Five solutions to the rising identity theft and malware
London, UK - 24 March 2004, 13:00 GMT - How is an individual or an
organisation supposed to cope with the growing problem of identity theft on
the web and malware proliferation that seeks to extract vital personal details
from the machines of unsuspecting users? As a result of the recent malware
and phishing scam outbreaks, new and dangerous developments have taken place.
Self-infecting malware variants are being released and proliferate ever faster.
There is a lag before they are added to virus definition records, during which
time they cannot be recognised by anti-virus systems or other counter-measures.
The majority of anti-virus solutions currently on offer are therefore no longer
viable in countering malware epidemics.
Causes of malware proliferation
Malware families like the new Bagle variants are now proliferating automatically
through HTML email, and where the malware is propagating through attachments,
people are going so far as to type in passwords contained in the email to
open them. In any complex technology-dependent system - whether it is air-traffic,
car-traffic or network-traffic - extraordinary accidents happen because human
beings either operate the system incorrectly or extend the system's usability
beyond the boundaries originally intended.
The human factor is proving to be the weakest link in the development of recent
global malware epidemics, whether it is the naive user who opens attachments
or malware writers who compete with each other to produce ever more virulent
and fast-spreading forms of code in protracted turf wars. In less than a few
weeks, MyDoom, Netsky and Bagle malware have had thirty new variants between
them. Additionally, Netsky seeks to remove traces of Bagle and MyDoom variants
in a bid to gain a greater share of infected machines.
Malware is becoming increasingly multi-functional and socially aware as it
gains the ability to perpetrate Distributed Denial of Service (DDoS) attacks,
create zombies and send spam without being detected easily. Both RIAA and
the SCO Group have fallen victim to MyDoom DDoS attacks. Malware epidemics
are also being fuelled by organised crime.
Trans-national malware proliferation and protracted hacker attacks show that
the sovereignty of the individual in cyberspace supersedes the sovereignty
of the nation state. A force for common good - the internet - welcomed by
all a decade ago, has now begun to show a consistent dark side. It is just
beginning to dawn on government policy makers and chief executives of organisations
that the global nature of the internet and the rise of the resultant networking
power, creates entirely new and unfamiliar problems of governance and relations
between nation states, businesses and computer-empowered individuals, who
may have their own agendas.
Five Solutions to the rising identity theft and malware problem
With correct set up, administration and defence procedures, it is possible
to protect a Linux, Windows or BSD server from hacker and malware attack.
However, this requires a very high level of training and expertise as well
as a substantial technology investment. In most cases, it is not the Operating
System (OS) alone that lets the system down: inappropriate configuration management,
incapacity to prepare for the impact of third party application exploits as
well as the maintenance of default configurations with unnecessary processes
running are all partially responsible for the high level of attacks against
a particular OS.
The mi2g Intelligence Unit puts forward five graduated solutions to
address malware proliferation and identity theft, which defeat computer hierarchies
and adversely impact the digital eco-system:
1. Migration to upstream data cleansing and vaulting
In the downstream cleansing approach, prevalent at present, the client computers
have full responsibility for prevention of contamination, clean-up and recovery.
End-users can allow any function from their computers to be performed, including
inadvertent DDoS attacks.
When computers are damaged or rendered useless, users bemoan the loss of their
data, not the loss of their machines. It will become increasingly necessary
to offer upstream safekeeping of data with the attendant intrusion detection,
anti-virus, firewall and other counter-measures, which individual users may
not necessarily have the time or expertise to address.
Migrating complex security functionality upstream away from the desktop allows
the comparative advantage of more sophisticated resources and computing capability
at a much lower cost and with improved security, safety and reliability.
The Internet Service Provider (ISP) of the future will offer all safety, security
and data assurance services as part of the internet access charge to individuals,
small to medium size businesses as well as larger organisations.
Upstream cleansing prescriptively maintains a managed security infrastructure
at the ISP level or higher. The anticipated resistance at the home or individual
user level will have to be overcome somehow in the light of the little effect
that education on safety and security has had in preventing malware proliferation.
