London, UK - 24 March 2004, 13:00 GMT - How is an individual or an organisation supposed to cope with the growing problem of identity theft on the web and malware proliferation that seeks to extract vital personal details from the machines of unsuspecting users? As a result of the recent malware and phishing scam outbreaks, new and dangerous developments have taken place. Self-infecting malware variants are being released and proliferate ever faster. There is a lag before they are added to virus definition records, during which time they cannot be recognised by anti-virus systems or other counter-measures. The majority of anti-virus solutions currently on offer are therefore no longer viable in countering malware epidemics.

Causes of malware proliferation

Malware families like the new Bagle variants are now proliferating automatically through HTML email, and where the malware is propagating through attachments, people are going so far as to type in passwords contained in the email to open them. In any complex technology-dependent system - whether it is air-traffic, car-traffic or network-traffic - extraordinary accidents happen because human beings either operate the system incorrectly or extend the system's usability beyond the boundaries originally intended.

The human factor is proving to be the weakest link in the development of recent global malware epidemics, whether it is the naive user who opens attachments or malware writers who compete with each other to produce ever more virulent and fast-spreading forms of code in protracted turf wars. In less than a few weeks, MyDoom, Netsky and Bagle malware have had thirty new variants between them. Additionally, Netsky seeks to remove traces of Bagle and MyDoom variants in a bid to gain a greater share of infected machines.

Malware is becoming increasingly multi-functional and socially aware as it gains the ability to perpetrate Distributed Denial of Service (DDoS) attacks, create zombies and send spam without being detected easily. Both RIAA and the SCO Group have fallen victim to MyDoom DDoS attacks. Malware epidemics are also being fuelled by organised crime.

Trans-national malware proliferation and protracted hacker attacks show that the sovereignty of the individual in cyberspace supersedes the sovereignty of the nation state. A force for common good - the internet - welcomed by all a decade ago, has now begun to show a consistent dark side. It is just beginning to dawn on government policy makers and chief executives of organisations that the global nature of the internet and the rise of the resultant networking power, creates entirely new and unfamiliar problems of governance and relations between nation states, businesses and computer-empowered individuals, who may have their own agendas.

Five Solutions to the rising identity theft and malware problem

With correct set up, administration and defence procedures, it is possible to protect a Linux, Windows or BSD server from hacker and malware attack. However, this requires a very high level of training and expertise as well as a substantial technology investment. In most cases, it is not the Operating System (OS) alone that lets the system down: inappropriate configuration management, incapacity to prepare for the impact of third party application exploits as well as the maintenance of default configurations with unnecessary processes running are all partially responsible for the high level of attacks against a particular OS.

The mi2g Intelligence Unit puts forward five graduated solutions to address malware proliferation and identity theft, which defeat computer hierarchies and adversely impact the digital eco-system:

1. Migration to upstream data cleansing and vaulting

In the downstream cleansing approach, prevalent at present, the client computers have full responsibility for prevention of contamination, clean-up and recovery. End-users can allow any function from their computers to be performed, including inadvertent DDoS attacks.

When computers are damaged or rendered useless, users bemoan the loss of their data, not the loss of their machines. It will become increasingly necessary to offer upstream safekeeping of data with the attendant intrusion detection, anti-virus, firewall and other counter-measures, which individual users may not necessarily have the time or expertise to address.

Migrating complex security functionality upstream away from the desktop allows the comparative advantage of more sophisticated resources and computing capability at a much lower cost and with improved security, safety and reliability.

The Internet Service Provider (ISP) of the future will offer all safety, security and data assurance services as part of the internet access charge to individuals, small to medium size businesses as well as larger organisations.

Upstream cleansing prescriptively maintains a managed security infrastructure at the ISP level or higher. The anticipated resistance at the home or individual user level will have to be overcome somehow in the light of the little effect that education on safety and security has had in preventing malware proliferation.

