A month ago I read a fascinating book called McMafia 1by Misha Glenny 2. Glenny, a former BBC world correspondent, presents a terrifying yet eye opening look at how organized crime has progressed with Globalization over the last few decades. Glenny covers all the major illicit activities from global drug trafficking networks, to prostitution and human trafficking. One chapter in particular is dedicated to the future of organized crime and the fastest growing sector, cybercrime.
Gone are the days of hackers working in solitary conditions. In the last 5 years there has been a shift from ego hackers to ones employed by criminal syndicates. While drug trafficking is still the backbone of organized crime, cybercrime is truly without borders and shows tremendous returns on investments. Money is there to be made on everything from farming for compromised online banking accounts, to identity theft. Spam is as lucrative as ever if not more so. It is being used for spreading malware to compromise machines, and selling products ranging from illegal pharmaceuticals to counterfeit watches.
He mentions the BRIC countries, Brazil, Russia, India and China, the primary sources of spam today. He mentions how high levels of poverty combined with good education levels are leading to the creations of armies of young, organized cybercriminals. Furthermore these syndicates are hiring the brightest minds! Resourceful hackers now want to get paid. He mentions how banks and credit card companies are happy to absorb the costs of cyber theft because they have saved so much money by persuading us to use the Internet and downsize their operations. Are they ready for the cybercrime surge that is inevitable? Various sources estimate that up to 20% of the worlds GDP comes from the shadow economy. Cybercrime in 2008 was already a $100 billion a year industry3.
So what can we do to stop all this? What tools do we have at our disposal online to find and track cybercriminals? WHOIS – a system that is littered with false information due to registrars not enforcing accreditation agreements? The registrars themselves are not following the accreditation agreement! Check 4 for a live list of registrars who don’t have a functioning WHOIS server. Perhaps education and awareness of the severity of this problem will ultimately result in some form of regulation and control. Currently however, policing the internet seems to be an intractable problem.
References:
(1) http://www.theguardian.com/books/2008/apr/06/society
(2) http://en.wikipedia.org/wiki/Misha_Glenny
(3) http://news.bbc.co.uk/2/hi/americas/7403472.stm
(4) http://www.knujon.com/whoisblockingwhois.html
And what is the reason that the cyber criminals are in China instead of the US? Could it be because we actually enforce the law in this country? The big solution to crime of any kind would be law enforcement. Locking down computers and networks more and more is like building fortifications around your store – you will still get robbed blind as long as you are still in business and criminals are not being arrested and put in prison.
I’m guessing if the problem keeps growing to the point where it ruins corporate earnings growth that all those multi-billion dollar profit-driven enterprises will get together and establish a new network that does not include those countries. It is the logical solution from their perspective since it gives them the earnings power of domestic IT automation without the foreign cyber criminals.
The big reason for lack of WHOIS servers IS spam – spammers bombarded the WHOIS servers continuously to troll for targets until they were forced to shut down. If you supply a real email address for your domain registration today you are still locked into spam hell forever.
I tried using WHOIS, ARIN, and its foreign counterparts to identify the guys overseas attacking our network – and I traced it to PCs on some local Chinese ISP. Of course, that information was completely worthless, since they will never respond to any communication and there is no applicable law enforcement. So WHOIS means nothing even when it is working.
Laws are being enforced in China too, we just know much less about them. But even before we shut down someone, we need to figure who to shut down. I believe KnujOn (one of the links I included in the blog is from their site) are making this a quest of theirs by making the registrars themselves accountable first. Their long term plan was to make a working WHOIS by having the accreditation agreements actually being enforced. First check that the registrars follow the rules, then the major pharmaceuticals etc.