Why no united front on cyber crime?

The threat of terrorism is soaking up funds badly needed to combat cyber crime. So how big does the problem have to become before governments act, asks Simon Moores.

"Is it safe?" The famous line from the film Marathon Man is a singularly appropriate question for today's dangerously joined-up world.

The internet is certainly not safe. The statistics may show the risk of crime is decreasing in some areas because of new technical measures and policies.

But elsewhere, under the extreme pressures of criminal interests, new leaks are appearing in the collective firewall. They may become a flood if not tackled quickly.

That growing influence of serious and organised crime in cyberspace is the focus of representatives from business, finance, government and law enforcement agencies at next week's sixth international e-Crime Congress in London.

New exclusive:
The Naked CIO

Who can you trust with your personal data?

This year even shadow home secretary David Davis will be joining the directors of the FBI, US Secret Service, Nato and the likes of PayPal, Lloyds TSB and Unilever to reflect on a shared problem that threatens the world's most advanced economies.

Over the past 12 months, leading UK banks such as Barclays have been successful in reducing online fraud. Yet corporate losses from computer crime have reportedly doubled and the incidence of identity theft among the broader population continues to rise dramatically. Criminals are increasingly targeting individuals in cases of financial fraud rather than businesses.

Companies have been developing their security counter-measures to deal with the more common, asymmetric mass attacks launched through spam, phishing, botnets, denial of service and all manner of other exploits.

But at the same time, organised crime groups have also been busy. The resulting refinements in criminal techniques have led to the appearance of new tools for launching under-the-radar targeted attacks on individuals and organisations. These attacks are neither broadly distributed nor unique in nature and display much improved social engineering tactics.

Identity theft and sloppy data management are a significant and steadily growing problem. There is the regular loss of confidential personal data by large companies and government agencies, such as HMRC, or, at the more sophisticated end of the spectrum, advanced identity theft from persistent bots and new exploits that seek to compromise home routers.

Compromised bot networks of personal computers continue to make headlines in greater numbers and with increasing sophistication and effectiveness.

This month in the US one hacker pleaded guilty to creating a network of more than 400,000 computers, which included those belonging to the country's Defense Information Systems Agency.

In April 2007 Estonia, the former Soviet Baltic republic was paralysed by an unprecedented online attack from networks in Russia. Estonian MP Silver Meikar, a member of the country's defence committee, will be describing this attack at the e-Crime Congress.

Earlier this month, silicon.com reported Russia has now passed China to become the largest generator of spyware and malicious code and in terms of the source of criminal exploits.

But Russia and China are not the only problem. IBM's X-Force reports that America and Germany were the only two countries consistently among the top three hosting sources for each classification of unwanted internet content monitored throughout 2007.

America far outpaces other countries as the primary hosting source of adult, socially deviant and criminal content on the internet.

The threat of international and domestic terrorism sucks funds away from the fight against e-crime.

The urgent question we need to answer - whether at conference, government, business or law-enforcement level - is does any effective counter-measure exist to challenge the organised crime interests that are threatening the trade routes of the internet much as the pirates of the Caribbean once did to marine commerce?

Without doubt every country requires more resources. Furthermore the government must treat this problem more seriously. I'm not convinced this will ever happen until the problem becomes too large to ignore.

Pandora's box has been opened and no single country is strong enough to close it. It's analogous to the debate on tighter European immigration and border controls.

The internet is as open and porous as the borders of Europe and legislation is only as strong as the will and resources of the poorest country. And without the co-operation of Russia and China any anti-cyber crime proposal remains of academic interest only.

So what can we do to fight the threat? Perhaps buy shares in information security companies because business and finance is largely on its own, as is the man in the street.

There must be a truly joined-up and international initiative to tackle the growing problem of organised crime online, involving significant funding, resources, legislation and most of all will at every level.

Without that initiative we shall have to accept that millions of people and businesses will be robbed and duped and conned as an integral benefit of the internet's total cost of ownership.

After all, if the FBI only has a team of 100 officers to deal with all cyber crime offences and Interpol has perhaps only three for Europe, the Middle East and Africa, the level of priority and the scale of the challenge now facing our joined-up and interdependent economies becomes depressingly clear.