As computing power migrates upstream it should both reduce the number of points of fallibility and solve the twin problems of loss and theft of personal data, the most valuable digital asset in the 21st century. This approach may not be popular to begin with, especially amongst those who are attached to the independence they have within the current computing paradigm. As identity theft gains momentum the objecting voices may be left with no alternative but to make some concessions.

2. Utility model

The utility model is a computing model which was prevalent in the 1960s, in which there would be no local capability at the individual level beyond browsing and other simple tasks, with all other functionality transferred to central computing facilities or mainframes. This model was deployed because of the prohibitive expense associated with computing power and storage at the user level.

The utility model could be introduced as the extreme version of the upstream data cleansing model, ie, users consume computing power and data storage from a large pool of processors running generic software, which remain under highly sophisticated security management at all times.

As it is now clear, individuals are not capable of distinguishing friendly attachments from malware-laden attachments. Upstream processing which includes mail and data cleansing takes responsibility away from naive individuals and home users whilst restricting functionality. However, the home computer is an entertainment and life-style machine, which synchronises with mobile phones, PDAs and digital entertainment portals. These require computer peripherals and software applications. Every home computer will need some dedicated processing power and therefore a restricted services "not-so-thin" client will need to be deployed.

3. Total Information Awareness Systems (TIAS)

The other approach would be that of Total Information Awareness Systems (TIAS) with a specific function to contain malware proliferation, identity theft and swift growth in the digital crime wave. Within a large organisation with thousands of employees and other stakeholders, it is necessary to go beyond defining external boundaries and implementing counter-measures just between the external and internal interfaces. A security architecture needs to be deployed where every node on a network is recognised as a potential threat and TIAS can be employed to look for anomalous behaviour at the human, computer and communications level.

TIAS make use of the safety model of a warship, where certain critical individual compartments are left in closed mode whereas others remain in a "ready to be closed" mode. For example, when going into a port, there is a heightened state of readiness. If flooded, affected compartments are immediately closed off to prevent the problem from spreading. TIAS based networks can be blocked off from the rest of the world following an outbreak as soon as a malware epidemic or other anomalous behaviour is detected at an operational level within a department, corporation, metropolitan area or nation state. TIAS also help to train organisations as mistakes are made, recording the ill-judged actions that precipitated the problem.

TIAS are a plausible solution for any form of network but they are ineffective at preventing large scale digital risk events from occurring across the globe, they simply contain the outbreak for the organisation that has invested in them.

4. Bio-diversity

Desktops are dominated by the Microsoft OS and application software. At the server level, Windows, Linux and BSD all play a significant part. In the near term, it is possible to mitigate the infection rate across an organisation during a malware epidemic by reducing dependency on computers belonging to the targeted operating system.

However, it is important to note that malware authors at present have no incentive for developing malicious code that targets the less popular non-Windows platforms. Migrating to a non-Windows system for the sake of preventing malware infections only takes advantage of security by obscurity in the near term and this approach is not viable in the long term. If there is a known vulnerability and a commercial incentive exists, any operating system including Linux, BSD or a third party application can have malware or hacker activated code custom designed to target it.

5. Law enforcement, legislation and government intervention

There is a lack of coherent strategy at the nation state level to contain digital risk. The internet is unique in comparison to other media in that there are no borders and the sovereignty of an individual extends worldwide. An individual in his home country can carry out a digital crime in a foreign land without the authorities in the home land being able to prosecute or vice-versa in many instances.

There is scope for international agreements being made to control malware proliferation and identity theft. Millions of computers are being turned into zombies by malware worldwide. What would happen if a globally spawned cyber-catastrophe leads to a major economy being crippled for a few days? Adequate international law enforcement is an essential deterrent to prevent such attacks.

Law enforcement agencies from all countries should be better equipped, both from a logistical standpoint as well as a regulatory standpoint to deal with the perpetrators and facilitators of digital crime.

Given the potential for carrying out large scale digital crimes unbeknownst to their owners, computers ought to be subject to periodic checks, although this resembles a transport license model which could be hard to enforce or gain support for. Would it be reasonable to require a license to be held in order to operate the computer of tomorrow, even when it is likely that the difference between a computer, a mobile phone and other devices is becoming increasingly diffuse?

