SpamWars - A teardrop in the ocean - 72% of eMails are Spam
:rolleyes:
How cybercrime hijacks your computer
July 10, 2011
Cybercrime ... increasingly organised and automated.
International police have teamed up with civilian specialists from Microsoft to inflict a devastating blow on internet crooks. Lia Timson reports.
At exactly 11am on March 16, data centres in seven US cities heard an unusual knock on the door.
US Marshals bearing search warrants wanted access to the premises and their computer servers. Tools were immediately downed. No one was allowed to leave.
But the bulletproof-clad law enforcement officers did not conduct the ensuing searches.
In an unprecedented move, they stood aside and watched as civilian computer forensic specialists and lawyers bearing the Microsoft logo on their tags seized hard drives and severed internet connections.
Their actions were repeated with the help of police in the Netherlands a few hours later.
In the days that followed the raid, more than a million unsuspecting computers in homes and offices all over the world, including Australia, rang for their masters in vain, reaching instead newly established links into Microsoft's internet security labs.
It was the audacious private legal coup that outmanoeuvred canny cyber criminals and the usual slow progress of police investigations.
A civil court in Seattle had a few days earlier granted permission for the world's biggest software maker to dismantle the world's biggest known spam botnet, Rustock.
Botnets are robot networks of infected personal computers - our computers - at the mercy of cybercrime bosses. They are used to automate the distribution of spam, viruses and phishing, and counterfeit drugs. They are also deployed in money laundering, online advertising fraud and bringing down websites, an action known as a denial-of-service attack. Most users do not know if their computers are infected.
Rustock had hidden 96 command and control centres in the servers housed in those eight locations.
At its peak the five-year-old botnet was believed responsible for 30 billion spam messages daily, mostly peddling fake Viagra, Microsoft-branded lottery scams and bogus news items leading to malicious websites that installed malware on victims' machines. One Rustock-infected PC was sending 10,000 emails hourly.
Viagra's manufacturer, Pfizer, provided evidence and a private cyber security firm, FireEye, intelligence for the civil action.
Patrick Ford, Pfizer's global security chief and a former FBI agent, told The Sun-Herald the company bought advertised drugs to test.
Products pretending to be Viagra, the anti-inflammatory Celebrex and the hypertension medicine Norvasc, among 50 others, turned out to be generic drugs, placebos or a cocktail of wrong doses and chemicals including rat poison.
''We gave the courts something they could have a good understanding of. Not only people's computers get a virus and machines are compromised but it is bad in a health safety sense,'' Ford said.
He said innocent people were unsuspectingly drafted into botnets. ''You become an unwitting partner in the criminal organisation by clicking on those things.''
According to the security company, Symantec, Rustock's downfall caused global spam volume to drop from 121.5 billion emails a day last year to 36.9 billion. Last month it was still below 40 billion, or 72.6 per cent of all global email traffic.
Adrian Covich, a security expert at Symantec, says spam won't go away. There are at least two other botnets ready to take over Rustock's reins.
New Microsoft intelligence recently showed 702,860 infected computers, identified by their IP addresses, were still reporting for Rustock work in June.
It is a 56.12 per cent reduction on the 1.6 million IP addresses commanded before the takedown but those computers are not clean yet and infected computers are more likely to be redeployed.
Symantec estimates there are up to 5.4 million personal computers operating under the control of 10 major botnets at present. Waledac, Rustock and Coreflood may be down but Bagle and Cutwail are still active. Grum recently earned the nickname ''son of Rustock'', while Dark Mailer and Harvester have increased their output since March.
Even when arrests are made, crime bosses move their servers and domain addresses to other jurisdictions. The Rustock civil action was thus a masterstroke. Its conductor, Richard Boscovich, the senior attorney at Microsoft's Digital Crimes Unit, is a former US Department of Justice white-collar crime prosecutor.
Without a full understanding of how botnets worked and with no technical training, the legal eagle admits to being overwhelmed when asked to advise on the takedown.
''I'll be frank, I was really worried because [I thought] 'what exactly am I going to contribute to these guys?' '' he said. ''I'm not anengineer, you know, I'm a lawyer … I started thinking out of the box and it just came to me. I went back to the basics of law school to see what we could do and that's how I came up with the first legal strategy.''
