Russian security professionals Eugene and Natalya Kaspersky discussed the Russian mafia, the latest in hacker tricks and their view that the bad guys are winning.
Are we winning or losing the battle against cybercriminals?
Eugene: The industry itself is losing the game.
Natalya: We're trying our best to stay on top, but unfortunately I must confess that the detection level is slowly going down. We develop new technology to stop them and they develop new technology to bypass. We still have the highest detection rate, but we cannot stop some malicious code. This makes us scared if we will be able to stop them in the future.
There was a time when we thought that antivirus technology was enough, but that time has gone. It's not enough, obviously. We need help from local authorities. We need help from operating system providers. And one very important thing is education. Many people become infected because they don't know.
In the United States, it's common for new exploits and attacks to be blamed on "the Russian mafia." Since you live in Russia, what's your take on that?
Eugene: Traditional criminals are not in touch with computer criminals, probably because they still don't understand how to manage it. With the traditional mafia, it's drugs, it's prostitution, it's illegal weapons trading.
So the whole idea of the Russian mafia being behind global computer crime is a myth?
Eugene: I think it's a myth.
Where is most of the criminal activity coming from?
Eugene: No. 1 is China. Different countries have specific malicious code that they develop. Chinese people mostly develop multi-vector backdoor Trojans, also Trojans that steal data from online games.
No. 2 is Spanish-speaking countries and Brazil. Most of the Trojans which we see from these countries are banking Trojans to steal money from personal banking accounts.
No. 3 was Russia, but I was really surprised to see a report from my virus lab that now Russia seems to be No. 4 and No. 3 is Turkey. Now there are more Internet users and more and more criminals in Turkey. Russian hackers are mostly developing proxy Trojans to send spam and also spyware to steal everything, all the personal data and all the access codes.
Is law enforcement making a dent in cybercrime?
Eugene: The situation is getting worse. In 2004, there were 100 arrests around the globe. In 2005, there was a few hundred. Last year, there were about 100 arrests again. It seems like the stupid guys were jailed. The smart guys, it's very difficult to find them.
Why can't law enforcement track them down?
Eugene: The problem is that many criminal actions are done internationally. Last week, there was a report of a bank robbery in Sweden. Customers of this bank were infected with a Trojan and the bank lost 1 million Euros. We don't have proof but it seems like the Trojan was developed by a Russian guy, but he never used it. He had a Web page with an explanation of the Trojan and the price. The origin was Russian. Some people bought it, I have no idea who they are, and they attacked a Swedish bank. In order to investigate you need people from at least three countries. It's not easy.
Are you worried about phones becoming the next big target for cybercriminals?
Eugene: Yes, unfortunately it's possible to develop the very same malicious code for smartphones as for computers. The question is just the price of smartphones. When prices go down and when there are more and more services for smart phones, like users accessing their bank accounts, for sure there will be numbers of new malicious code developed for criminal means.
Is it already happening in the wild?
Eugene: Last year was the first example of Trojans which sent SMS messages to paid numbers [900-numbers, for example]. The hackers use social engineering to get the victim to download and execute a Trojan.
Just like the Love Letter worm that infected computers in 2001 and 2002, where the worm gets access to your [e-mail] contact list. It's possible to develop the very same malicious code to access your [voice] contact list. Then the phone would dial premium numbers or send SMS messages.
People receive their bills from the local telephone company and the bill includes these charges. The local telephone company passes that fee to the criminal [who has set up the phony 900-number account].
I'm just waiting for the first smartphone Trojan that will steal personal ID codes to access personal bank accounts.