Catching cyber-thieves: the future of net scams

"Zeus is a very good example, because the guy who writes it, Bishop, a Russian guy, isn't doing anything criminal," says Hyppönen. "He is simply selling the tool himself. So he writes the tool that can only be used to steal money from online banks, but he isn't stealing the money himself. He sells it in forums for $700. Other criminals buy the tool from him, and do the actual crimes."

Previously cybercrime has had no impact in the 'real world', unless you're a fi ctional reluctant hero played by Bruce Willis. Until now, that is - and the results are potentially terrifying, as Hyppönen attests.

"One of the best examples of the real-world connections is what happened with hosting.ua, which is a Ukrainian hosting company operating in Kiev – it's very large, has thousands of websites running on it. It's not a criminal operator, but they did have quite a few criminal customers on their network, including illegal forums, phishing sites, stuff like that.

"But [hosting.ua] changed their policies, they did a spring clean in March, and they threw out at least a dozen criminal sites. And that's great, that's exactly what we want ISPs to do. The problem was, two weeks later they had a major fire, they lost almost all connectivity, their data centres, and they were offline for about six or seven weeks. Coincidence? Maybe. Possibly.

"We have no evidence linking these two incidents. But you can sort of see the connection, and it's probably more about showing the example to other ISPs: 'you don't want to throw us out.' And you can see how after something like this other ISPs would be much more inclined to just look away. That's probably the worst development I've seen."

Flame war

Obviously the moment events like the fire at hosting.ua occur they fall into the jurisdiction of real-world law enforcement, and in the UK the anti-terrorism act covers some naughty internet shenanigans. But it's rare in other countries.

F-Secure hq attack map

REAL-TIME ATTACKS: Coolest thing in F-Secure's labs: a real-time map of computer attacks in the world

"There's nothing like that in Russia, there's nothing like that in Ukraine," says Hyppönen. "And even if there were, the interest from law enforcement to hunt these guys is pretty limited, unless there's a clear case of showing big [financial] damages. International law enforcement has been built to fight things like smuggling and money laundering and drug trafficking, which are multi-million dollar crimes.

Online, one victim typically loses a couple of hundred, or maybe a thousand euros. But there's tons and tons of victims, and it's a completely different scenario. It's a type of crime we didn't have at all ten years ago, and it's completely exploded. The resources that international law enforcement have haven't changed at all."

The surprisingly dramatic world of cybercrime is dangerous and ever-changing, and despite Luis' advice to the contrary, it really may be worth installing some sort of anti-virus software on your PC, even if it is the free stuff. At least until someone can actually go into the internet and kill the cybercriminals Tron-style.

TOPICS