We at Symantec/Norton get very excited when we see the bad guys get nabbed for cybercrime. Often, our employees were working closely with law enforcement on some of these cases, both domestic and international, that can go on for lengthy periods of time. It’s rewarding to know that the hard work has paid off and that justice will be served against the creators and distributors of malware like botnets.
This week’s arrest of three Mariposa bot herders in Spain was the result of one of these complex, concerted efforts. Many of the articles take note of the various bodies involved in the investigation: local and international law enforcement, government officials, private industry and others. But the cybercrime economy is huge, often estimated as being as large as the international drug trade. As one participant in the Mariposa investigation says, “It really is a drop in the ocean compared to the sheer number of criminals out there constantly launching a variety of attacks.”
In a private conversation I had this week, a representative from a major ISP told me they estimate 15% of their users are on botnet-infected computers. Whether we know it or not, some of our friends are likely using computers infected with botnets, Trojans, or keystroke loggers. These forms of malware rely on stealth forms of operation. Unlike the criminals in the Mariposa botnet, most cybercriminals are very careful to avoid detection. Their bits of code are silently dropped onto your system and then remain in place, conducting the cybercriminal business without your immediate knowledge. Cybercrime is silent. Cybercrime is also nearly invisible.
Most often, the consumer is aware of cybercrime through headlines like Mariposa. Arrests are occasionally made. Microsoft is committed to beating the Waledec botnet. Then, Kneber infects thousands. Well, if cybercrime is usually silent and invisible, just by detecting the threats, giving them names and being able to remove them, occasionally shutting criminals down and making a few arrests, we seem to have convinced the public that cybercrime isn’t their problem.
Consumers are already dangerously complacent about cybercrime. They don’t recognize the enormity of the problem and when made aware, they fail to assign blame to the right players. See if any of the following statements sound like something you might say or your friends might say:
“I was stupid and clicked that instant message link; I should have known better.”
“I have an antivirus program and it didn’t catch that Trojan. What’s the point?”
“These social networks are too dangerous. People share too much private info.”
In other words, we blame the victim.
Where is your outrage? Somehow, you were tricked into allowing dangerous code onto your computer that may have involved you in illegal activities like spam and phishing attacks on others. Or your private information was stolen and passed along to criminal rings. Shouldn’t every one of these computer “take-overs” count as a crime? And every misuse of your private information be considered a count of identity theft? If you’ve been a victim of malware, had your information stolen, found your computer was infected with scam antivirus software, did you report it to law enforcement? And if not, why not? Was it because you didn’t know where to report it or figured it was too small to count? That’s complacency, and that is the environment that is feeding the cybercriminal economy.
If you’ve got a cybercrime story, please share it with me. You can email me at marian@norton.com.