He used an ex-parte ''John Doe'' legal action to sue unknown defenders without the other party present. Such action is commonly used to seize counterfeit goods such as luxury handbags.
''It was amazing no one had used the ex-parte restraining order [in technology] this way before,'' Boscovich said. ''The judge could've said no, but it was a smart calculated risk - you can't be too risk averse.''
Microsoft is now in the process of advertising in newspapers in Russia, where it believes the bot masters live, giving them due notice to reclaim the servers. It does not believe they will.
Eugene Kaspersky, owner of the Russian anti-virus software company Kaspersky Labs, said in May that cyber criminals are very difficult to locate. ''Cybercrime is integrated into the computer world like in Australia sharks are integrated into the beautiful ocean.
''Cybercrime is organised, but not like the Mafia … [They're] interconnected groups that trade information, develop malware by request, then infect thousands of computers.
''They steal everything from the infected machines, even software licences that they sell on eBay, they steal pictures, scans of your passports, your driver's licence. Everything that is stolen from infected machines is sold. It's the criminal economy.''
James Turner, a security analyst with IBRS in Sydney, said cybercrime seems abstract and hard to understand until it happens to you.
''Every single dollar spent on computer security is wasted. It's money we could be spending on roads, on schools, on health, but we have to do it because we have to defend ourselves. We don't live in a world of unicorns, rainbows and cute baby ducks,'' Turner said.
Meanwhile, in April the FBI borrowed the lawsuit idea and took it a step further in dismantling another botnet, Coreflood. After obtaining a court order to hijack botnet servers, it sent infected PCs a ''stop'' command, effectively blocking the fraudulent online banking transactions they were enlisted to make.
But others have questioned the leading role of private companies in such criminal cases.
Critics say Microsoft's motives for dismantling botnets are more commercial than altruistic. Spam costs its Hotmail service millions of dollars a year in filtering technology and human resources - and still 450,000 spam messages bypass its filters every day. Its Windows market leadership is at risk if computers run on pirated copies, or users believe it is exposed to more viruses than competing platforms. And its trademark is under siege when lottery scams branded with its logos deceive unsuspecting citizens.
But Boscovich denied the company's actions were designed to solely protect its market positioning. ''We don't know if you're running a pirated copy or not - all we know is your computer is infected. Our operation is not an anti-piracy program.''
Dave Dittrich, a University of Washington researcher who provided expert advice in the lawsuit, said other technology companies should consider similar action. He had helped Microsoft take down the smaller Waledac botnet last year, a process used as a test case for Rustock.
''This is a model that is very expensive, very time-consuming and requires close collaboration with experts and academics,'' Dittrich said. ''But it is a sustainable model and I'm hopeful the [technology] community will start adopting it.''
A spokesperson for the Attorney-General's Department said 16,464 computers had been compromised each day in Australia in 2010-11, up from 11,215 the previous year.
The Australian Federal Police's Detective Superintendent Sharon McTavish, who is seconded to the Microsoft DCU in Redmond, said Australians were not immune to cybercrime. ''Ultimately the consumer is a threat to themselves. They are opening, there are clicking.''
Next week top lawmakers of Australia, the US, Britain, Canada and New Zealand will meet in Sydney to discuss how to respond to the growing threat posed by cybercrime.
Turner said it was idealistic to leave it to law enforcement alone.
''Sadly, they are not fully funded,'' he said. ''It is also unrealistic to expect computer users to always be right in defending themselves. We should be able to depend on software vendors, ISPs and law enforcement together.''
Microsoft admits to ''an aggressive roadmap'' to attack botnets but wants others to share the load. While the names Google and Apple do not cross their lips, Boscovich would like the industry to do more.
Lia Timson travelled to the Microsoft Digital Crimes Unit as a guest of the company.
Read more: How cybercrime hijacks your computer
How cybercrime hijacks your computer
July 10, 2011
Cybercrime ... increasingly organised and automated.
International police have teamed up with civilian specialists from Microsoft to inflict a devastating blow on internet crooks. Lia Timson reports.
