The Seamy Underbelly of the Internet

History shows us that any situation that involves people and money will quickly attract crime. That has certainly been the case with the Internet. Online crime is at an all-time high and shows no signs of slowing down, despite the best efforts of the computer security industry.

The Scams

Many forms of criminal activity use the Internet as a means of communication, either using email instead of phone calls or publishing offensive material on a web site instead of hard copy. But the Internet has allowed some types of crime to evolve in new ways so as to exploit the new opportunities that it provides.

Spam is the most widespread of these activities . Unsolicited email places a burden on millions of servers every day. Companies spend huge amounts of money on software and staff to help keep the problem under control. They do so to save their employees from having to deal with all of it on their desktops, which would incur even higher costs in the form of lower productivity.

People who are computer savvy tend to focus on the nuisance factor of spam because that is what directly affects us. We tend to overlook the content of those messages because we already know them to be scams . We would never dream of clicking on URLs for web sites that promise us cheap Viagra, great rates on mortgages, or the chance to meet lonely singles in our neighborhoods. But other people do! If they didn’t, then the people running the web sites would not waste their money hiring the spammers to distribute their emails.

Most of these are traditional scams that have been updated to entice Internet-savvy victims. Their goal is to get you to hand over your credit card number. Being able to reach millions of potential victims through the power of spam is what makes it so attractive.

Phishing is the name we give to frauds involving fake web sites that look like those of banks or credit card companies. A phishing email is sent out like most other spam, but it attempts to entice victims by appearing to come from a well-known, legitimate business like Citibank or eBay. The message asks you to click on a URL that takes you to a web site. That web page, at first glance, looks just like the site of the genuine financial institution. The users are prompted to enter their online account information along with other personal details like their date of birth, credit card information, and so forth.

Computer viruses and worms were initially regarded as the malevolent creations of people who wanted to show off their programming skills and wanted to “get in the face” of computer users around the world. The immediate damage they caused ranged from negligible to minor. They were comparable to a graffiti tag spray painted on a wall. Their real impact lay in the effort it took to deal with infected computers and in preventing future attacks. But these threats have become more serious over time. Today’s viruses will actively disrupt the function of antivirus software and prevent such tools from being installed on an already infected system.

Perhaps the most significant development in this field is the convergence of viruses and spam, with certain recent viruses existing solely for the purpose of installing clandestine email servers on the desktop systems they infect. These servers are later employed as relays through which spam emails are sent, and which block the identification of the original sender.

The Numbers

The statistics on these threats are amazing. MessageLabs , a company that provides email security services, tracks their occurrence in the billions of messages that flow through their servers. Their Annual Email Security Report for 2004 paints a discouraging picture (http://www.messagelabs.com/intelligence/2004report).

They report that spam made up 73% of all emails in 2004, with monthly fluctuations peaking at 94% in July of that year. That sounds like an incredibly high percentage, and I was skeptical when I first read it, but a quick, unscientific survey of my Inbox puts my percentage of junk mail into the same range.

Computer viruses were identified in 6% of all emails. Unlike previous years where a range of distinct viruses were rampant, 2004 saw the emergence of variations on a limited set of known viruses. Whether this reflects better anti-virus software or a shift in the approach taken by their creators is a hotly debated issue.

Phishing experienced the most dramatic growth in 2004. MessageLabs saw a monthly average of around 250,000 phishing emails in the first half of the year. But that ramped up rapidly in the second half to reach around 4,500,000 by year-end, an 18-fold increase in 6 months.

Bear in mind that all this activity on the part of the bad guys is taking place in spite of the widespread use of excellent anti-virus software and spam filters. Collectively, we are working really hard on this problem, but we seem to be losing ground.

Why Is It Getting Worse?

Several factors lie behind this seemingly unstoppable growth:

  • Internet scams don’t cost much to set up.

  • The potential audience is huge.

  • The chance of getting caught is low.

  • The chance of getting prosecuted is minimal.

  • People are making money doing it.

The cost involved in setting up a phishing scam is almost negligible. You need a web server that you control, a little programming experience, and some way to send a lot of email messages. That is an investment of a few hundred dollars at most. All you need is one victim to give up their credit data number and you will have turned a profit.

Creating a large spam operation is a more expensive endeavor, as you need a pool of mail servers that can send out the messages. Using commercial servers, the costs are still low relative to the potential rewards, but that expense can be dispensed with entirely if you are able to commandeer the computers of unsuspecting users. That has been the rationale behind the recent computer viruses, which have installed email relay servers on their infected hosts.

The key to reaching the largest possible audience lies in automating the generation and distribution of email messages. Writing good scripts to do this is easy enough, but in the face of rapidly improving spam filters, increasingly more effort is being applied to the automated generation of messages that can evade these defenses. A form of intellectual arms race is starting to take shape between us and them. I hope that this book and the efforts of its readers will help tip the balance in our favor.

The risk of getting caught and convicted should serve as a strong deterrent to crime. Unfortunately the chances of either of these happening on the Internet are slim. The conviction rate for spamming remains so low that any individual case still attracts significant attention in the press. I discuss this more in Chapter 12.

Above all, the number one reason why Internet crime is growing so rapidly is that people are making money doing it. As long as that remains the case, criminals will find the resources they need to make it happen.

Get Internet Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.