The computer security industry is struggling to cope with new levels of sophistication in cybercrime, according to leading figures in the field.
“We are in a sense losing [the fight]; we cannot say that we are winning,” said Natalya Kaspersky, co-founder and chief executive of Kaspersky Labs, the Russian computer security company and anti-virus partner of Microsoft and Red Hat.
The company said the number of virus incidences had surged between 2003, when they detected just over 10,000, and 2006, when they found 80,000. Criminal activity accounted for most of that increase.
RSA, the security division of EMC, the data storage company, recently reported that the number of phishing attacks, which entail the theft of personal and financial information through counterfeit websites, had reached 65,000 a month worldwide - double the number recorded three months ago.
Kaspersky Labs, at a recent conference in New York, said virus protection alone was no longer sufficient to prevent attacks from internet criminals, and more action was needed to improve international policing - a view shared by other firms in the industry.
“There’s a new type of threat that traditional security measures are not designed to meet,” said Dan Hubbard, vice-president of California-based Websense Security. “Frankly, the attackers have out-evolved the solutions.”
The steep rise in cybercrime incidents has been attributed in large part to the development of underground online communities, which sell and trade information about crimeware, used for phishing and other types of attacks. Ransomware for example encrypts files and then demands payment to decrypt them.
“Very sophisticated tools are commercially available in black markets,” said James Lewis, cybercrime specialist and director of the Center for Strategic and International Studies in Washington. “This has made [the internet] more attractive for organised crime: [criminals] no longer have to be geeks.”
Moreover, the anonymous and international nature of the internet makes cybercrime a potentially high-return activity with relatively low risk.
“The technology doesn’t know any borders,” said Mr Hubbard. But legislation in individual nations doesn’t “foster a multi-country scenario like that”.
The international nature of the internet is one of the biggest obstacles to enforcement, said Chris Painter, deputy chief of the US Department of Justice Computer Crime and Intellectual Property Service. Mr Painter is also chair of the G8 High-Tech Crime Subgroup, an informal network of 50 countries that helps foreign law enforcers trace local internet criminals.
“There are efforts to streamline [formal] processes … and supplement them with informal processes,” he said. “But I don’t dispute the fact that we have a way to go working internationally to make sure we’re getting at the bad guys.”
In Mr Lewis’s opinion, however, international law enforcement is “still very much in the 19th century … We probably won’t see a real improvement until we see a big dramatic crime.”
Get alerts on Global Economy when a new story is published