By JOHN MARKOFF
The New York Times
December 5, 2008
SAN FRANCISCO - Internet security is broken, and nobody seems to know
quite how to fix it.
Despite the efforts of the computer security industry and a half-decade
struggle by Microsoft to protect its Windows operating system, malicious
software is spreading faster than ever. The so-called malware
surreptitiously takes over a PC and then uses that computer to spread
more malware to other machines exponentially. Computer scientists and
security researchers acknowledge they cannot get ahead of the onslaught.
As more business and social life has moved onto the Web, criminals
thriving on an underground economy of credit card thefts, bank fraud and
other scams rob computer users of an estimated $100 billion a year,
according to a conservative estimate by the Organization for Security
and Cooperation in Europe. A Russian company that sells fake antivirus
software that actually takes over a computer pays its illicit
distributors as much as $5 million a year.
With vast resources from stolen credit card and other financial
information, the cyberattackers are handily winning a technology arms
"Right now the bad guys are improving more quickly than the good guys,"
said Patrick Lincoln, director of the computer science laboratory at SRI
International, a science and technology research group.
A well-financed computer underground has built an advantage by working
in countries that have global Internet connections but authorities with
little appetite for prosecuting offenders who are bringing in
significant amounts of foreign currency. That was driven home in late
October when RSA FraudAction Research Lab, a security consulting group
based in Bedford, Mass., discovered a cache of half a million credit
card numbers and bank account log-ins that had been stolen by a network
of so-called zombie computers remotely controlled by an online gang.
Help InfoSecNews.org with a donation!