It is a crime in progress, a cyber-fraud network that moves with blistering efficiency between servers in England, criminals in Russia and victims around the globe. It is borderless, profitable and almost impossible to stop. It is the digital future of criminality.
From the basement office of the Citizen Lab at the University of Toronto's Munk School of Global Affairs, Nart Villeneuve allows one of his computers to become infected with the so-called Koobface malware -- a piece of malicious code conceived by a group of hackers in St. Petersburg that essentially takes control of a computer and tricks users into inadvertently clicking on advertising links across the Web, generating revenue for the authors.
For more than a year, Mr. Villeneuve has been tracking the malware – the name given to code that is designed to illicitly control or otherwise compromise an unsuspecting user's computer. Until today, Mr. Villeneuve's work has largely been secret. Now, it is out in the open, in a report released Friday evening for the Information Warfare Monitor, a joint venture between the University of Toronto and the SecDev Group, an Ottawa-based security consultancy.
Between July of 2009 and July of 2010, Koobface netted its four known authors at least $2-million in profit. Koobface isn’t spread through overly intrusive means, but rather, through messages and links sent via the world’s most popular social network, Facebook.
Though Facebook Inc. is aware of the scam, and the FBI, the RCMP and other law enforcement agencies are investigating its authors, the malicious fraud network has proven exceptionally difficult to shut down. That's in large part because the network is so widespread, and each individual act of fraud so miniscule. In effect, Koobface causes the owners of infected computers to click on ads that then pay Koobface's authors a few pennies per click. Advertising networks are defrauded of a few cents at a time, and the individual users often have no idea their computers are being hijacked.
“In general, each law enforcement agency wants a domestic victim they can bring into court,” says Mr. Villeneuve, who has spent much of his academic career tracking such criminal networks. “But given the nature of the operation, that’s very difficult to do.”
But perhaps the scariest aspect of these networks of compromised computers isn’t their capacity to defraud users and Web sites. It is the fact that they are also the means by which much larger cyber-battles can be carried out -- even between governments that are locked in a digital arms race.
At the birth of the Internet some 40 years ago, when the first bits of digital information flowed between two university computers in California, few could have envisioned what the communications network would one day become: the centre of the world’s business, social and educational interaction and one of the most important inventions in human history.
But the Internet has also become a battlefield. From state-sponsored cyber-attacks in Russia and Eastern Europe to censorship in the Middle East and China, governments are increasingly building and militarizing borders in what was once considered a borderless medium. The very same techniques used in criminal networks such as Koobface are being utilized by authorities looking to wage digital war against their own citizens, or each other. When Estonia came under cyber-attack three years ago, some Estonian authorities alleged Russian government officials were behind the offensive, aided by individual hackers and criminal groups using networks of computers similar to those infected by Koobface.
But there is no global cybercop for the digital world. In fact, there exist few concrete mechanisms for stopping and prosecuting cybercrime networks, or mediating the virtual arms race.
It would seem a golden opportunity for Canada to take a leadership role, given the country’s reputation as a neutral party, an honest broker in the world’s most bitter political disputes. Some of the most talented cybercrime sleuths in the world operate out of Canada, and the country already wields significant influence within the groups charged with the Web's technical upkeep and maintenance.