As computing power migrates upstream it should both reduce the number of points
of fallibility and solve the twin problems of loss and theft of personal data,
the most valuable digital asset in the 21st century. This approach may not
be popular to begin with, especially amongst those who are attached to the
independence they have within the current computing paradigm. As identity
theft gains momentum the objecting voices may be left with no alternative
but to make some concessions.
2. Utility model
The utility model is a computing model which was prevalent in the 1960s, in
which there would be no local capability at the individual level beyond browsing
and other simple tasks, with all other functionality transferred to central
computing facilities or mainframes. This model was deployed because of the
prohibitive expense associated with computing power and storage at the user
The utility model could be introduced as the extreme version of the upstream
data cleansing model, ie, users consume computing power and data storage from
a large pool of processors running generic software, which remain under highly
sophisticated security management at all times.
As it is now clear, individuals are not capable of distinguishing friendly
attachments from malware-laden attachments. Upstream processing which includes
mail and data cleansing takes responsibility away from naive individuals and
home users whilst restricting functionality. However, the home computer is
an entertainment and life-style machine, which synchronises with mobile phones,
PDAs and digital entertainment portals. These require computer peripherals
and software applications. Every home computer will need some dedicated processing
power and therefore a restricted services "not-so-thin" client will
need to be deployed.
3. Total Information Awareness Systems (TIAS)
The other approach would be that of Total Information Awareness Systems (TIAS)
with a specific function to contain malware proliferation, identity theft
and swift growth in the digital crime wave. Within a large organisation with
thousands of employees and other stakeholders, it is necessary to go beyond
defining external boundaries and implementing counter-measures just between
the external and internal interfaces. A security architecture needs to be
deployed where every node on a network is recognised as a potential threat
and TIAS can be employed to look for anomalous behaviour at the human, computer
and communications level.
TIAS make use of the safety model of a warship, where certain critical individual
compartments are left in closed mode whereas others remain in a "ready
to be closed" mode. For example, when going into a port, there is a heightened
state of readiness. If flooded, affected compartments are immediately closed
off to prevent the problem from spreading. TIAS based networks can be blocked
off from the rest of the world following an outbreak as soon as a malware
epidemic or other anomalous behaviour is detected at an operational level
within a department, corporation, metropolitan area or nation state. TIAS
also help to train organisations as mistakes are made, recording the ill-judged
actions that precipitated the problem.
TIAS are a plausible solution for any form of network but they are ineffective
at preventing large scale digital risk events from occurring across the globe,
they simply contain the outbreak for the organisation that has invested in
Desktops are dominated by the Microsoft OS and application software. At the
server level, Windows, Linux and BSD all play a significant part. In the near
term, it is possible to mitigate the infection rate across an organisation
during a malware epidemic by reducing dependency on computers belonging to
the targeted operating system.
However, it is important to note that malware authors at present have no incentive
for developing malicious code that targets the less popular non-Windows platforms.
Migrating to a non-Windows system for the sake of preventing malware infections
only takes advantage of security by obscurity in the near term and this approach
is not viable in the long term. If there is a known vulnerability and a commercial
incentive exists, any operating system including Linux, BSD or a third party
application can have malware or hacker activated code custom designed to target
5. Law enforcement, legislation and government intervention
There is a lack of coherent strategy at the nation state level to contain
digital risk. The internet is unique in comparison to other media in that
there are no borders and the sovereignty of an individual extends worldwide.
An individual in his home country can carry out a digital crime in a foreign
land without the authorities in the home land being able to prosecute or vice-versa
in many instances.
There is scope for international agreements being made to control malware
proliferation and identity theft. Millions of computers are being turned into
zombies by malware worldwide. What would happen if a globally spawned cyber-catastrophe
leads to a major economy being crippled for a few days? Adequate international
law enforcement is an essential deterrent to prevent such attacks.
