Microsoft official: Web virus authors winning battle

[InfoSec News <isn () c4i org>]

http://www.usatoday.com/tech/news/computersecurity/2003-12-03-virus-world_x.htm

By Mark Trevelyan
Reuters
12/3/2003 

WIESBADEN, Germany - Creators of computer viruses are winning the
battle with law enforcers and getting away with crimes that cost the
global economy some $13 billion this year, a Microsoft official said
on Wednesday.

Counterfeit centres are shifting from California and Western Europe to
countries including Paraguay, Colombia and Ukraine said David Finn,
Microsoft's director of digital integrity for Europe, the Middle East
and Africa.

In Asia, pirate plants have emerged in Vietnam, Macao, and Myanmar
(Burma) in addition to more established facilities in Indonesia,
Malaysia and Thailand.

"So far they are getting away with it. They are winning by a
considerable margin. Very few have been identified or prosecuted or
punished," Finn said.

He cited estimates by Business Week that financial damage this year
from bugs like the Blaster worm and the SoBig.F e-mail virus, which
crashed systems and disrupted Internet traffic around the world, would
total some $13 billion.

The cost of protecting networks against such cyberattacks was put at
$3.8 billion.

Finn also said neither civil lawsuits nor criminal prosecutions were
doing an adequate job of stamping out software piracy and seizing the
multi-million dollar profits it generates.

Finn said the number of counterfeit Microsoft products intercepted had
more than doubled to four million units this year from 1.75 million
two years ago. But the value of pirate software seized — $1.3 billion
over three years — was "a small fraction of what's really out there".

He estimated the profit margin on counterfeit software at 900% — nine
times higher than for distributing cocaine.

Sobering picture

Finn was addressing a cybercrime conference in Germany at which
experts presented a sobering picture of progress against hackers,
fraudsters, drug runners, child pornographers and other assorted
criminals exploiting the World Wide Web.

Britain's top hi-tech crime officer told Reuters in an interview that
drug dealers and arms traffickers were recruiting experts from the
computer industry using cash inducements or threats.

"Organised crime is identifying those kinds of skills and buying them
in," said Len Hynds, head of the National Hi-Tech Crime Unit.

"I know of sophisticated drug-trafficking organisations,
arms-trafficking organisations that are now making use of hacking
skills and hacking into the servers of unsuspecting businesses so that
they can then launch attacks and hide their activity and their illicit
material."

He said "we shouldn't be surprised" if terror organisations were
looking to recruit computer expertise.

Hynds said gangs were recruiting people with IT skills not only to
help them commit cybercrime but to secure their own communications
networks and avoid detection.

"Organised crime, whatever its commodity, is driven by a desire for
profit, and often its Achilles' heel is its communications processes.  
We're aware that organised crime is now using sophisticated methods to
make its communications more secure, and it will recruit people to
assist in the process."

He said companies needed to recruit more carefully.

"They need to look at how they recruit staff, how they vet staff, how
they recruit consultants who may only be with them for a very short
period of time. Although remote attack is becoming more prevalent,
it's still a fact that most threats come from inside a company," he
said.

Hynds said British police were also seeing a sharp rise in 'spoof' Web
sites of financial institutions, intended to dupe customers into
revealing their account details and passwords.

He said the number of cases had risen to 40 so far this year from just
seven in 2002 and the fake sites had become "far more sophisticated".



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.