The global recession could prove to be a starting point for an influx of more cyber criminals seeking to use their computer skills to earn extra money.
“Today these (cyber) attacks are not about vandalism any more, today it’s about cash,” said Roger Halbheer, Microsoft’s chief security advisor for Europe, the Middle East and Africa.
“Cyber crime has gone from cool to cash. And this will definitely grow in the future,” he told AFP during an international conference on terrorism and cyber security.
“At the moment we are still at the cool side. But I’m expecting it to move to the cash side.”
He added that it is “one of the things that scares me about the economic downturn because I’m expecting cyber crime will grow.”
The economic crisis is resulting in a large number of layoffs, many of them coming from tech firms. Implying that the computer experts that have been or will be laid off will “then have time and they don’t have money.”
Halbheer pointed to the recently publicized Conficker worm, which has reportedly found its way into millions of PCs over the past few months.
The nature and purpose of Conficker “is still unclear,” he said.
Cyber criminals can use worms to create a botnet, “so they have a network of computers they control and then they try to sell their services to scammers and phishers or whatever … So it might well be that this is what the guy who wrote this (Conficker) is trying to do now.”
Microsoft is currently offering $250,000 dollars in reward for information leading to the arrest of individuals behind the Conficker worm threat.
“It is a pretty bad beast.., one of the worst we’ve seen in a long time,” said Halbheer. “It looks for a lot of different channels which makes it so dangerous.”
Microsoft has modified its free Malicious Software Removal Tool to detect and remove Conficker. Security firms, including Trend Micro, Symantec and F-Secure, provide Conficker removal services at their websites, according to AFP.
“A lot of critical infrastructure is owned by the private sector – the banks, telecom companies, energy companies. The government however has enforcement power as well as the intelligence power,” said Halbheer.
“We need to reach a state where we trust each other and exchange information.”
In March, Microsoft, in conjunction with law enforcement agencies and academia, proposed that the European Commission support an initiative to establish a network of university Centers of Excellence to train law enforcement agencies on cybercrime investigation techniques.
Tim Cranton, associate general counsel of Worldwide Internet Safety Programs at Microsoft, presented findings of a new study supported by Europol and Interpol at the Council of Europe Octopus Interface 2009 conference. The study supported the creation of the Cybercrime Centers of Excellence Network for Training, Research and Education (2CENTRE).
“Technological innovation, customer guidance and partnerships are essential to addressing the increasing complexities of cybercrime,” Cranton said.
“The 2CENTRE universities will unite law enforcement, industry and academic expertise to provide an internationally coordinated cybercrime investigation training program for law enforcement agencies and the IT industry in the European Union and beyond.”
“Though we have a long way to go and much more work to do, today it is a lot harder for cybercriminals to exploit weaknesses in our software,” said Halbheer.
“Unfortunately the bad guys don’t give up and go away. Instead they increasingly focus on crimes of deception that prey on human vulnerabilities rather than software vulnerabilities.”
On the Net: