Deutsche Welle, 12 September 2012
Attacks on
communication systems, cyber espionage, military hackers - security experts and
top businesspeople are discussing these very real threats at the Cyber Security
Summit 2012 in Bonn. Which strategies are best?
Internet
crime is a fast-growing, billion-euro business, with hackers no longer just
targeting the military.
At a forum
organized by the Munich Security Conference and Deutsche Telekom, politicians,
businessmen and security experts will gather Wednesday in Bonn to take a closer
look at the real threat from the Internet, a possible cyberwar, and how to
tackle the problem.
Remote-controlled
zombie computers
'Zombie
computers' are right now the most efficient form of cybercrime , and the threat
is growing at an immense speed. Hackers invade individual computers and control
them remotely, creating so-called botnets that can grow to huge proportions.
|
Kemmerer tracks down botnets
|
Richard
Kemmerer, a computer science professor at the University of California in Santa
Barbara, has witnessed the phenomenon firsthand.
"Two
years ago, we stole a botnet from the bad guys," the researcher told the
seventh Future Security Conference in Bonn last week. "We had 180,000
hijacked machines reporting to us every 20 minutes. That gave us great insight
into the underground economy."
The botnet
hacker controls all the compromised computers and can, for instance, prompt
them to attack random computer networks. Kemmerer only had 10 days to
investigate the captured botnet before the "bad guys" managed to
"steal it back." That was time enough to get a better grasp on which
machines, including computers from large companies, were infected, he said.
Kemmerer
found out which security holes the criminals used, and how they managed to
obscure their activities by creating so-called fast-flux networks, which are
difficult to locate because they change their domain names several times every
hour. "It's hard to find out what domain you want to take down," the
researcher said.
Computers
are easily infected nowadays, and Kemmerer is particularly concerned about
"drive-by" downloads - viruses, Trojans and computer worms that users
contract by simply surfing the Internet. "You go and visit an innocent
site, but it has been compromised by the bad guys and infected with their
software, so when you visit, it installs the software onto your machine,"
he warned.
Shopping
paradise for criminals
Two things
make life easy for cybercriminals: straightforward programming software and
careless system administrators. Hacking into political party websites and
government agency networks therefore becomes easy for inexperienced hackers.
Often enough, cybercriminals find easy access to other systems because
administrators have neglected necessary software updates for years.
|
Hackers can move quickly, Dirro warned
|
Do not
underestimate malware programmers, warns Toralv Dirro, a security strategist at
McAffee, a company that offers antivirus and anti-spyware software. Such
programmers are highly adept and use every security breach they can find.
Hackers in
Eastern Europe, for example in Russia, are seen as particularly diligent, Dirro
says, adding that malware programmers there even compete with one another.
Their work is so good that one doesn't have to be a computer whiz to get
started with Internet crime, he says. "It's better if you know Russian,
that is helpful in certain forums," Dirro said. "Everything else, you
can buy."
Today's
cybercriminals buy software tools - ready-made "crime packages" - to
create their very own high-end Trojans. If the hackers don't succeed in letting
their virus loose on humanity, Dirro says, they can buy that service for just a
few hundred dollars online.
Millions of
new viruses, Trojans and computer worms
Every day,
about 100,000 new Trojans are unleashed on the Net, according to Dirro. There
is no lack of providers offering server space for criminal activities, either.
So-called bulletproof hosters are available not only in Russia, but also in the
US, Germany, Switzerland, the Netherlands and many other countries. "The
providers ask no questions, and if there are too many complaints, [the hosters]
get a new IP address," Dirro said.
Thomas
Tschersich, head of Group IT Security at Deutsche Telekom, warned that since
criminals take advantage of security holes as soon as they arise, the Internet
sits wide open to them. For this reason, the fight against cybercrime has to be
simultaneously undertaken by all those involved, he added. Internet service
providers can systematically monitor data flows for malware to the end device,
but require the consent of customers.
Tschersich
thinks the legal framework needs to be expanded. So-called deep packet
inspection should be utilized, he thinks, but he says customer privacy should
also be protected.
Crash tests
for new computers
|
Tschersich promoted a regulatory solution
|
Tschersich
also called on computer manufacturers to improve the situation. "Imagine
if you buy a car without brakes, a seatbelt or airbag," he said, comparing
the IT world to the automotive industry. Instead, he suggests customers be
offered computers that have already passed a "crash test" against
viruses.
However,
this is made more complicated by the ease with which computers can be networked
- computers nowadays sit in a thick network of smartphones, digital
televisions, networked printers, alarm systems and much more. All of these
devices depend on the Internet, and they are all susceptible to malware.
That's why
McAffee strategist Dirro thinks less is more. "Do I really need a digital
refrigerator that can automatically restock the milk, or place an order for
more salmon?," he asks. Because, he continues, such a device might tempt a
determined hacker to send a refrigerated truck to your home full of milk and
three tons of fish.