Fighting the Good Global Cybercrime Fight: Q&A With Security Guru Mikko Hypponen, Part 1
"Law enforcement in country A might contact law enforcement in country B and explain that a local grandmother has lost (US)$900 from her bank account, requesting help in catching the ones who did it. The problem is, these crimes don't look as significant or financially important as traditional international crimes do. ... But in reality, it's not just one grandmother -- it might be hundreds or thousands of grandmothers."
Aug 17, 2011 5:00 AM PT
It was once the case that computer viruses and other malicious software were written primarily by hobbyist hackers. Their motivations, for the most part, were simply bragging rights and the respect of their peers -- desirable rewards, to be sure, but certainly not the sole focus of any career.
The results of their efforts, meanwhile, could spread only as fast as a floppy disk could travel.
How things have changed. Today's malware creators, by contrast, are professional criminals around the globe whose efforts are proving lucrative beyond most people's wildest dreams. No longer simply out to prove a point, these criminals are finding ways to access our computers, our data and our financial details through the Internet, and they're using that information to make a generous living at our expense.
Malware has changed dramatically over the years since the first PC virus -- dubbed "Brain" -- was written 25 years ago, in other words, and now it's time our law enforcement practices caught up. So argues Mikko Hypponen, chief research officer for F-Secure, who has spent the past two decades studying cybercrime and tracking some of the biggest malware outbreaks in history.
Hypponen gave a talk on just that topic last month at TEDGlobal 2011, outlining a variety of strategies that could give cybercrime fighters a better chance at success.
TechNewsWorld recently had an opportunity to catch up with Hypponen for more insight into his proposed approach.
TechNewsWorld: What do you think we're doing wrong today when it comes to fighting malware? How is our approach outdated?
Mikko Hypponen: If we look at the growth rate of international crime in general, it's pretty obvious it has completely exploded over the last 10 years, and that's because of Internet crime. Internet crime is very commonplace now, and it practically always crosses country borders.
We haven't gotten rid of traditional international crime -- that has stayed at the same levels. But at the same time, there's been this explosion of Internet crime. Meanwhile, our traditional resources for fighting crime, such as through Interpol, haven't kept up.
TNW: What type of law enforcement model do you envision that could more effectively track down malware creators and put them out of commission?
Hypponen: Our first challenge is the lack of global laws. We don't have global laws, and we never will -- that's just the way it is. That hasn't stopped us from fighting traditional international crimes, however, and it shouldn't stop us from fighting Internet crime, either.
The second thing is the need for some kind of framework for fighting online crime. The current way, which focuses on traditional international crime, isn't working well.
In the 'good old days,' the stereotypical international crime was drug trafficking or money laundering, for example. It's easy to get international cooperation to fight the trafficking of a boat load of cocaine, for instance, because everyone understands the problem, lots of money is involved, and everyone is interested in stopping it.
Now consider the case of a banking trojan. Law enforcement in country A might contact law enforcement in country B and explain that a local grandmother has lost (US)$900 from her bank account, requesting help in catching the ones who did it. The problem is, these crimes don't look as significant or financially important as traditional international crimes do.
Police forces used to fighting massive international crimes involving millions might disregard these. But in reality, it's not just one grandmother -- it might be hundreds or thousands of grandmothers. Yet it's very hard to connect the dots and see the big picture.
TNW: Where do you think the coordination and funding for a more united effort should come from?
Hypponen: I work for an antivirus company, so I look at it from an industry perspective, and I don't think we can solve these problems. Rather, it has to come from an international cooperation of different governments and an expansion of existing systems, such as through a separate unit in Interpol, for example, or a new body altogether that's dedicated to fighting this sort of crime.
Countries would be required to cooperate with these international efforts, even if the crime doesn't look important or interesting from their perspective. It would force us to investigate these cases and connect the dots, to see the bigger picture.
One of the factors currently slowing down research into online crime is that there is very rarely a threat to human life. Obviously, when you have international crime rings and people are dying, I understand that those cases are more important.
But if the same people are ranking the crimes and comparing Internet crimes with those where there's a threat to human life, they may have a hard time taking these computer crimes as seriously. A separate unit, on the other hand, wouldn't be blinded by the life-threatening crimes, which really can't be compared.
TNW: What should the first steps be?
Hypponen: I've had discussions with law enforcement in several countries as well as Interpol and ITU -- which is part of the United Nations -- and there is movement. It should start at some high level like that.
Frankly, I don't have a good map of how to go forward. I'm not the leader here -- I work with industry and so could be seen as biased. But this is a real issue, and we should talk about it seriously. If we gather enough momentum, maybe we'll get somewhere.