By Grant Gross
IDG News Service
Companies that work with law enforcement agencies on cybercrime can
get valuable information, including lists of hostile IP addresses and
information on new types of attacks, a U.S. Air Force cybercrime
investigator said Thursday.
Wendi Whitmore, a special agent with the Air Force Office of Special
Investigations, urged companies that are victims of cybercrime to
report the problems to law enforcement agencies during a presentation
at the 2006 InfraGard National Conference, focused on protecting U.S.
critical infrastructure. Even though many cybercriminals don't get
caught, the shared information between law enforcement and private
businesses can help both groups develop better defenses, she said.
Some cybercriminals do get caught, and those arrests serve as a
deterrent to others considering cyberscams, she said. "No criminal
prosecution is ever going to be taken if the crime is never reported
to law enforcement," Whitmore added. "Until we start developing longer
lists of people who got five years, who got 10 years [in jail], who
had to pay back hundreds of thousands of dollars, then you're not
going to have a deterrent."
Some companies are concerned that law enforcement investigations are
slow, but police often have a view of the larger picture than an
individual company, she said. Another common fear is that a company
that reports cybercrime will have that information leaked to the
media, but rarely do the leaks come from law enforcement agencies, she
About three-quarters of the victims of distributed denial-of-service
(DDoS) extortion scams don't report the crimes to law enforcement
agencies, Whitmore said.
In extortion scams, criminals use networks of compromised computers
called botnets to flood a company's network with traffic, then ask the
company for money to make the DDoS attack stop. If the company refuses
to pay, the attacker floods the company's network with more traffic,
often from thousands of zombie computers, then demands more money, she
said. Financial companies such as banks and offshore gambling Web
sites are favorite targets for these botnet extortion scams, she
Botnets of compromised computers are responsible for sending an
estimated 60% of all spam e-mail, as well as sending many viruses and
worms and phishing scam e-mails, Whitmore said. In addition to DDoS
attacks, compromised computers can send out the owner's personal
information, and they can be used to store illegally copied music and
movies or child pornography, she said.
Whitmore called on businesses to deploy a number of defenses against
botnets, including running antivirus software, patching systems
quickly, scanning network traffic and limiting employee computer
access to only the systems they need. Companies also need to "train,
train and retrain" their employees in safe Internet use, she said.
"The Internet is a war zone," she said. "If you haven't been attacked,
at some point, you're going to be attacked."
She also recommended that companies develop relationships with local
law enforcement investigators and their Internet service providers
before a cyberattack. That way, the company will be able to get a
quick response during a crisis, she said.
All contents copyright 1995-2006 Network World, Inc.
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/