Rise of e-mafia
6th October 2005 (Computimes)

ORGANISED crime has moved onto the Internet. Last year, anti-virus researchers were startled by an increase in organised virus and worm-writing activities, which they believed were behind a thriving underground identity theft-cum-spam-based economy.

The transitional organised crime (TOC) phenomenon's shift towards cyberspace, which is clearly a sign of criminal progress, has e-security experts worried for the last two to three years. However, many of these experts have kept most of the information on TOC out of the limelight, fearing public panic and complete loss of confidence in online activities such as banking and computer use in general. Indeed, it would be unethical and unprofessional to cause the global economy to grind to a halt just because of the risks that exist in e-commerce. A more calm and collected approach in assessing such risks is only prudent. And in that regard, Malaysia has been fortunate to have two international e-security gatherings organised recently: e-Secure Malaysia 2005 and Hack In The Box 2005.

At both events, security experts, hackers, enthusiasts and IT managers got more than a glimpse of how brutal the universe is in cyberspace. The pessimistic message would be that there is no hope for the public at large. But on the positive side, we can still deter organised cybercriminals by making things harder for them. All it takes is awareness and some precautionary action. The mobsters on the Internet, or eMafia as they are now called, should not be underestimated. They have the money and resources to hire professional crackers, hackers, Trojan writers and spammers to come up with military-grade viruses, Trojans and other forms of malware.

Some are better funded than government agencies or computer emergency response teams dealing with such threats. They can easily launch blended threats using unsuspecting Viagra spam to cause Trojans or viruses to be downloaded.

For that matter, the eMafia-driven virus economy churns out over 200 Trojans and viruses per day, with a 24-hour window to wreak havoc before an anti-virus maker can come up with a virus update signature. In other words, organised cybercriminals differ from your regular script kiddies and hackers who aim for accomplishment, recognition and not monetary gains. These criminals are in purely for the money and do not announce themselves. Their malware creations are harder to detect and run silently with a view to remain undiscovered.

There are also Web sites specifically set up to steal personal and identity details for the purpose of identity theft. So advanced and crafty are some Trojan programs on these sites that user interaction is not required. Just by visiting an innocent or official looking Web site using Internet Explorer, for example, can download a Trojan or Botnet into your PC.

There is also phishing, or professional impersonations of online banks and e-commerce sites. And not forgetting that these Web sites launder money and become centres for malware exchange on the Internet. These are among the terrifying things discussed at e-Secure Malaysia 2005 and Hack In The Box 2005. Not surprisingly, some speakers are notably careful of speaking to the media. Some even claim that they will say differently to the Press as not to cause public panic. In terms of Web browsers, it boils down to how secure they are made.

According to Symantec Corp, open-source browser Firefox has more confirmed vulnerabilities than Internet Explorer in the first six months of this year. But this does not necessarily mean Firefox is less secure than others because the method of which flaws are reported is different.

Incidentally, Microsoft sent engineers from Redmond to Hack In The Box 2005 to gather feedback from hackers for the second beta version of Internet Explorer 7. This is how significant the discussions were.

And the feedback is, users definitely need to set a last line of defence.

Hack In The Box Sdn Bhd's chief executive officer Dhillon Andrew Kannabhiran believes that although there are groups of hackers and virus writers out there who may be funded by eMafia, there is no cause for panic. Instead, the public should be made more aware of the growing problem.

"Issues such as identity theft, credit card fraud and the like should be raised so that the public can be prepared, knowing that there is a possibility that someone is actively trying to steal personal identity or bank account details in order to commit fraud," says Kannabhiran. Although technologies and techniques exist for allowing organised criminals to avoid detection and fool e-forensic experts, it is also possible to set up an environment which is almost impossible to break into or really difficult for criminals to remain undetected.

As Scan Associates' security consultant S.K. Chong explains, "It all depends on how much effort and organisation the user is willing to take to protect his or her assets. Whoever is more organised will triumph!" So, how can home users protect themselves? Practise safe computing by getting a firewall installed, making sure your operating system patches are up-to-date, installing an anti-virus scanner and ensuring your virus definition files are updated.

Additionally, Kannabhiran recommends a spyware scanner or two.

And Chong says it is high time that home users learn how to identify fake e-mail or Web sites. "Don't trust any executable file from e-mail attachments or unknown Web sites. Use encryption software or VPN (virtual private network) if you have to. Don't trust computers in cybercafes for anything sensitive."