Today, 95% of malware is aimed at stealing passwords, which makes users who handle valuable information potential targets for cyber-criminals. Speakers at the second international Security Blogger Summit held in Madrid last Thursday expressed concern about this and the easy way in which malware is distributed as well as the difficulty to apprehend those responsible.
The roundtable, which included Kurt Wismer, renowned security opinion blogger, John Leyden, cyber-crime columnist for The Register, Marc Cortés, marketing expert and author of Interactividad.org and Javier Sanz, (ADSL Zone.net author) identified Eastern Europe and China as the main sources of malware, criticising governments’ lack of action in fighting this threat.
“Apart from the difficulty of arresting a hacker for illegal activities carried out outside of a country’s jurisdiction, there is the problem of actually making sure that a hacker’s virtual identity actually corresponds to that of the detainee,” explained Paloma Llaneza, a member of Spain’s National Cyber-Security Advisory Council.
Participants also commented on the speed of cyber-attacks and the lack of resources from authorities to stop them. “The law is always one step behind cyber-crooks and this prevents authorities from acting more swiftly,” explained Yago Jesús, blogger and author of SecurityByDefault.com.
Joseph Menn, an investigative journalist who has comprehensively covered security issues, indicated that even in countries like the United States there are laws dating back to the 1970s that are no longer capable of stopping present-day Internet attacks.
“There are many legal obstacles that make stopping these groups incredibly hard. If you are a hacker and operate in a country other than your own, it is very difficult to arrest you,” said Menn.
The scale of the problem is daunting. According to cyber-crime expert Brian Krebs, “Cyber-crime is becoming more and more similar to drug trafficking. These organisations are exclusively motivated by money and operate using pyramidal structures. Each group within the organisation has its own responsibilities: some develop malware, others identify banks to attack, and finally some others spread the malicious code.”
“The best thing would be to be able to demand some responsibility from private businesses and public institutions,” suggested Jesús while Krebs recommended drawing up a blacklist of non-recommended sites which he believes could prevent a huge number of attacks by warning users of websites that could infect them.
Krebs also explained the need to demand more responsibility from Internet Service Providers. “If we have laws in the United States that force Internet service providers to shut down Web pages that offer pirate music or video files within 48 hours, there should be similar laws for cyber-crime.”
Education, awareness and legal responsibility
Education and awareness issues were also discussed at the summit. Several participants spoke in favour of a common sense approach.
“Just as we lock the door after leaving our house or getting out of the car, we should do the same thing with the Internet,” said Alejandro Suárez, an influential Internet blogger in the Networks SL blogging network.
Marcelo Rivero, Infospyware.com’s author, echoed this: “We must be aware of what activities can lead to an infection and what cannot. Common sense is necessary to surf the Web.”
“Unfortunately, young people establish a communication channel that parents many times cannot advice them on. We should act on the Internet in exactly the same way as in real life in order to minimize risks,” added Rivero.