Next year could be a very good year for online crime if the economy gets any worse, security vendor McAfee warned.
Governments will be too busy grappling with economic issues, while desperate job seekers will become easy targets for cybercriminals, according to its annual cybersecurity survey, the McAfee Virtual Criminology Report.
Law enforcement is another problem. Police forces are not adequately trained to fight cybercrime. Cross-border law enforcement is made difficult because agencies tend to act locally rather than globally, and international laws are not being implemented uniformly worldwide.
The report does contain some hopeful notes. The problems may become easier to solve if the incoming administration of President-elect Barack Obama implements the suggestions just made by the Washington-based Center for Strategic and International Studies (CSIS), Pamela Warren, McAfee’s cybercrime strategist, told InternetNews.com.
“I was really glad to see CSIS tackle those things as part of the overall study,” Warren said.
The CSIS, a nonprofit think tank focusing on security policy, suggested that the new administration make cybersecurity a national priority. It urged U.S. law enforcement agencies to work more closely with their counterparts abroad in order to combat Internet-based security threats.
It also urges the Department of Justice to examine laws governing criminal investigations of online crimes in order to increase their clarity, speed up investigations and better protect privacy.
And it suggests major improvements in how online credentials are deployed and enforced.
The suggestions arrive as criminal behavior gets more sophisticated online.
Cybercriminals are finding new ways of laundering stolen money, such as by using non-bank payment services like e-gold, which makes it harder to trace them. E-gold is a kind of digital currency that allows for the instant transfer of gold ownership. It can be impossible to trace because account holders are provided anonymity.
Meanwhile, governments are too preoccupied with the economic crisis to be able to tackle cybercrime, but must continue to ramp up resources in the fight against cybercriminal activity even in the face of global economic recession, the McAfee report said. However, governments do not see cybersecurity as a priority due to technical ignorance and lack of foresight of its widespread and longer-term risks.
Law enforcement authorities lack adequately trained personnel to sift through and use digital evidence, the report said. Those who are trained are either hired away by the private sector or, in some cases, recruited by the criminal underground. Further, outmoded laws see sentencing based on the level of physical damage, whereas, with cybercrime, the damage is not only physical.
In many states, cyberlaws are not clear as to whether botnets are illegal. Because different countries have different laws, and different definitions of crimes, it is difficult to conduct cross-border investigations or accurate statistics, the McAfee report said.
The cybercriminals may also be getting protection from their own governments. According to the McAfee report, Russian President Vladimir Putin and political influence within the Federal Security Service (Russia’s successor to the Soviet KGB) are hampering prosecution of the people behind the Storm worm, one of the most destructive worms to hit companies recently.
The report called for a global task force to be set up specifically to launch transnational cybercrime investigations. It also called for more training and resources for law enforcement, and legal or co-regulatory incentives for Internet service providers to cooperate with each other to improve security and work more closely with the police.
Changes in the law are also needed. Businesses and government agencies must bear legal responsibility when customers suffer Internet-related security losses unless the customers are guilty of gross negligence, the report said.
The report also called for continued education for consumers and the design of more user-friendly software. “We cannot expect the average Internet user to become a security expert,” it said.
Consumers are both victims and part of the problem, McAfee’s Warren said. They will fall prey in greater numbers to phishing scams involving e-mails purporting to come from their banks asking for their account information.
You can’t make money like a CEO
Another danger is that people become tempted by Internet money-making schemes and end up as mules for cybercrime gangs, receiving payments which they transfer internationally after deducting a small commission. “We saw 873 unique job advertisements in the first half of 2008, a 33 percent rise over the same period last year,” Warren said.
Or, consumers may accept money from Web sites to add a few lines of code to their Web pages, thus becoming involved in distributing malware.
The amount of malware on the Internet has grown phenomenally. “Last year, we saw 130,000 unique programs to steal data; this year, we saw one million,” McAfee’s Warren said. The report urged users have to take responsibility and ensure their computers are protected.