International cooperation key in cybercrime fight
 |
He told ZDNet Asia during his visit to F-Secure's Kuala Lumpur office recently, almost all cases have gone unpunished since prorosecuting such crimes is very difficult as it requires the co-operation of enforcement agencies across international borders.
Hypponen, who is based in Helsinki, Finland, is also an advisory council member of Impact (International Multilateral Partnership Against Cyber Terrorism). Incorporated in January 2008, Impact is a global initiative that seeks to establish a platform bringing governments to partner with the private sector to fight cyber threats.
Q: What has been the success of the law enforcement agencies against cyber criminals?
Well, 99.9 percent of these cases have gone unpunished. Even in cases where the criminal is apprehended, quite often he doesn't get sentenced. Prosecution is hard because the laws are national but these crimes are international. So in the real world, police forces from [say] seven countries would need to cooperate to get evidence for the prosecution. And that is just very hard.
Does it mean the outlook is very bleak?
I'd love to tell you that we are going in the right direction but I am afraid I would be lying. The situation right now is that criminals are making lots of money and they know the risk of getting caught is very low. And even if they get caught, they won't get very serious sentences at all.
Is this problem going to get better or worse? I think it's going to be much worse before it gets better. We don't have effective international cooperation between police forces and authorities to put these guys behind bars.
As a member of the Impact international advisory board, I am trying to do my best to get Impact to facilitate international corporation between police forces and the authorities to do something about this scourge.
What are the main challenges faced by antivirus companies today?
The recent problems of espionage and spying through the use of trojans and bots provide unique challenges for antivirus companies because these attacks are very small. And it could be just one company being attacked with malware which we have never seen anywhere else.
Is that a big problem since you said only certain companies get hit?
It is a big problem and a small problem. We are talking about just a few hundred cases that we know of over the last three years. But for the companies that have been hit, it is a nightmare. We are talking about multi-billion dollar international companies where company secrets are being stolen from, say, a director's computer and from anywhere in the company's network where he can access. Of course, as a director, he can get access to [corporate] plans, financials, research and development information and so on.
In such cases, would there be substantial losses in monetary terms?
Yes, but there are cases which would indicate it is not necessarily always about making money. Some of these could actually be country-to-country espionage. For example, we have seen defense contractors being targeted. As well as private companies working with the army, building weapons technology or engines for private jets.
The biggest growth areas where you see most of these professional virus writers coming from are Russia, China and South America, especially Brazil.
Are there any from Southeast Asia, say, Malaysia?
Sure, in Singapore as well. I wouldn't consider Malaysia to be a hot spot. There are virus writers everywhere in the world…but the massive attacks are coming from the three areas I mentioned.
Typically, are these people hired by underground figures to write viruses?
No, they mostly do it individually. We have very few confirmed cases of real gangs being organized or hired by organized crime. Often these guys work in gangs, but the gangs are virtual.
They go online to different Web sites and forums where they find people who are also [engaging] in online crime and they work together. One guy writes the malware, another guy hosts a Web site where they entice [unsuspecting victims]. Another guy hosts a Web site with all the stolen information, for example, credit card numbers, while another guy uses the credit card numbers and turns it into cash. They don't know each other's real-world names.
Those wanting to steal information but don't have the skill to write their own viruses can buy services from these guys. There are Web sites which offer services such as distributed denial-of-service attacks (DDoS). So, you can hire these guys to attack a Web site and shut down the site. It's online crime as a service or outsourcing [cyber] attacks.
So what can a company like F-Secure do to tackle these threats?
We are putting more and more effort into generic protection, meaning we can't fight viruses one by one, we have to fight them by detecting large collections of malware with generic detections. The mechanism is very effective in blocking completely unknown malware content. We started shipping it last year.
Are you happy F-Secure chose to set up its Asian hub in Malaysia in 2006?
We are really happy that we came here. We had several alternatives and we were considering multiple locations for our Asian hub but we got very good support from the Malaysian government, allied with the good infrastructure here.
How would you rate the skills of the Malaysian staff?
It's world class. That was one of the reasons why we came here. F-Secure's global headcount is about 650, of which almost 200 employees are here in Malaysia.
Lee Min Keong is a freelance IT writer based in Malaysia.