At exactly 11am on March 16, data centres in seven US cities heard an unusual knock on the door.
US Marshals bearing search warrants wanted access to the premises and their computer servers. Tools were immediately downed. No one was allowed to leave.
But the bulletproof-clad law enforcement officers did not conduct the ensuing searches.
In an unprecedented move, they stood aside and watched as civilian computer forensic specialists and lawyers bearing the Microsoft logo on their tags seized hard drives and severed internet connections.
Their actions were repeated with the help of police in the Netherlands a few hours later.
In the days that followed the raid, more than a million unsuspecting computers in homes and offices all over the world, including Australia, rang for their masters in vain, reaching instead newly established links into Microsoft's internet security labs.
It was the audacious private legal coup that outmanoeuvred canny cyber criminals and the usual slow progress of police investigations.
A civil court in Seattle had a few days earlier granted permission for the world's biggest software maker to dismantle the world's biggest known spam botnet, Rustock.
Botnets are robot networks of infected personal computers - our computers - at the mercy of cybercrime bosses. They are used to automate the distribution of spam, viruses and phishing, and counterfeit drugs. They are also deployed in money laundering, online advertising fraud and bringing down websites, an action known as a denial-of-service attack. Most users do not know if their computers are infected.
Rustock had hidden 96 command and control centres in the servers housed in those eight locations.
At its peak the five-year-old botnet was believed responsible for 30 billion spam messages daily, mostly peddling fake Viagra, Microsoft-branded lottery scams and bogus news items leading to malicious websites that installed malware on victims' machines. One Rustock-infected PC was sending 10,000 emails hourly.
Viagra's manufacturer, Pfizer, provided evidence and a private cyber security firm, FireEye, intelligence for the civil action.
Patrick Ford, Pfizer's global security chief and a former FBI agent, told The Sun-Herald the company bought advertised drugs to test.
Products pretending to be Viagra, the anti-inflammatory Celebrex and the hypertension medicine Norvasc, among 50 others, turned out to be generic drugs, placebos or a cocktail of wrong doses and chemicals including rat poison.
''We gave the courts something they could have a good understanding of. Not only people's computers get a virus and machines are compromised but it is bad in a health safety sense,'' Ford said.
He said innocent people were unsuspectingly drafted into botnets. ''You become an unwitting partner in the criminal organisation by clicking on those things.''
According to the security company, Symantec, Rustock's downfall caused global spam volume to drop from 121.5 billion emails a day last year to 36.9 billion. Last month it was still below 40 billion, or 72.6 per cent of all global email traffic.
Adrian Covich, a security expert at Symantec, says spam won't go away. There are at least two other botnets ready to take over Rustock's reins.
New Microsoft intelligence recently showed 702,860 infected computers, identified by their IP addresses, were still reporting for Rustock work in June.
It is a 56.12 per cent reduction on the 1.6 million IP addresses commanded before the takedown but those computers are not clean yet and infected computers are more likely to be redeployed.
Symantec estimates there are up to 5.4 million personal computers operating under the control of 10 major botnets at present. Waledac, Rustock and Coreflood may be down but Bagle and Cutwail are still active. Grum recently earned the nickname ''son of Rustock'', while Dark Mailer and Harvester have increased their output since March.
Even when arrests are made, crime bosses move their servers and domain addresses to other jurisdictions. The Rustock civil action was thus a masterstroke. Its conductor, Richard Boscovich, the senior attorney at Microsoft's Digital Crimes Unit, is a former US Department of Justice white-collar crime prosecutor.
Without a full understanding of how botnets worked and with no technical training, the legal eagle admits to being overwhelmed when asked to advise on the takedown.
''I'll be frank, I was really worried because [I thought] 'what exactly am I going to contribute to these guys?' '' he said. ''I'm not anengineer, you know, I'm a lawyer … I started thinking out of the box and it just came to me. I went back to the basics of law school to see what we could do and that's how I came up with the first legal strategy.''
He used an ex-parte ''John Doe'' legal action to sue unknown defenders without the other party present. Such action is commonly used to seize counterfeit goods such as luxury handbags.
''It was amazing no one had used the ex-parte restraining order [in technology] this way before,'' Boscovich said. ''The judge could've said no, but it was a smart calculated risk - you can't be too risk averse.''