"The current situation of excessive malware proliferation, phishing fraud and spam campaigns has to force user improvements in the digital eco-system. We are being inspired to innovate: before the end of this decade we aim to offer the convenience and guaranteed security of one stop utility computing which will include automatic data cleansing and data vaulting," said DK Matai, Executive Chairman, mi2g. "This next generation of utility computing - which we call D2-Banking - will be second nature to its users as they enjoy the ability to store and access data and finances from anywhere at anytime without fear of being hacked or plagued by malicious software."

[ENDS]

Related Articles:

17th November 2004 - Full compendium of mi2g speeches released on web
12th November 2004 - Exclusive interview of DK Matai with Linux/Security Pipeline
12th November 2004 - Deep study: The ongoing Linux Attacks fallout
6th November 2004 - Experts challenge mi2g security study: mi2g response
5th November 2004 - The relativistic approach to safety - uptime versus market share
2nd November 2004 - Deep study: The world's safest computing environment
2nd March 2004 - Disturbing the sanctity of the Linux Church
19th February 2004 - The World's safest Operating System

---

Coverage:

Information Security News: mi2g defends its Linux claims - Insecure.org
mi2g defends its Linux claims - Virus.org
mi2g defends its Linux claims - The Inquirer
Interviews: DK Matai with Linux/Security Pipeline - Linuxtimes.net
Exclusive interview of DK Matai with Linux/Security Pipeline - LinuxSecurity.com
Exclusive interview of DK Matai with Linux/Security Pipeline - eBCVG IT Security
Apple's Mac OS X is much more secure than Linux or Windows - MacDailyNews
Furore over OS security survey - ITWeb
Sloppy Sysadmins Leave Linux Security Lacking - InternetWeek.com
Sloppy Sysadmins Leave Linux Security Lacking - CRN
Sloppy Admins Leave Linux Vulnerable To Security Breaches - Information Week
Linux is 'most breached' OS on the Net, security research firm says - ARNnet
Linux is 'most breached' OS on the Net, security research firm says - LinuxWorld
Linux is 'most breached' OS on the Net, security research firm says - ComputerWorld
Security company defends Linux-is-vulnerable survey - HNS
The world’s safest computing environment - TechCentral
mi2g response: Experts challenge mi2g security study - eBCVG IT Security
PC Pro: Security Company Defends Linux-is-Vulnerable Survey - linux today
Study: Linux Is Least Secure OS - WindowsITPro
Linux Most Breached OS, Says New Report - CXO Today
Survey: Mac OS X most secure, Linux least - ITWeb
Mac OS X, BSD Unix top security survey - Neowin.net
Mac OS X, BSD Unix top security survey - Computer World
Study: OS X World's Safest OS From Security Attacks - MacNewsWorld
Study Recommends Mac OS X as Safest OS - Slashdot
Mac OS X, BSD Unix top security survey - MacCentral
Security: Mac OS X Good, Linux Bad - eBCVG IT Security
Study: Apple's Mac OS X 'world's safest and most secure' operating system - MacDailyNews
Study: OS X World's Safest OS From Security Attacks - the Mac Observer
The world's safest computing environment - eBCVG IT Security
Mac OS X - 'world's safest' - Macworld Daily News
The world's safest computing environment - TechCentral

---

mi2g is at the leading edge of building secure on-line banking, broking and trading architectures. The principal applications of our technology are:

1. D2-Banking;
2. Digital Risk Management; and
3. Bespoke Security Architecture.

mi2g pioneers enterprise-wide security practices and technology to save time and cut cost. We enhance comparative advantage within financial services and government agencies. Our real time intelligence is deployed worldwide for contingency capability, executive decision making and strategic threat assessment.

mi2g Research Methodology: The Frequently Asked Questions (FAQ) List is available from here in pdf. Please note terms and conditions of use listed on www.mi2g.net

Full details of the latest monthly 2004 report are available and can be ordered from here. (To view contents sample please click here).