Welsh virus-writer shown justice, not mercy
by Russ Cooper
June 1, 2005
A recent survey of security and law enforcement executives shows that the fight against electronic crimes (e-crimes) continues to be an uphill battle.
Amongst the significant findings, respondents were asked on what security issues they spent the majority of their time. If the media is to be believed, one would expect the answers to include preventing phishing attempts, Denial of Service attacks and online extortion. Yet respondents indicated they spent more than twice as much time on “child exploitation” as any of those other threats. The top time-consumers were “fraud” and “identity theft.”
(The term “identity theft” is a contentious one. It implies that one’s identity is stolen such that it is no longer available to its owner. Although Hollywood and the media have made attempts to convince us this is plausible, the reality is it’s virtually impossible to accomplish. Cybertrust prefers the term “identity fraud” when, for example, someone obtains the PIN number for your online banking and spends your money, or obtains the password for your PayPal account and abuses your privileges.)
The media take on the release of this year’s survey suggested that fighting e-crime was getting better. However, at least 65 percent of respondents stated that the number of crimes experienced by their networks either didn’t change or increased!
More than 50 percent of respondents indicated viruses, spyware and phishing attempts as the most common e-crimes committed against them. And thirteen percent of respondents indicated they had discovered zombies or bots on their networks. This is surprising because such systems generally require weak or non-existent firewalls in order to function, and these respondents seem security-savvy enough to appreciate the need for firewalls.
The top e-crime committed by organization insiders had to do with rogue wireless access points (WAPs). Presumably this refers to setting up a WAP without permission, or abusing the availability of a WAP. One has to wonder how many of these e-crimes were actually prosecuted, as opposed to reprimands being issued for not adhering to company policy.
The biggest motivator for not reporting e-crimes was that the “damage level [was] insufficient to warrant prosecution,” while 6 percent reported that “prior negative response from law enforcement” prevented them from reporting. Law enforcement needs to ensure that number doesn’t rise so the public continues to report e-crime.
Forty-three percent of respondents indicated their monetary losses remained the same or increased over 2004, and 53 percent believe they will stay the same or increase in 2005.
After “hackers” and “unknown,” respondents indicated that “current employees” pose the greatest cyber security threat to their organizations.
Despite reports of abuse, respondents deemed firewalls and automated virus scanning as being 99 percent effective at detecting or countering misuse or abuse of systems or networks. Spyware and adware detection was rated as 94 percent effective, a surprisingly high value given the dire warnings the media continually deliver about how easy it is for new spyware and adware to be installed.
“Manual patch management” was cited as the least effective technology in fighting abuse. Interestingly, “automated patch management” was considered only slightly better than “physical security systems” and worse than “intrusion detection systems.”
The survey, conducted by CSO magazine in cooperation with the U.S. Secret Service and the Carnegie Mellon University Software Engineering Institute’s CERT(R) Coordination Center, is available at http://www.csoonline.com/info/ecrimesurvey05.html.
Russ Cooper is a Senior Information Security Analyst with Cybertrust, Inc., http://www.cybertrust.com/. He’s also founder and editor of NTBugtraq, http://www.ntbugtraq.com/, one of the industry’s most influential mailing lists dedicated to Microsoft security. One of the world’s most- recognized security experts, he’s often quoted by major media outlets on security issues.