Is the idea of a safe, global Internet in jeopardy?
South Korean computer hackers compete during an information security olympiad at the National Assembly in Seoul, South Korea, Friday, July 10, 2009. (AP Photo / Lee Jin-man)
Published Wednesday, December 29, 2010 5:37PM EST
"All stuffs delivery instant after payment," the cyber-crook has written in broken English. "I dont sell by 1 Card, if you need ask me I will give you some free."
Below this offer, logos of HSBC, Lloyds and a few other major banks are aligned in a row. Far from acting on behalf of these financial institutions, however, the person who runs this website is selling stolen banking information in bulk to miscreants interested in defrauding their customers.
The prices for credit-card numbers range from $15 to $40 depending on the type. Buyers choose from five payment options, including Western Union. The stolen numbers are then transmitted by instant message or email.
Although they keep a low profile, similar websites abound online. Another offers TD Bank Visa Classic numbers for 10 euros apiece (just add them to your virtual shopping cart and check out). A third stocks "Canada Classic" numbers for $20 and "Canada Platinum/Gold" for $33.
Welcome to the shadowy world of cyber crime, where swindlers face such remote risks that they sell stolen information in plain view on the Web, yet their payoffs can be staggering.
In one recent case, the FBI alleges that more than 100 people in the United Kingdom, Ukraine and the United States stole US$70 million by using a strand of malicious software known as Zeus to uncover Internet users' banking details.
No wonder business is brisk. By all accounts the industry is big and getting bigger, but exact measurements have proven elusive. Estimates of annual losses from online crime during 2009 ranged anywhere from $100 billion to $1 trillion.
"It dwarfs the size of the illegal drugs market but it's impossible for anyone to accurately come up with numbers," said Steve Santorelli, a former detective with Scotland Yard's computer crime unit who now works with Team Cymru, a non-profit group that monitors Internet security.
"There's advertising. There's return on investment. There's a lot of branding," he told CTV.ca by phone from Burr Ridge, Illinois. "This is their living."
Nearly two decades after the Internet's popularity caught fire, two billion people around the world have moved online. But now there's talk that cyberspace as we have come to know it -- an inclusive, global network of networks -- may be in danger from a range of threats including by online criminals and restive governments.
Legitimate Internet users jostle with ever more prolific, tech-savvy crooks. Other culprits launch political cyber attacks at the behest of governments eager to use criminal groups as proxies, according to many experts.
China, Russia, Israel, France and the United States have also developed "advanced" capabilities with which to wage war online, according to a 2009 report from Internet security firm McAfee.
"There's a general climate of an arms race in cyberspace that I think is a major threat to an open Internet," said Ron Deibert, co-director of the Citizen Lab and the Canada Centre for Global Security Studies at the University of Toronto.
"Part of that feeds into techniques of cyber crime and encourages privateering," Deibert said. "You see many more instances of hacking and denial-of-service attacks directed at political targets" such as human rights and opposition groups.
Over the past several years, Deibert and a small clique of colleagues in Toronto, Ottawa and at Harvard have helped expose a global cyber-espionage ring, document Internet filtering around the world and dismantle a Russian criminal group that was making millions off a Facebook advertising scam.
He also advised Google after the company discovered last December that it had been targeted by China-based hackers. The attacks affected at least 20 large American companies, Google said, and allowed the perpetrators to access Gmail accounts belonging to Chinese human-rights activists.
Another major cyber attack came to light in July, when a Belarusian antivirus company discovered a new malicious computer program known as the Stuxnet worm.
It mainly infected computer systems in Iran and appeared to have been designed to target nuclear centrifuges. Those findings led to speculation that a foreign government created the virus, or hired a criminal group to do so, in an attempt to shut down the Islamic republic's contentious nuclear program.
No silver bullet
Whether such events are driven by profit or by politics, the question of how to discourage them looms large.
"Any new technology can be misused," said Igor Muttik, a senior architect with McAfee Labs in Slough, England. "It's such an evolving and rapidly changing thing, governments and legislators are frequently behind."
A number of fixes are needed, Muttik said, from educating Internet users about online threats, to creating software that will better protect them, to passing new legislation that can keep cyber criminals from stealing with impunity.
Complicating things, many of the governments who would institute those fixes are trying with greater success to rein in the Web.
Sixty countries experienced "some form of Web censorship" in 2009, twice as many as in 2008, according to Reporters Without Borders. The group singled out democratic countries such as South Korea and Australia as well as authoritarian ones like China.
"The World Wide Web is being progressively devoured by the implementation of national Intranets whose content is ‘approved' by the authorities," it warned in a report last March.
Similarly, Deibert believes the Internet is entering a dangerous new phase. After growing from a research tool in academic and military circles to a sort of global shopping mall, he's convinced that a contest is now underway to determine who will control it.
"You're finding elaborate doctrines now in how to fight and win wars in cyberspace, and proposals that would seek to re-engineer the Internet. These are coming from very powerful actors," he said.
"People may look back at the 1990s and the 2000s as a brief window where we at least came close to this open, global commons of information and communication," he added. "But right now we're headed in a much different direction."