Cyber crooks get business savvy

http://news.bbc.co.uk/go/rss/-/1/hi/technology/8149034.stm

Version 0 of 1.

Cyber crooks are increasingly operating like successful businesses, deploying the same tools legitimate companies use to boost their profits.

Networking giant Cisco said online criminals were increasingly using proven business practices.

In its mid-year security report, Cisco said this new approach puts the bad guys way ahead.

"When your enemy is financially motivated you have to be on alert," said Cisco fellow Patrick Peterson.

"Capitalism is a powerful force and these criminal types are collaborating with one another and sharing resources, renting out botnets and forming alliances."

He pointed to the popular model known as "software as a service," or SaaS, where a provider licences an application to a customer for use as a service on demand via the web saving costs for the user.

He said cyber-criminals were increasingly acting like virtual MBA (Master of Business Administration) students.

Mr Peterson also cited an increase in investment by the criminal community and its ability to offer off-the-shelf spyware and services like those dedicated to checking how well a piece of malware is performing.

Trends

Big news stories were a goldmine for cyber crooks said Cisco who mapped a massive rise in spam as news like the death of Michael Jackson broke.

"One of the most important themes for a business is customer acquisition," said Mr Peterson who is Cisco's senior security researcher.

Cisco said the cyber crooks are masters are exploiting breaking news

"We use Michael Jackson as a quintessential example. When the media was in the air and scrambling to cover his death, the bad guys were coming up with creative news copy that tried to persuade users to click on a photo, video or memorabilia to trick the user onto an infected site."

Cisco also said in the coming months it expected the level of spam to climb to record levels. In May just over 249 billion spam messages were sent - the third highest volume day ever.

The company also predicted a surge in attacks on legitimate websites. Recent Cisco data showed that exploited websites were responsible for nearly 90% of web-based threats.

Mobile phones are another growing concern with over four billion handsets in the world.

"SMS offers a big advantage to the criminal," explained Mr Peterson.

"We know not to click on e-mail or links but when you get a text from your bank asking you to call to verify your account details, you trust it."

These so called "smishing attacks" are expected to soar over the coming years.

"Popular haunts"

Cisco also noted that "the cyber criminals go where the users are, which means social networking sites are becoming more popular haunts for attackers."

The Kaspersky Lab Research Centre found that cyber crooks who use sites like Facebook, MySpace and Twitter to spread viruses and worms were ten times more successful in their attacks than if they had used e-mail.

Over 90% of email is spam

Cisco noted that "the open, simple communication structure of web 2.0-based applications is also its key weakness."

"It's unfortunate but in places like Facebook, MySpace and Twitter where generally good people hang out and share information quickly and freely, there will be those who are not as honest who take advantage," said Ken Silva, the chief technology officer of VeriSign, a company that secures the internet.

One security vendor, Unisys told BBC News that web criminals are attracted to these sites because of the level of trust that can be exploited among users.

"This is all about the bad guys using your relationships with others to get you infected or pass along infections," said Nathan Shanks, senior security architect of the company's global outsourcing unit.

"In this world it means that active members with hundreds of friends on Facebook or followers on Twitter will become more of a target."

E-mail signatures

Cisco's Mr Peterson painted a depressing picture for the future.

"There is a fair bit of doom and a fair bit of gloom," he said.

Criminal Saas offerings are easy to find online

"But the last 12 months have been the most heartening with some successful law enforcement cases putting the bad guys out of business."

Mr Peterson did however admit that it is a bit like the famed "whack-a-mole" game because every time they take someone out, there is another crook ready to fill in the gap.

"What is happening is unprecedented in the history of the world where a criminal is able to sit in Italy and commit highway robbery in France. And that is what we have here."

He said that while collaboration between law enforcement, industry and governments works well in the western world, it does not in places like China, Russia and the Ukraine.

"We just don't speak the same language and we don't have the contacts to quickly call up our counterparts and ask for help. We need a long term strategic approach and we need to continue to whack the criminals and their partners where we can reach them.

"The bad guys are innovating like crazy and we need to give our customers and enterprises security that is good enough," said Mr Peterson.

VeriSign's Mr Silva said there is one simple solution but, so far, few seem willing to grab at it.

"If we could attach a digital signature to our e-mails and communications then you would be able to trust that e-mail. Today we don't really know if the person who says they sent an e-mail is really that person.

"I would never do business in the real world with someone if I couldn't validate who they are so why do we do it online?

"I don't know how much money has to be stolen or how many people have to be hurt emotionally and physically before someone figures out there is a real problem here," said Mr Silva.