The secret world of the cyber criminal

What motivates virus writers? Is it a need to wreak havoc on large organisations? Is there an element of revenge involved - or is it simply the desire to rebel again society?

Karel Rode, a security specialist at Computer Associates Africa, lifts the veil on the shadowy world of cyber criminals, including hackers, pornographers, virus writers, fraudsters and political activists.

New virus threats, including spyware, spam, trojans, adware and mutated forms of malware, delivering blended attacks, are appearing daily. Large organisations, in particular, are bearing the brunt of this seemingly never-ending onslaught.

Many companies are fighting back with anti-virus, anti-spyware, intrusion detection and other security-related software packages.

But are they winning the war?

The problem is that hackers have evolved from the mischief-making adolescents of around 10 years ago to fully-fledged cyber criminals - and they are increasingly aligning themselves with other "real-world" criminal elements including pornographers, fraudsters and drug runners.

These are also associating with a confusing mix of stateless actors, separatist, fringe independence movements, insurgence operations and terrorists.

The online environment - and the Internet in particular - is attracting these groups because of the anonymity it offers them.

This has led them to believe that, hidden behind their self-created facades, they are invincible and they can increase the scope and magnitude of their activities at will.

Do cyber criminals have it "easier" than their real world counterparts? In many instances the answer is "yes" and this is manifesting itself in the upsurge of spam and counter-productive e-mail activity almost every computer user faces today.

The natural target of cyber criminals is the corporate network, through the often less-than-well-guarded door that is e-mail.

E-mail gives criminals an opportunity to bypass corporate security systems and controls because malicious attachments - disguised as friendly messages - are more often than not opened by the recipients who are tricked into believing in their innocence.

The "I love you" virus is a good example and one of the most successful social engineering tricks, closely followed by today`s "phishing attacks".

While many Internet service providers (ISPs) provide virus scanning at their end, viruses do get through - most often by employees accessing personal e-mail accounts at work via the Web which are often not subject to virus searches - and often contrary to the company`s usage policy.

That said, viruses are an insignificant threat compared to other forms of malware and spyware that accompany them through the e-mail window.

Criminals associated with unauthorised content of this nature can transfer confidential information into and out of an organisation through the Web at will - with no records of the movements ever taking place.

Increasingly, this is leading to commercial, personal, regulatory and legal implications for companies whose businesses are being compromised by these illegal activities.

What most organisations realise - and are taking active counter-measures against - is that pornography plays a key role in cyber crime.

Pornography and crime have been linked for many years in the physical world, so it is natural that they should converge on the Internet - the cyber world.

Many legitimate organisations - much to their surprise - are already part of the landscape that is the modern-day criminal environment.

This is because porn sites are the most controversial - and popular - destinations on the Internet. Unless restricted, company staff will spend hours accessing these sites, with the potential for catastrophic results.

How does an organisation safeguard itself against this threat?

One way is to block all access to non-sanctioned Web sites and Web-based e-mailing systems and to appoint a staff member whose responsibility it is to keep an eye on regulatory compliance issues.

This person must follow up promptly on any information security incidents that are traced back to the non-business use of the Internet.

Corporate policies should be in put into place that dictate controls and countermeasures in anticipation of a crisis - not as a reaction to one. These corporate policies are purely administrative controls and must be backed up with technology - the technical controls (hardware and software) that enforce the policy.

Importantly, the policy should prohibit access to an external mail source. Severe punishments should be provided for those in contravention of this dictate because the use of technical controls to prevent or enforce the access to external e-mail systems are usually complicated and costly.

Internal mail systems should not be ignored. They should be shielded by an e-mail gateway (either in the DMZ or an external network) so that infections can be contained in a different subnet.

Moreover, additional technical controls can monitor hosts for baselines, see a traffic surge associated with a virus or worm and trigger an appropriate response.

Of course, those with criminal intent will always find an alternative option, such as the use of proxy servers, anonymiser-type services, URL encoding and other strategies, to by-pass security systems, and that makes the role for the defender that much harder as the attack vectors keep on changing.

Is e-mail - personal or corporate - the most likely access point for cyber criminals? According to industry watchers, it is not. Peer-to-peer, instant messaging, and voice over Internet Protocol (VOIP) applications create broadly similar, if not more serious, risks.

Putting such powerful communications tools at the disposal of unskilled or unethical end-users is a recipe for information insecurity.

No fortification process is foolproof or accomplished easily. Security must be a continuing process requiring multiple layers (defence in depth) and needs continually evolving expertise to defend against network marauders who threaten critical information and the very existence of business as we know it.

Partnering with a company that has a deep understanding of these threats and has invested in the threat management space is paramount to success.

The CA Security Advisor Threat Alert Service is one such service available to the public (http://www3.ca.com/securityadvisor/)