[ISN] Microsoft official: Web virus authors winning battle

From: InfoSec News (isn@private)
Date: Thu Dec 04 2003 - 03:18:28 PST

  • Next message: InfoSec News: "Re: [ISN] White House chastised for use of security technology"

    http://www.usatoday.com/tech/news/computersecurity/2003-12-03-virus-world_x.htm
    
    By Mark Trevelyan
    Reuters
    12/3/2003 
    
    WIESBADEN, Germany - Creators of computer viruses are winning the
    battle with law enforcers and getting away with crimes that cost the
    global economy some $13 billion this year, a Microsoft official said
    on Wednesday.
    
    Counterfeit centres are shifting from California and Western Europe to
    countries including Paraguay, Colombia and Ukraine said David Finn,
    Microsoft's director of digital integrity for Europe, the Middle East
    and Africa.
    
    In Asia, pirate plants have emerged in Vietnam, Macao, and Myanmar
    (Burma) in addition to more established facilities in Indonesia,
    Malaysia and Thailand.
    
    "So far they are getting away with it. They are winning by a
    considerable margin. Very few have been identified or prosecuted or
    punished," Finn said.
    
    He cited estimates by Business Week that financial damage this year
    from bugs like the Blaster worm and the SoBig.F e-mail virus, which
    crashed systems and disrupted Internet traffic around the world, would
    total some $13 billion.
    
    The cost of protecting networks against such cyberattacks was put at
    $3.8 billion.
    
    Finn also said neither civil lawsuits nor criminal prosecutions were
    doing an adequate job of stamping out software piracy and seizing the
    multi-million dollar profits it generates.
    
    Finn said the number of counterfeit Microsoft products intercepted had
    more than doubled to four million units this year from 1.75 million
    two years ago. But the value of pirate software seized — $1.3 billion
    over three years — was "a small fraction of what's really out there".
    
    He estimated the profit margin on counterfeit software at 900% — nine
    times higher than for distributing cocaine.
    
    Sobering picture
    
    Finn was addressing a cybercrime conference in Germany at which
    experts presented a sobering picture of progress against hackers,
    fraudsters, drug runners, child pornographers and other assorted
    criminals exploiting the World Wide Web.
    
    Britain's top hi-tech crime officer told Reuters in an interview that
    drug dealers and arms traffickers were recruiting experts from the
    computer industry using cash inducements or threats.
    
    "Organised crime is identifying those kinds of skills and buying them
    in," said Len Hynds, head of the National Hi-Tech Crime Unit.
    
    "I know of sophisticated drug-trafficking organisations,
    arms-trafficking organisations that are now making use of hacking
    skills and hacking into the servers of unsuspecting businesses so that
    they can then launch attacks and hide their activity and their illicit
    material."
    
    He said "we shouldn't be surprised" if terror organisations were
    looking to recruit computer expertise.
    
    Hynds said gangs were recruiting people with IT skills not only to
    help them commit cybercrime but to secure their own communications
    networks and avoid detection.
    
    "Organised crime, whatever its commodity, is driven by a desire for
    profit, and often its Achilles' heel is its communications processes.  
    We're aware that organised crime is now using sophisticated methods to
    make its communications more secure, and it will recruit people to
    assist in the process."
    
    He said companies needed to recruit more carefully.
    
    "They need to look at how they recruit staff, how they vet staff, how
    they recruit consultants who may only be with them for a very short
    period of time. Although remote attack is becoming more prevalent,
    it's still a fact that most threats come from inside a company," he
    said.
    
    Hynds said British police were also seeing a sharp rise in 'spoof' Web
    sites of financial institutions, intended to dupe customers into
    revealing their account details and passwords.
    
    He said the number of cases had risen to 40 so far this year from just
    seven in 2002 and the fake sites had become "far more sophisticated".
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Dec 04 2003 - 05:57:32 PST