The best way to stop the tide of global cybercrime may be to sue the pants off of the hosting companies and Internet Service Providers Online that are backing the crooks.
That’s the central conclusion of a policy paper, out today from the Brookings Institution. (You can find a very condensed version in Sunday’s Washington Post.)
No one knows exactly how big the cybercrime underground is. But it is huge. According to the British government, online thieves, scammers, and industrial spies cost U.K. businesses an estimated $43.5 billion in the last year alone. Crooks-for-hire will infect a thousand computers for seven dollars – that’s how simple it’s become. 60,000 new malicious software variants are detected every day, thanks in part to a new breed of crimeware that makes stealing passwords about as hard as setting up a web page. Even the Pentagon’s specialists are worried, noting in their new cybersecurity strategy that “the tools and techniques developed by cyber criminals are increasing in sophistication at an incredible rate.”
Top U.S. officials keep bleating about a digital “Pearl Harbor.” But if we’re not careful, the internet could be in danger of looking like the South Bronx, circa 1989 – a place where crooks hold such sway that honest people find it hard to live or work there.
But there are ways to begin sidelining these crooks. First and foremost: Target the relatively small number of companies that support this massive criminal underground. There are more than 5,000 Internet service providers around the globe; according to the Organization for Economic Cooperation and Development, half the world’s spam traffic comes from just 50 ISPs. A recent study of mass e-mail campaigns showed that three payment companies processed 95 percent of the money those scams generated. When the Silicon Valley-based McColo hosting company was taken down, worldwide spam dropped 65 percent overnight.
These companies facilitate criminal enterprises, whether knowingly or not. And, unlike the criminals themselves — who hide behind disposable e-mail addresses and encrypted communications — it’s no mystery who these firms are. The independent research group HostExploit, for example, publishes a list of the worst of the worst hosting companies and networks.
To read the rest of the article, please click here.