Law enforcement agencies from all countries should be better equipped, both
from a logistical standpoint as well as a regulatory standpoint to deal with
the perpetrators and facilitators of digital crime.
Given the potential for carrying out large scale digital crimes unbeknownst
to their owners, computers ought to be subject to periodic checks, although
this resembles a transport license model which could be hard to enforce or
gain support for. Would it be reasonable to require a license to be held in
order to operate the computer of tomorrow, even when it is likely that the
difference between a computer, a mobile phone and other devices is becoming
"The current situation of excessive malware
proliferation, phishing fraud and spam campaigns has to force user improvements
in the digital eco-system. We are being inspired to innovate: before the end
of this decade we aim to offer the convenience and guaranteed security of
one stop utility computing which will include automatic data cleansing and
data vaulting," said DK
Matai, Executive Chairman, mi2g. "This
next generation of utility computing - which we call D2-Banking - will be
second nature to its users as they enjoy the ability to store and access data
and finances from anywhere at anytime without fear of being hacked or plagued
by malicious software."
17th November 2004 - Full compendium
of mi2g speeches released on web
12th November 2004 - Exclusive interview of DK Matai
with Linux/Security Pipeline
12th November 2004 - Deep study: The ongoing Linux Attacks
6th November 2004 - Experts challenge mi2g security
study: mi2g response
5th November 2004 - The relativistic approach to safety
- uptime versus market share
2nd November 2004 - Deep study: The world's safest
2nd March 2004 - Disturbing the sanctity of the Linux
19th February 2004 - The World's safest Operating
Security News: mi2g defends its Linux claims - Insecure.org
defends its Linux claims - Virus.org
its Linux claims - The Inquirer
DK Matai with Linux/Security Pipeline - Linuxtimes.net
interview of DK Matai with Linux/Security Pipeline - LinuxSecurity.com
interview of DK Matai with Linux/Security Pipeline - eBCVG IT Security
Mac OS X is much more secure than Linux or Windows - MacDailyNews
over OS security survey - ITWeb
Sysadmins Leave Linux Security Lacking - InternetWeek.com
Sysadmins Leave Linux Security Lacking - CRN
Admins Leave Linux Vulnerable To Security Breaches - Information Week
is 'most breached' OS on the Net, security research firm says - ARNnet
is 'most breached' OS on the Net, security research firm says - LinuxWorld
is 'most breached' OS on the Net, security research firm says - ComputerWorld
company defends Linux-is-vulnerable survey - HNS
worlds safest computing environment - TechCentral
Experts challenge mi2g security study - eBCVG IT Security
Pro: Security Company Defends Linux-is-Vulnerable Survey - linux today
Linux Is Least Secure OS - WindowsITPro
Most Breached OS, Says New Report - CXO Today
Mac OS X most secure, Linux least - ITWeb
OS X, BSD Unix top security survey - Neowin.net
OS X, BSD Unix top security survey - Computer World
OS X World's Safest OS From Security Attacks - MacNewsWorld
Recommends Mac OS X as Safest OS - Slashdot
OS X, BSD Unix top security survey - MacCentral
Mac OS X Good, Linux Bad - eBCVG IT Security
Apple's Mac OS X 'world's safest and most secure' operating system - MacDailyNews
OS X World's Safest OS From Security Attacks - the Mac Observer
safest computing environment - eBCVG IT Security
OS X - 'world's safest' - Macworld Daily News
world's safest computing environment - TechCentral
is at the leading edge of building secure on-line banking, broking
and trading architectures. The principal applications of our technology are:
2. Digital Risk Management
3. Bespoke Security Architecture
pioneers enterprise-wide security practices and technology to save
time and cut cost. We enhance comparative advantage within financial services
and government agencies. Our real time intelligence is deployed worldwide for
contingency capability, executive decision making and strategic threat assessment.
Research Methodology: The Frequently Asked Questions (FAQ) List
is available from here
in pdf. Please
note terms and conditions
of use listed on www.mi2g.net
Full details of the latest monthly 2004 report are available and can be ordered
(To view contents sample please click here).