Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Who is winning the war on cybercrime?

Lia Timson and Liam Tung (via SMH) | July 15, 2013
A banking trojan - malicious software - has been installed to hijack bank transfers across Australia.

Other banking trojans act in similar ways. After a three-year manhunt, 24-year-old Nigerian man Hamza Bendelladj is facing charges in the US in connection with selling and supporting SpyEye, which also allows hackers to hijack victims' bank accounts as they log in from their own computers.

"At the highest level, most of the internet is operated by responsible organisations, but you have a few folks that have bad seeds that are going to a level of sophistication - real criminal enterprises," says TJ Campana, director of security at Microsoft's Digital Crimes Unit at its US headquarters near Seattle. 

These are tech-savvy groups and individuals committing fraud online, mostly financial fraud. But there's a war taking place on the internet.

It's a war between those who say they are trying to make it more expensive for criminals to bypass their security, and the criminals trying to stay a step ahead of their suitors.

The war on spam - the mainstay of malware spread, fake drug marketing and other scams - began several years ago.

According to independent researcher and author Brian Krebs' analysis of spam data from security vendor Symantec, spam volumes have decreased from 6 trillion messages in 2008 to about 1 trillion at the end of 2012. Just three years ago spam accounted for more than 90 per cent of global email volume. In January, it dropped to 64.1 per cent.

Joint operations between law enforcement in several countries, Microsoft, security vendors such as Symantec and McAfee, and security researchers have netted major crackdowns on spam senders (Mt Colo ISP was closed in September 2008) and spam botnets (Waledac in January 2010, Rustock and Kelihos in 2011, Bamital in January). Control and command servers for the zombie networks distributing the ZeuS and SpyEye malware were also cut off in March, and arrests relating to cyber financial fraud are taking place more regularly.

Does that mean the good guys are finally winning?
"That's a tough question," Campana says. "Spam still exists, but when we talk to the Windows Live team, they have a pretty good service in filtering out spam, they think they're getting there."

Campana makes no apologies for Microsoft's role in cybercrime fighting. "Malware is bad for our customers, it causes this very bad experience on our products. We want to make it easier for our customers to protect themselves and harder for the bad guys to make money.

"If you infect one of my customers, you are getting them to send spam, to commit fraud," he says.

The actions, mostly driven through the company's legal manoeuvring of civil lawsuits, help it defend its revenue streams on several fronts. By reducing spam and malware spread, it reduces pressure on its Windows Live (previously Hotmail) infrastructure, reduces the likelihood of infection on its customers' PCs, protects its Windows brand and reduces the drain on its advertising revenue caused by click-fraud also perpetrated by botnets.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.