HIGHLIGHTS OF HISTORY
- Mikko Hypponen: Today, computer viruses and other software written by professional criminals
- He says crime gangs are enlisting hackers to get your information online
- He says unlike theft, international authorities are not equipped for this crime
- Hypponen: We need an international police force to fight this, without restricting internet freedom
Editor’s Note: Mikko Hypponen is a cybercrime expert and research director at F-Secure Corporation in Helsinki, Finland. TED is a non-profit organization dedicated to “Ideas for dissemination”, which it broadcasts on its website.
(CNN) – Geography was important in the crime.
In the real world, you only have to worry about the criminals who live in your city. But in the online world, you have to worry about the criminals who might be on the other side of the planet. Online crime is always international because the Internet has no borders.
Today, computer viruses and other malware are no longer written by amateur hackers seeking fame and glory among their peers, but by professional criminals who earn millions from their attacks. These criminals want access to your computer, your Paypal passwords, and your credit card numbers.
Online criminal gangs recruit people with high-level computer skills, but no real economy job opportunities. There is now a global marketplace for sinister software – viruses, worms, Trojans, spyware – which are produced and sold on underground market sites on the Web.
Watch Mikko Hypponen’s TED Talk
The international community has failed to address the real nature and extent of the problem. National police forces and justice systems are struggling to keep up with the rapid growth in online crime. They have limited resources and expertise to investigate online criminal activity. Victims, police, prosecutors and judges rarely discover the full extent of the crimes that often take place across international borders. Action against criminals is too slow, arrests are rare, and too often the sentences are very light, especially compared to those attached to real crimes.
Fight viruses, defend the web
We are sending the wrong message to criminals and that is why online crime is growing so fast. Right now, potential cybercriminals can see that the likelihood of being caught and punished is extremely low, but the rewards are significant.
If an armed man walks into a bank and asks for money, the police are ready to take action. If international borders are crossed in such a crime, international police services get involved. If the shooter is caught, there is always a lawsuit and the bank will push the prosecutor for the maximum possible sentences.
This is not the case with online crime. Virtual shooters are free to roam with hardly anyone to stop them. Online crime is always international, but local law enforcement authorities usually only have their local resources to investigate. Online crime is easier to carry out than âofflineâ crime and costs less to start.
Computer security companies do their best to protect their customers’ computers, but there is little that nongovernmental organizations can do directly to tackle the criminals at the heart of the problem. Antivirus companies aren’t law enforcement, and they shouldn’t be. Tackling online crime requires a significant investment of resources at the international level and law enforcement agencies need to keep track of criminals in the online world.
Traditionally, international law enforcement has focused on major international crimes such as drug trafficking or smuggling. Countries involved in investigations like these can easily see the value of catching such criminals.
However, online crime is generally made up of small individual offenses. Attackers don’t hack the bank, they hack the bank’s customers. A victim may have lost only a few hundred dollars from their bank account. Starting an international investigation seems overkill and, therefore, securing international cooperation could be difficult. The problem is, of course, that there is more than one victim. A banking Trojan botnet can steal money from tens of thousands of people at the same time.
What we need is an international police force with the enforcement power to really target the organized crime that operates on the net. He would investigate the top of the crime software food chain and hunt down the people who run the online crime syndicates. Each member country would be required to cooperate with the others, regardless of the apparent scale of the crime.
Of course, establishing such a new force would entail a number of legal challenges. For example, malicious code is often created in countries where it is not even illegal or where the perpetrators are not prosecuted.
In my opinion, such an agency should focus only on fighting international gangs of malicious criminals. If he tried to expand into other areas, like fighting hackers or hactivists, things would get much more complicated. No one wants banking Trojan gangs, and we should focus on this problem. The last thing I want is some kind of net police trying to restrict the freedom of the net. This very freedom is the reason the Internet has become as useful as it is.
But we must act now. If we don’t, online crime will continue to escalate and we risk losing all of the great benefits the net has given us. Our generation is the first generation to go online. We must ensure that this resource will remain for future generations.
The opinions expressed in this commentary are solely those of Mikko Hypponen.