Analysis: Online security war is social not technical

By on
Analysis: Online security war is social not technical

The biggest obstacle to eradicating, or at least minimising, e-crime is not a technical challenge but a social one, according to F-Secure researcher Mikko Hyppönen.

Over the past few years the biggest geographic sources of malicious software have moved from developed Western countries such as the US and parts of Europe, to developing countries such as Brazil, China and Russia, according to Hyppönen.

These countries now have good internet infrastructure and a large number of skilled people with very few legitimate opportunities for gainful employment, who are turning to online crime to make money.

Hyppönen believes that, if these same people looked to physical, real-world crime to make a living, many would quickly be put straight by their family, community or law enforcement agency.

But, because online crime is not well understood, and is viewed by many as a very low-level crime which only affects people outside the country of origin, the fledgling hackers are not discouraged from this path.

Although technology plays a major part in protecting PC users from attack and infection, the root of the problem lies in correcting the social issues that motivate people to take up online crime.

"If you're an intelligent person and you live in a developed nation you can pretty easily get a job and make a living for yourself and your family with the skills you have," said Hyppönen.

"But if you're living in Siberia, or the countryside of China or the slums of Sao Paulo it might not be that that simple. In fact, the easiest way to make a living for yourself might be to go into a life of online crime."

This problem is compounded by the fact that punishments for those who are caught are normally very light.

"There is almost no chance of these guys getting discovered, and even if they are there is almost no chance of getting caught, and even if they are caught, there is almost no chance of getting prosecuted, and even if they are prosecuted there is almost no chance of going to jail," explained Hyppönen.

"With those odds, we're not sending a strong message to the youngsters considering online crime, which means that the situation is only going to get worse.

"Social problems are always much harder to fix. I'm a geek. I can fix your PC but I can't fix your social problems. It's a lot more complicated."

Furthermore, the internet enables the development of virtual gangs, which are different from traditional gangs as the membership is often anonymous and very fluid.

This makes it even harder for authorities to tie members together as the members themselves often don't even know the identity or location of the people with whom they are working.

Hyppönen is pushing for the creation of an InternetPol, a cyber-crime version of Interpol, either as a standalone organisation or as a division of Interpol itself.

He believes that only through proper communication and sufficient global allocation of resources can authorities effectively combat the scourge of cyber-crime which costs economies hundreds of millions of pounds a year.

Because many companies are reluctant to report breaches or attacks owing to a fear of damage to the brand and a lack of faith in anything being done about it, agencies lack good statistics when considering the allocation of resources during budget cycles.

However, the InternetPol idea is gaining traction with many law enforcement agencies, and Hyppönen has a meeting with Interpol next week to discuss the implementation of such a task force.

Copyright ©v3.co.uk
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?