Subscribe

Kevin Kennedy: Changing the malware economy

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 28 May 2014

About Security Summit

The ITWeb Security Summit is Southern Africa's premier information security event. It is on at the Sandton Convention Centre until 29 May. Join the conversation on Twitter #itwebsec.

If organisations are to win the war against cyber crime, they must turn the tables against the malware economy and make it difficult for the cyber criminals to operate.

That was the word from Kevin Kennedy, Juniper Networks' senior director for security and product management, who was presenting at the ITWeb Security Summit 2014 yesterday.

"For several years, we have been focusing on building high walls to keep hackers out, but this has failed," said Kennedy. "We have to change the approach."

According to Kennedy, the malware economy is comprised of sophisticated, highly skilled individuals as well as elite researchers, exploit developers, zero-day researchers, malware writers, identity collectors, programmers and technology experts.

He revealed that, over the years, the malware economy has seen an increase in activities like spam and hacking.

However, he said changing that economy would require organisations to ensure cyber criminals get less return on their investments.

He noted that investing in cyber crime currently has a high return, and, as an example, a $500 investment in malware can see a criminal evading malware as well as advanced anti-malware solutions. That investment can also be useful for stealing source code and sending it to a server over an encrypted channel, he added.

Taking legal measures against the spammers can also go a long way in destabilising the malware economy, said Kennedy.

He gave the example of Sanford Wallace who came to notoriety in 1997, promoting himself as the original "Spam King". Wallace's prolific spamming has resulted in encounters with the US government, anti-spam activists and large corporations such as Facebook and MySpace. He initially started sending junk faxes before moving on to spyware and e-mail spam.

In 2004, the Federal Trade Commission (FTC) filed suit against Wallace and his company, SmartBOT, for infecting computers with spyware then offering a $30 solution to remove the problem. Subsequently, a default judgement was issued against Wallace forbidding him and associates from distributing spyware or any other software without consumers' consent.

In 2006, the FTC filed a suit again against Wallace and SmartBOT for practices similar to the 2004 suit. This time Wallace and his co-defendants were ordered to pay $5 089 550.48 in fines.

Facebook also sued Wallace for posting spam messages on members' walls. Wallace has already been fined $4 million for installing ad-related spyware on peoples' computers, and was fined $230 million for his activities on MySpace.

Technology can also be used to break the malware economy, said Kennedy. "Organisations can do this by assuming that their systems are breached and adopt counter intelligence techniques like deception and anti-evasion."

Another way to disrupt the malware economy will be to prosecute some black market banks like what happened to Liberty Reserve, which was accused of money laundering, said Kennedy.

Share