The changing landscape
of cybercrime has meant that you do not need to be a computer geek to start
reaping in dirty cash from cybercrime activities.
The world of technology and computers is constantly changing
and opening itself up to the masses even though that not each and every use of
technology we make is legitimate.
I still smile when my
parents hook on skype or keep tabs of some old useless junk on sale on ebay
which stands as testament that today technology is really ubiquitous.
In my childhood years, my computing abilities enabled me to
configure my serial and parallel ports on my then “ultra fast” 386 machine or to shift memory allocation
around in order to ensure that Monkey
Island ran smoothly. Back then, I
would be mesmerized, reading the exploits of cyber-criminals in books such as
The Cuckoo’s Egg by Cliff Stoll. As a young adolescent with very basic mastery
of computers I realized that you do not just need malicious intent to become a
cybercriminal but you required a very intimate knowledge of how computers
worked. Even though I never had any criminal intent (or that is what I believe)
I always felt amused at how technology could serve as a tool of choice for the
commission of crime without proverbially dirtying your hands.
In the past few years
the availability of technology and the ever-changing nature of computing tools
has simply democratized cybercrime.
You don’t need to be a source code wizard to become a
hacker. You don’t need a mammoth machine to perpetrate cyber offences. You just
need to know what to look for. The tools are all there for the taking and the
perfect example of this is the rise of online advertising fraud and the use of
malicious botnets.
Basically, botnets are malware infected or compromised
computers which are then used to instigate and launch a myriad of cyber-attacks
ranging from denial of service attacks to email spam. Without your knowledge
your computer can be infected and could be a “zombie” performing tasks without
your knowledge. But don’t think that you need to be a scientist nowadays to set
up your own botnet farm and use these infected computers as your despicable
minions to launch your worldwide cybercrime conquest. All you need is a couple
of hundred euros and publicly available programs and you are half way there. Botnets
are nowadays not only used by hacktivist groups such as Anonymous to carry out
their DDOS attacks but are increasingly being used by common people to commit
click fraud.
Click fraud occurs when automated script or compromised
computer terminals are used to click on adverts which run on a pay per click
business model. The activity is very simple in its design even though some
perpetrators run huge systems of a more complex nature. Basically, you can set
up a very straight forward web site, have adverts on your site and then
generate revenue by having clicks registered on those ads. Now imagine, that
through the use of botnets you are generating terrific volume of traffic and
clicks on those ads. You have essentially set up your own private pension plan,
illegally of course. Many companies,
including Google have been the victims of such activities and it appears that
such attacks are only increasing.
The situation is now even more precarious due to the fact
that botnet farming software is easy to acquire and deploy and thereby
assisting in the illegal pay-per-click type of fraud. Sometimes the amounts are
so small that it is not easy to detect genuine from malicious activity even through
the use of illicit click-farms.
The availability of malware such as Zeus and Spyeye meant
that, theoretically speaking, even my mother, instead of chatting away on
skype, can set up her own botnet farm
and become a cybercriminal and rake in cash through fictitiously generated
advert click-through revenue. Some users of Zeus went as far as declaring that
the creation of a 10,000 machine botnet was so easy that cybercrime has today
become more profitable than drug dealing. Perhaps the next hit series on TV
will not be Breaking Bad but would have an illegal botnet as its core storyline
as opposed to meth cooking .
What is certain however is, despite its ease of use, click
fraud is indeed a criminal offence regulated by the Computer Misuse provisions
contained in our Criminal Code.
Furthermore, the making available of programs such as Zeus
and Spyeye can also lead to criminal offences. In fact, Article 337(C)(1)(l) of the Criminal
Code provides that it shall be an offence to produce, sell, procure for use,
import, distribute or make
available any software programme designed or adapted primarily to commit a
computer misuse offence including unauthorised access, hacking and related
offences including DDOS and botnet activities.
It seems however that the law has not served as a sufficient
deterrent. The proliferation of high speed internet connections together with
the ease of use of such tools has enabled many individuals to join the
cybercrime bandwagon albeit in a less sexy fashion that what we are normally
accustomed to see. Problems and
deficiencies in law enforcement related to such illegal activities are also
very apparent. Which again bringing to the limelight traditional issues
associated with cybercrime including jurisdictional issues.
Surely, as part of her technological trials and
tribulations, I will ensure to advise my mother not to try her hand at click
farming any time soon.
No comments:
Post a Comment