This post is based on my keynote speech at “Technology Watch” held concurrently with the “13th International Symposium on Recent Advances in Intrusion Detection” last September 15–17 in Ottawa, Canada.
Let’s consider two figures who were born a year apart and became famous criminals in the 1930s. John Dillinger was a flamboyant bank robber who spent eight years in prison, escaped from jail twice, and died at the hands of what would become the Federal Bureau of Investigation (FBI) at the age of 31.
Meyer Lansky became known as the “Mob’s Accountant,” set up casinos from Miami to Las Vegas, and never spent a day in jail. He lived to the ripe old age of 80 and, before he died, became one of 400 richest Americans.
On the one hand, you have one of the most flamboyant criminals in American history. On the other, you have someone who was so quiet and unremarkable that his role in the Mafia is still being debated.
What does this have to do with cybercrime, you may ask? Think of John Dillinger as the old-fashioned virus outbreak. Loud and flamboyant, you definitely know what happened to you. Meyer Lansky is a modern-day botnet. Silent, operates in the background, and is perfectly content to work for long-term gains.
The popular conception of cybercrime is of Russian hackers with a pipe into users’ systems that steal all the information they can get. Just as frequently, however, users are not just victims. They’re also unwitting accomplices in cybercrime themselves.
Let’s take a look at one good example—spam botnets. Here’s a chart that shows how many IP addresses in Canada were involved in sending spam:
In Canada alone last year, there were at least 225,000 unwitting accomplices to spamming. Globally, the picture was even worse.
What we have then is millions of people all around the world that are spamming the Internet without their knowledge.
This is something, however, that Trend Micro is working on. Let’s take the case of Turkey. In early 2009, it was the second highest-spamming country in the world.
One of our executives, Dave Rand, said that ISPs can block both spam and botnets with little, if any, impact on users. ISPs are also uniquely positioned to identify and notify users of compromised systems. This topic and Trend Micro’s experience in Turkey are discussed in the blog post, “How ISPs Can Help Fight Botnets and Cybercrime.”
Our experience tells us that most users will seek help to fix compromised systems on their home networks. This kind of collaboration benefits everyone—user privacy is protected from malware, ISPs stop becoming a vector for spam and botnets, and the rest of the Internet gets fewer spam and bots to trouble them with.
What were the results of our efforts in Turkey?
We were able to turn Turkey from the top 2 spammer to number 21 worldwide, which is a dramatic improvement.
Cybercrime is expanding into new areas as well. Spam has always been a threat though lately we’ve seen cybercriminals expand to a new frontier—click fraud. This is something that Trend Micro has also been talking about in our “Making a Million” series of blog posts:
It’s very, very tempting to think click fraud isn’t a real threat. However, a lot of money can be made in click fraud. Combined, the online ad revenue of Google, AOL, Microsoft, and Yahoo! reach more than US$8 billion dollars per quarter.
How much click fraud is there? According to the research group Click Forensics, the current trend is not good.
Taken together, this means click fraud involves more than US$5 billion a year. That is something you just cannot ignore.
Moving forward, we will continue to see cybercrime evolve into new and interesting ways. Cybercriminals will take advantage of several worries users will have when they go online such as:
- Where’s my data?
- Who am I sharing information with?
- Is this the Web address I think it is?
Trend Micro has adapted to this enhanced threat landscape in multiple ways. The most significant of which is how we’ve moved to a cloud/client architecture—what we call the Smart Protection Network™. Not only does this provide faster and more effective protection, it also provides a tremendous amount of threat intelligence.
For example, in just one day—September 14, 2010—we received 6.2 billion reputation queries for email. We blocked 4.4 billion. For Web reputation, we received 41 billion queries. We blocked 585 million. With this amount of information, we’re able to acquire in-depth data that helps protect our customers and provides insight into the current threat landscape.
Special thanks to Jonathan Leopando of Technical Marketing for helping with this write-up.