Microsoft is now in the process of advertising in newspapers in Russia, where it believes the bot masters live, giving them due notice to reclaim the servers. It does not believe they will.
Eugene Kaspersky, owner of the Russian anti-virus software company Kaspersky Labs, said in May that cyber criminals are very difficult to locate. ''Cybercrime is integrated into the computer world like in Australia sharks are integrated into the beautiful ocean.
''Cybercrime is organised, but not like the Mafia … [They're] interconnected groups that trade information, develop malware by request, then infect thousands of computers.
''They steal everything from the infected machines, even software licences that they sell on eBay, they steal pictures, scans of your passports, your driver's licence. Everything that is stolen from infected machines is sold. It's the criminal economy.''
James Turner, a security analyst with IBRS in Sydney, said cybercrime seems abstract and hard to understand until it happens to you.
''Every single dollar spent on computer security is wasted. It's money we could be spending on roads, on schools, on health, but we have to do it because we have to defend ourselves. We don't live in a world of unicorns, rainbows and cute baby ducks,'' Turner said.
Meanwhile, in April the FBI borrowed the lawsuit idea and took it a step further in dismantling another botnet, Coreflood. After obtaining a court order to hijack botnet servers, it sent infected PCs a ''stop'' command, effectively blocking the fraudulent online banking transactions they were enlisted to make.
But others have questioned the leading role of private companies in such criminal cases.
Critics say Microsoft's motives for dismantling botnets are more commercial than altruistic. Spam costs its Hotmail service millions of dollars a year in filtering technology and human resources - and still 450,000 spam messages bypass its filters every day. Its Windows market leadership is at risk if computers run on pirated copies, or users believe it is exposed to more viruses than competing platforms. And its trademark is under siege when lottery scams branded with its logos deceive unsuspecting citizens.
But Boscovich denied the company's actions were designed to solely protect its market positioning. ''We don't know if you're running a pirated copy or not - all we know is your computer is infected. Our operation is not an anti-piracy program.''
Dave Dittrich, a University of Washington researcher who provided expert advice in the lawsuit, said other technology companies should consider similar action. He had helped Microsoft take down the smaller Waledac botnet last year, a process used as a test case for Rustock.
''This is a model that is very expensive, very time-consuming and requires close collaboration with experts and academics,'' Dittrich said. ''But it is a sustainable model and I'm hopeful the [technology] community will start adopting it.''
A spokesperson for the Attorney-General's Department said 16,464 computers had been compromised each day in Australia in 2010-11, up from 11,215 the previous year.
The Australian Federal Police's Detective Superintendent Sharon McTavish, who is seconded to the Microsoft DCU in Redmond, said Australians were not immune to cybercrime. ''Ultimately the consumer is a threat to themselves. They are opening, there are clicking.''
Next week top lawmakers of Australia, the US, Britain, Canada and New Zealand will meet in Sydney to discuss how to respond to the growing threat posed by cybercrime.
Turner said it was idealistic to leave it to law enforcement alone.
''Sadly, they are not fully funded,'' he said. ''It is also unrealistic to expect computer users to always be right in defending themselves. We should be able to depend on software vendors, ISPs and law enforcement together.''
Microsoft admits to ''an aggressive roadmap'' to attack botnets but wants others to share the load. While the names Google and Apple do not cross their lips, Boscovich would like the industry to do more.
Lia Timson travelled to the Microsoft Digital Crimes Unit as a guest of the company.
Read more: How cybercrime hijacks your computer
Life: Nature's way of keeping meat fresh
Getting old ain't for sissy's
As you are I was, as I am you will be
You can't fix stupid, but you can always out smart it.
Patricia Brucoli
Plug-In Profit Site Helpdesk
Life: Nature's way of keeping meat fresh
Getting old ain't for sissy's
As you are I was, as I am you will be
You can't fix stupid, but you can always out smart it.
Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path
Patricia Brucoli
Plug-In Profit Site Helpdesk
Life: Nature's way of keeping meat fresh
Getting old ain't for sissy's
As you are I was, as I am you will be
You can't fix stupid, but you can always out smart it.