The Hindu Business Line : Zooming in on the scene

As 2006 is slowly drawing to a close, it is appropriate to survey the cyber crime scene to identify some broad trends. This is a useful exercise that will help draft strategies on how to protect ourselves in the days ahead.

It is in this context that I look at the speech, a few days ago in London, of former White House cyber security adviser Howard Schmidt, during which he made a few perceptive observations.

Addressing an event at the House of Lords, Schmidt said that some recent advances, such as very high-speed broadband connections and established technology such as PDA devices and Wi-fi and Wi-Max access, no doubt, rendered the hackers' task a lot more difficult than before.

As against this, the ability that they have acquired to launch 2 GB or 3 GB attacks, compared to the earlier 800 MB per second forays, is forbidding. Here, it was not merely small businesses that were threatened. The big ones also had grounds for concern.

Most significantly, in Schmidt's view, it was not as if malicious external attacks alone led to breaches. There were grievous human failures that imperilled networks. He cited, for instance, the misconfiguring of a DNS (Domain Name System) as one error that could lead to shutting down a network and enormous losses to a company.

In my opinion, this highlights the need for professional excellence in building and managing a network, something that calls for not only resources but also vivid imagination.

Botnet menace

The increasing use of `botnets' to hijack our computers from outside and use them for nefarious designs, especially unleashing spam on adversaries and launching Denial of Service (DoS) attacks, is another phenomenon that worries Schmidt.

In this he is joined by Detective Bob Burls, who heads the botnet crime investigation wing of the Metropolitan Police, London. Almost incredible is his revelation that the last botnet unearthed by his wing was 20,000-PCs strong!

Can you imagine the havoc that can be caused by such a large army of computers assembled for executing criminal designs? The battle against the botnet menace is fought by the Met with the assistance of the Interpol which has a special taskforce for this.

Surge in spam

The assessment of Schmidt and the Met officers will have to be read in conjunction with recent reports of a surge in spam the world over. In the estimate of Postini, a US-email security company, 9 out of 10 mails these days can be identified as spam. As we march towards Christmas the traffic will intensify, a trend that has been witnessed for years.

Postini detected internationally 7 billion spam mails in November this year, as against a mere 2.5 billion in June. These figures could be approximate, and may appear to the more discerning observers as an exaggeration. But they convey the basic message that we need to guard ourselves against this unwanted intrusion on our valuable time.

Also, it is not as if traders alone are using this facility to promote their wares. It is the UK experience that criminal gangs are engaged in this obnoxious activity to peddle sex and drugs. They have specialised in botnet crime and are responsible for hijacking millions of home computers with which they unleash a huge amount of spam on all of us.

So, if you believe you are safe working from computers at your homes, you're sadly mistaken! This gloomy assessment is captured beautifully by a recent article `You're not alone' by William Hamilton in the New York Times (November 23, 2006), about which I hope to write in greater detail some time later.

Hamilton's warning is that we are using far too many gadgets at home that are directly or indirectly linked to the Web and this is one reason why we should not relax our guard.

Caught - and punished

Talking of botnet crime, here is an interesting case in which a US Court recently convicted one Jason Saloh Arabo (19), of Michigan, a manufacturer of sportswear, who wanted to wreck the business of competitors through a series of cyber attacks.

Arabo had met one Jasmine Singh, a 16-year-old youth of New Jersey, online in the form of instant message conversations and got to know that the latter had the ability to infect distant computers with programs at his command. Arabo identified Web sites of his competitors that had to be disabled by Singh, and offered him free merchandise in return for the favour. This was incentive enough for the young Singh.

Interestingly, this was not a one-time operation. If it were so, it may have gone unnoticed. At the persistent request of Arabo, it went on for five months till Singh was caught by the FBI at his Edison (NJ) home.

FBI investigation revealed that computers infected by Singh included those of students in Massachusetts and Pennsylvania. Singh was so reckless that it was not merely the Web sites of Arabo's computers that were affected.

Many unrelated systems, some in distant parts of Europe, were also disrupted. Singh has been convicted to five years in prison and ordered to pay $ 35,000 in restitution.

In August this year, Arabo was jailed for 30 months and asked to pay $504,495 as compensation to his victims. The severity of the sentence on the two youngsters would indicate how cyber crime is viewed sternly by US courts.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Fighting shy of the call

Office '07 - It's different

Wondering - lost in time

Hunting far and wide

Working of the Internet

`Satyam will play the game differently'

Security, the MS way

Zooming in on the scene

Quiz

Engineers are among the key people in the world

Cartoon