcement
organisations, academic and government
agencies, including Microsoft, Intel, Unisys, the US
Air Force, the National Security Agency, the GAO,
the Federal Bureau of Investigation, the National
Science Foundation, the Department of Energy,
and two Presidents of the United States.
He is on the Advisory Council of the Foundation for
Information Policy Research, a UK-based think tank.
RICHARD CLAYTON – CAMBRIDGE UNIVERSITY
COMPUTER LABORATORY
The Computer Laboratory at Cambridge is the
Computer science department of University_of_
Cambridge. The Cambridge Diploma in Computer
Science was the world’s first taught course in
computing, starting in 1953.
Richard Clayton is a leading security researcher
and a long time contributor to UK security policy
working groups.
With nearly three decades of experience as a
researcher and instructor, Professor Spafford
has worked in software engineering, reliable
distributed computing, host and network security,
digital forensics, computing policy, and computing
curriculum design. He is responsible for a number
of ‘ in several of these areas.
Copyright © 2007 McAfee, Inc. All rights reserved
PETER SOMMER – SENIOR RESEARCH FELLOW
AT THE LONDON SCHOOL OF ECONOMICS’
INFORMATION SYSTEMS INTEGRITY GROUP.
ANDREA M. MATWYSHYN –
ASSISTANT PROFESSOR OF LEGAL STUDIES
AND BUSINESS ETHICS, WHARTON, UNIVERSITY
OF PENNSYLVANIA
Andrea M. Matwyshyn is an assistant professor of
Legal Studies and Business Ethics at the Wharton
School at University of Pennsylvania and an
affiliate of the Centre for Economics & Policy at the
University of Cambridge.
Andrea’s research and consulting focus is in
the area of corporate information security and
technology law and policy. Prior to entering
academia, she practised law as a corporate
attorney focusing on technology transactions.
FRED DOYLE - CISSP/GCIH/GREM, DIRECTOR,
IDEFENSE RESEARCH LAB, IDEFENSE VERISIGN.
iDefense Labs in provides comprehensive,
actionable intelligence regarding cyber security
threats and vulnerabilities to the largest financial
services firms, government agencies, retailers
and other large enterprises. Its multi-lingual
network of hundreds of research contributors
in over 30 countries offers early and unique
insight into the cyber underground and previously
unknown software vulnerabilities. This insight
provides our customers with intelligence to aid
them in making decisions in response to threats
on a real-time basis.
SECTION ONE: THE INCREASING CYBER THREAT TO NATIONAL SECURITY
CONTRIBUTORS:
38
How the internet has become a weapon for political,
military and economic espionage:
RENATO OPICE BLUM AND RUBIA MARIA FERRÃO
- OPICE BLUM ADVOGADOS ASSOCIADOS
Opice Blum Advogados Associados has
years of solid experience in the main areas of
law, especially in technology, electronic law,
information technology and its variations. As
pioneer in those matters, it also acts in mediations,
arbitration, oral sustaining in Court, bio-law,
typical technological contracts, cybercrimes etc.
It acts throughout the Brazilian territory and has
international correspondents in the main financial
centres, such as Miami and New York.
As a member of institutional organisations, it
contributes to the evolution of the law related
to technological development. It is outstanding
as founding partner of the Brazilian Chamber of
Electronic Commerce, member of the Computation
Brazilian Society, among other institutions.
Personal biographies not available.
APAC:
GRAEME EDWARDS - DETECTIVE SENIOR
CONSTABLE, COMPUTER CRIME INVESTIGATION
UNIT, QUEENSLAND POLICE SERVICE
The Computer Crime Investigation Unit (CCIU)
within the Major Fraud Investigation Group (MFIG)
was established in 2000 and is responsible for
investigating all computer-related crimes, mainly
fraud-related offences committed on e-retailers,
e-commerce or on Internet users. The Unit also
assesses and provides advice and assistance
on matters involving hacking, denial of service
or Internet stalking. The CCIU currently has a
staffing strength of five police officers and one
administration officer.
Personal biography not available.
DAVID VAILE – EXECUTIVE DIRECTOR, CYBER
LAW AND POLICY CENTRE, UNIVERSITY
OF NEW SOUTH WALES
REFERENCES:
i
http://www.timesonline.co.uk/tol/news/world/asia/article2388375.ece
David Vaile became the Cyberspace Law and
Policy Centre’s first executive director in 2002. He
coordinates the Centre’s support for ARC research
projects such as Unlocking IP, Interpreting Privacy
Principles and Regulating Online Investing, and
teaches Cyberspace Law and Law in the Information
Age. His background in law, IT and communications
includes legal research (Legal Aid NSW), data
protection (Privacy Commissioner’s Office), pro
bono, public interest and test case litigation (Public
Interest Advocacy Centre), a virtual community
for advocates (with the Law Foundation of NSW),
organisational governance, database development,
and online professional education.
ii
http://www.guardian.co.uk/china/story/0,,2162161,00.html
iii
http://news.zdnet.co.uk/security/0,1000000189,39290289,00.htm
iv
http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122_2.html
v
http://www.timesonline.co.uk/tol/news/world/europe/article2332130.ece
vi
http://security4all.blogspot.com/2007/10/chinese-hit-india-3-4-times-day.html
vii
http://www.cnn.com/2007/US/10/19/cyber.threats/
viii
http://www.csmonitor.com/2007/0914/p01s01-woap.html
ix
http://www.csmonitor.com/2007/0914/p01s01-woap.htm
x
http://seattletimes.nwsource.com/html/nationworld/2003886833_chinahack16.html
xi
http://news.bbc.co.uk/1/hi/technology/7070815.stm
xii
http://www.finextra.com/fullstory.asp?id=16204
xiii
http://www.ponemon.org/
xiv
http://www.spaminspector.org/Internet-Fraud/SouthAfricaInternetBankingFraud_12817.html
xv
http://news.bbc.co.uk/2/hi/technology/6976308.stm
His research interests in cyberspace law and
policy include privacy and data protection, IT
security, jurisdiction online, copyright and digital
intellectual property, e-health, risk management and
user-centred design. He is also a member of the
Information Security World Advisory Board, and the
board of the Australian Privacy Foundation.
JAPAN:
PROFESSOR KEIJI TAKEDA – CARNEGIE MELLON
CYLAB JAPAN
Professor Takeda has worked for the Defence
Agency of Japan, Japan Air Self Defence Force,
and Accenture. He is currently at a faculty of
Carnegie Mellon CyLab Japan and an adjunct
faculty at Carnegie Mellon Information Network
Institute. He has conducted R&D, operation,
education, and consultation in the information
security area. He received a Ph.D. in Media and
Governance at Keio University.
Copyright © 2007 McAfee, Inc. All rights reserved
SOUTH AMERICA:
McAfee, Inc., the leading dedicated security technology company, headquartered in Santa Clara, California, delivers proactive and proven solutions and
services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers
home users, businesses, the pubic sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and
improve their security. http://mcafee.com
McAfee, Avert and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., and/or its
affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any other non-McAfee
related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners.
© 2007 McAfee, Inc. All rights reserved.
We endeavour to ensure that the information contained in the McAfee Virtual Criminology Report is correct; however, due to the ever changing state in
Cybersecurity we do not warrant its total completeness or accuracy.
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com
McAfee {include relevant trademarks listed in the document} and/or other noted McAfee related products contained
herein are registered trademarks or trademarks of McAfee, Inc., and/or its affiliates in the US and/or other countries.
McAfee Red in connection with security is distinctive of McAfee brand products. Any other non-McAfee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their
respective owners. © 2007 McAfee, Inc. All rights reserved.
Download