Protect and survive
Published: 10 Nov 2004 12:13 GMT
The news from the US of a peculiarly innovative security attack that combines PCs, the Net and mobile phones is an unwelcome reminder of the increasing sophistication of today's technology crooks.
Convergence and integration are usually hyped by technologists as part of the great leap forward of technology progress. In this case, the converged, integrated attack Delf SMA Trojan allows criminals to exploit people's computers and get them to send spam SMS messages to third-party mobile phones.
We are moving beyond irritation and inconvenience and into the world of serious economic crime. In the case of Delf, the particular Russian Web sites sending the SMS spam can be blocked easily: the next version could well use paid-for services, taking your credit card details from your compromised PC to foot the bill.
The latest Internet worm, uses social engineering, spamming, and a Trojan horse to take over the PCs of its victims and expand its network of zombie PCs. It also reveals a deep understanding of the industry.
The hackers behind the attack not only turned it around very quickly once the vulnerability in Internet Explorer that it exploits had been revealed, but their timing could not have been more inconvenient for Microsoft. The company published its monthly collection of security patches today, but the vulnerability which the worm exploits was announced only a few days ago. Microsoft has had no time to design and test a patch. Had the virus writers deliberately timed the attack to wrong-foot Microsoft? They're cunning enough. We're dealing with grown-ups.
We can see the same escalating sophistication in the rise in cash machine fraud. The Association of Payment Clearing Services (APACS) today released new figures claiming that cash machine fraud had increased 85 per cent to reach £61m last year.
Organised gangs are using 'skimming' devices, small units stuck on the machines which can capture account details. As keen students of banking technology upgrade cycles, these criminals appear to be exploiting the cash point vulnerability as much as they can before the arrival of 'Chip and PIN' technology, which will make this crime much harder to commit.
The unifying force behind all these attacks is the invisible hand of the market. There was a teenage bravado about early media coverage of computer crime, conjuring up images of computer crime as the reserve of the pimply and the adolescent. Not anymore. It's big business. Technology crime has gone far beyond its teenage years of defaced Web sites, the annoying graffiti of the connected world. It's about robbing banks. It's about organised crime, and it's going to get worse. If you don't sit up and take notice, you will be hit
The great and the good are mobilising their forces on our behalf. Project Endurance, a new security initiative announced at the CBI's conference on Monday, is planning an advertising spree to change the way we think about computer crime. It's backed by APACS, public sector bodies including the National Hi-Tech Crime Unit, as well as corporate sponsors Lloyds TSB, Microsoft and eBay. One idea is to emulate the great public education campaigns on road safety. These changed public attitudes towards safety belts ("Clunk, click, every trip"), and drink driving ("Think - before you drink - before you drive.")
Project Endurance will have its work cut out. The complex issues involved in PCs, Internet connections and mobile devices aren't easily reducible to a clear instruction and a simple slogan, although we welcome suggestions from readers as to what such a slogan might be ("No firewall? Don't surf at all." Needs work…). Public awareness campaigns can go badly wrong -- the infamous Thatcher-era AIDS adverts featuring a badly lit iceberg remain a warning to us all, though not the one intended.
We are the people at the vanguard of the fight. The media must accurately report the threat, and everyone who uses a computer must act. It's not good enough to run a firewall, antivirus and anti-spyware software, only to lapse into self-satisfied silence. Tell your friends and family. Put the latest software on a USB drive and inoculate your granny's PC. Make sure those who you know, know what you know. The enemy is legion: it's well funded, highly motivated and relentless. We must be its equal, and we must start now.
Did you find this article useful?
25 out of 59 people found this useful
- Share this article:
