- News & Events
October 21, 2013
Cybercrime may be the theme of the week for National Cyber Security Awareness Month, but here at ThreatMetrix cybercrime is our daily obsession.
The online world is much more than just another venue for traditional crimes like theft – it’s an entirely new universe. Criminals go where the money is, and increasingly, money is moving online in the form of online transactions.
Consider the differences between cybercrime and traditional crime. I’d have to do a lot of planning to rob a physical bank, and need a lot of help. Yet malware writers are able to steal money online with very little effort, on a global scale, from any location, typically without detection. They can disguise their true physical location and identity, and leave few traces. They can rent servers anonymously and they can buy infected computers at blocks of 10,000 for very little money. The risks of crime are much lower online, and the potential victims much more numerous.
You Can’t Arrest an IP Address
One challenge is that the links between the physical and virtual worlds are tenuous at best. Criminal can easily disguise their true geographic locations and hide behind a proxy. Even if you can pierce the proxy and find the real IP address, it’s difficult to link an IP address to a person and hold them accountable in a court of law.
Germany tried passing a law in 2010 that holds the owners of insecure Wi-Fi hotspots accountable for any illegal activity occurring on that hotspot. It was a valiant attempt to insert some ‘real-world’ accountability into online habits. But when it came to the courts, the defendant (the person with the insecure Wi-Fi) won on appeal.
The lack of easy legal recourse for cybercrimes has serious ramifications for businesses. Many U.S. etailers won’t even take orders from international customers because of the risks entailed in those transactions. Remember how the Internet was going to make borders irrelevant? The current threat environment is forcing some businesses to sacrifice large markets – including the sleeping giant that is the Chinese market.
The Tide has Been Turning
From a personal and business perspective, we know what we need to do. The DHS has a pretty good list of things we need to address online (Identity Theft, Fraud, Phishing, Social Media Fraud, Corporate Security Breaches and Spear Phishing at http://www.dhs.gov/our-shared-responsibility-protecting-against-cyber-crime).
Law enforcement also has learned a great deal about cybercrime, and made inroads against some of the worst perpetrators:
• The gangs behind the most notorious banking Trojans (Carberp, Gozi) are shut down. (There’s a video here: http://lifenews.ru/#!news/86143)
• More Zeus-related incidents are being stopped and held accountable. (http://www.pcworld.com/article/206638/article.html)
• Information sharing between the industry and law enforcement is improving.
But these are just small steps compared to the scope of the problem.
Our Best Strategy Moving Forward
Cybercriminals operate on a global scale. They use advanced technology to hide their traces. And they collaborate to detect anti-malware and share successful exploits and rootkits.
If we’re going to make progress against this agile, global enemy, we have to learn from them – by collaborating on a global scale and using advanced technologies to protect transactions and online identities.
This is exactly what we’re doing with the ThreatMetrix™ Global Trust Intelligence Network. We use advanced technologies to cross-correlate millions of transactions from around 2000 businesses worldwide. We analyze the transactions to find devices and online personas – and detect the traces that cybercriminals leave behind.
(For an interactive, graphical visualization of what’s happening across the network, visit the ThreatMetrix™ Web Fraud Map. )
We’ve been seeing tremendous results. The global data offers new insights into threat vectors and is helping businesses shut out the cybercriminals. As the network grows, so does our shared visibility into the global network of devices and transactions. It’s just a start, but it’s an indication of what’s possible when the online community at large works together to defend against cybercrime.
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Cyber Warfare, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, National Cyber Security Awareness Month, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, TrustDefender Cybercrime Protection Platform, Web Fraud