Criminals, spies swamp cyber world: experts

Finally the world has a hacker-proof communications device. The bad news? It's a brick in a glass case. The joke, told to a cyber conference Tuesday in New York, illustrates what top US experts describe as the dire state of online security.

"Threats today are basically not preventable," said Amit Yoran, a leading IT security consultant and CEO of NetWitness Corporation. "There's basically no way to defend any large-scale environment today."

The spoof brick really exists -- right in the lobby of the secretive US National Security Agency, Yoran said. And that's to remind America's top cyber spooks how limited their powers really are.

Yoran described a world where hackers operate mostly with impunity, since they are rarely caught -- or extradited when found -- and at great profit.

Nor are they all lone teenage computer geniuses playing for kicks.

Organized gangs and government-sponsored spies are the real threat, making cyber crime a bigger sector even than drug trafficking, he said. "It's a very complex set-up."

The gloomy diagnosis from the FBI-sponsored conference at New York's Fordham University comes when the Internet and society are becoming more integrated by the minute.

Everything from countries' military maneuvers to ordinary citizens' grocery shopping is increasingly organized online.

In fact the entire US economy, White House cyber security coordinator Howard Schmidt told the conference, essentially rests on safe Internet facilities.

Last year saw 10 trillion dollars in online business, a figure forecast to hit 24 trillion in another decade, he noted.

Yet, incredibly, the business world has yet to grasp the threat that online thieves and vandals pose. Almost half of small businesses don't use anti-virus software and even fewer use it properly, Schmidt warned.

"There has been enough exfiltration of personal property in this country in the past years to fill the Library of Congress over and over again. So we must do more."

But chasing cyber criminals is a task that can exasperate the most powerful sleuth.

"Cyber criminals are not constrained by geographic borders," said Michael DuBose, head of the computer crime section at the Department of Justice.

"A Romanian hacker sitting at his kitchen table can penetrate a US network within seconds and exit just as quickly."

The hackers' "world has become a lot smaller," he added, but "they prey on what is essentially a global victim pool."

Another hurdle, according to the FBI's cyber division deputy assistant director, Jeffrey Troy, is outdated legislation, combined with the usual complications of cross-border probes.

"We need to be operating like one global law enforcement agency," he said. Instead "a lot of countries don't have laws that fit the crime... We're using laws that were written when no one even had thought of the crime."

Experts at the conference also lamented what they said was the failure of private software companies to come up with adequate defenses.

In the end, they said, all that can be done is to mitigate the problem and make the hacking business -- ranging from theft of bank details and spam advertising to espionage and terrorist sabotage -- less easy.

Gary Gagnon, from the IT security firm MITRE, joked the biggest problem was people -- "users who just can't help clicking" on infected files.

But he said no one should ever feel smug about security levels.

"If (hackers) are determined to get in our network, they'll get in. The odds are stacked in their favor."

(c) 2010 AFP