E-crime police urged to get tough in 2009

Law enforcers need to get tough this year if they are to make headway in the fight against organised online crime, according to a new report from security intelligence firm iDefense.

The firm's 2009 Cyber Threats and Trends report predicts growth in malware distribution via iFrame attacks, more targeted 'spear phishing' incidents with the aim of tapping commercial accounts, and an increased use of fast-flux hosting technology designed to prevent the detection of malicious sites.

IDefense also warns of an increasing online fraud threat from the Middle East, and a growing risk to banking systems from Chinese hackers.

However, iDefense director of intelligence Rick Howard said that it is not all doom and gloom.

"The Dutch hi-tech crime unit worked with [anti-virus vendor] Kaspersky Lab to take down the Shadow Botnet," he said.

"They authorised Kaspersky to modify the code so that it showed up on all infected machines, and they were able to take over and disable the command and control centre. It's pretty aggressive work and we'll need to see more if we're going to [effectively combat] botnet attacks."

But Howard warned that some of the major victories by law enforcers in 2008 may actually have driven online criminals deeper underground.

Online forums in which 'carders' buy and sell compromised card details, and hacking tools and techniques have become much harder to detect since the FBI shut down the notorious Dark Market internet forum, he explained.

It is also likely that hackers will increasingly look for so-called 'bulletproof hosting' in jurisdictions such as Malaysia, Russia and the Ukraine, after the high-profile shut down of US-firms like McColo and Intercage.

"There is some value in this [tactic] though," added Howard. "It makes the criminals spend more resources - which are not unlimited - to change configurations, and it makes it harder for them to do their job."