Race to block cyber-criminals

In the movie, The Matrix, the bad guys are constantly morphing and taking on the identity of their opponents in a never-ending battle for supremacy of their multiple worlds.

It is Hollywood at its best, combining gongfu-like swashbuckling with sci-fi entertainment.

Pure fantasy?

I always thought so, until my visit to the Microsoft Cybercrime Center in Redmond, Washington, in the United States, last week.

Mr Peter Anaman, senior programme manager of global online piracy, is telling me about the software giant's work in battling cyber crooks intent on swiping money from your bank account, stealing your credit card details, and more.

More is bad because they also want to take over your computer.

So while you are merrily surfing away, rogue software, also called malware, has suddenly swooped from cyberspace and infiltrated your laptop, assuming its identity.

But it's not any old virus because your machine has now been turned into a master controller sending instructions to 10,000 other computers in an all-out attack on a government website.

You're still typing away oblivious to all this because the clandestine operation uses only 2 per cent of your laptop's processing power and leaves everything else intact.

But, wait, here come the good guys hot on the illicit cyber trail and homing in to your infected laptop.

Alas, the malware makes a quick getaway, morphs into another identity of another laptop on the other side of the globe, a la The Matrix.

Meanwhile, you are still updating your Facebook account but, unlike in the movie, you don't die; you just silently await the next instruction.

Welcome to the cyberworld's dark side in which a zillion such battles take place every day.

Here in Redmond, a team of 100 of some of the best brains in the business, together with their colleagues in nine other overseas centres, including in Singapore, is trying to keep the criminals at bay.

It's a critical part of Microsoft's operation because good cyberspace security is good for business.

As in the real world, you wouldn't want to shop in a crime-infested neighbourhood.

But there's another reason why Microsoft is taking this so seriously, and it has to do with piracy of its software.

These days, cyber criminals operate a diversified business, combining the counterfeiting of software with other lucrative activities such as siphoning money from your Internet bank account.

It's an interconnected business.

When they sell pirated programs, say, of Windows, they also infect it with malware to do all that terrible stuff to your computer.

Organised cybercrime is as sophisticated as what exists in the real world.

A study commissioned by Microsoft and done by the National University of Singapore found that 61 per cent of all counterfeit software contained malware. 

In one case involving the malware named Citadel, product keys that came with a Microsoft software programme to enable users to activate it, were stolen and sold to 90 other crime groups in a deal that would make any Fortune 100 company proud.

The benefits for those participating in the scam included 24-hour customer support, including the sharing of best practices on how to escape detection.

I joke that they were replicating Microsoft's technical support but, seriously, it shows what it is up against.

It is also big business, with Citadel reportedly accounting for US$500 million (S$630 million) worth of illegal bank transfers in the 18 months it reigned in cyberspace.

The overall losses to businesses worldwide from all these cybercrimes are estimated at a staggering US$315 billion in 2014, with Asia taking the biggest hit.

For Microsoft, stopping its product keys or passwords from being stolen is a critical part of the battle.

The people I spoke to in Redmond were proud to claim that these keys, which consist of more than 20 numbers and letters unique to each software, have never been cracked, so the crooks have to resort to stealing them from legitimate products.

That can take place from hacking computers to get these keys, and even from rogue employees working for third party contractors in the supply chain.

How is the biggest software company in the world taking on this fight?

Can it keep one step ahead or will it always be behind the curve?

Its cybercrime centre, which opened last November, is its latest effort in this long-running battle.

The company is also mobilising its vast computing resources, with the latest being its Big Data capability.

This enables it to organise, analyse and make sense of the huge amount of data it collects from its software programs all over the world.

In the Redmond laboratory, on a big flat screen, I am shown a map of the world dotted with infected computers.

I spot Singapore, with the screen showing more than 11,000 infected computers over several months, with the highest concentration around Suntec City, and I quip that perhaps there's a convention of software hackers taking place there.

Compared with Bangkok, Kuala Lumpur, Phnom Penh and other Asian cities, however, the Singapore numbers pale.

Are cyber criminals as discerning as drug pushers when it comes to which country they strike?

Indeed, that was how investigators zeroed in on the malware named ZeroAccess.

Their Big Data analysis showed that most of the infections occurred in Western Europe, with Eastern Europe relatively untouched.

The difference was so stark, the line separating the infected countries from the untouched ones coincided exactly with the geographical boundary between Western and Eastern Europe.

The conclusion was a no-brainer: The perpetrators were in the east, particularly in Ukraine and Russia, because they did not want the local authorities there to go after them.

This demonstration of the company's computing prowess to put together that digital map makes its cybercrime team confident that they were making headway.

Its latest victory over ZeroAccess was apparently sealed when the trail ended in one infected server that had a digital "white flag" flying.

The bad guys had surrendered.

"We want them to know that we are going after them," says Mr Vishant Patel of its investigation team.

He sounds like President George Bush after the Sept 11, 2001 attacks and before the United States launched its war against terror in Afghanistan.

But one big obstacle in this fight, I put it to the team, was the mindset among many young netizens, especially those in Asia, who see nothing wrong in downloading movies and music from unauthorised websites such as BitTorrent and Pirate Bay, or buying cheap computers bundled with pirated software. For them, anything goes on the Internet.

Many don't know, or even if they did, don't care, that these downloads contain viruses that aid the other side in this war.

Educating them that their errant behaviour makes for a more unsafe cyberworld will be even harder than neutralising that malicious virus.

It is a war that Microsoft knows it will not be able to win alone.

For now though, its Redmond team is content with looking for more white flags.

Downloading viruses along with movies

But one big obstacle in this fight... is the mindset among many young netizens, especially those in Asia, who see nothing wrong in downloading movies and music from unauthorised websites such as BitTorrent and Pirate Bay, or buying cheap computers bundled with pirated software.For them, anything goes on the Internet. Many don't know, or even if they did, don't care, that these downloads contain viruses that aid the other side in this war.

Beware the danger lurking inside pirated software

A National University of Singapore investigation which checked 203 computers with pirated software bundled in them found that 61 per cent had dangerous malware.

These are rogue programs that when activated enable their perpetrators to steal data from the infected computer, make unauthorised banking transactions and participating in virus attacks on other computers.

The computers were bought in 11 countries. The top three with the highest rate of infections were Mexico, China and Thailand. Singapore was not part of the study.

These infected computers were bought from typical computer retailers by independent investigators in these countries pretending to be young students and professionals.

The NUS survey was part of a wider study done together with International Data Corporation (IDC) and commissioned by Microsoft to find out the extent of malware in pirated software, and was released earlier this month.

It estimated the cost to businesses worldwide to deal with these problems at US$500 billion (S$628 billion).

In a survey of consumers' attitudes to this issue, 60 per cent cited loss of data or personal information as among their top concerns arising out of such malicious software.

Yet 43 per cent do not routinely install security updates on their computers.

What can be done to minimise the risk?

The study warns that there is no stopping the spread of pirated software, and that the problem will likely become worse in future.

While anti-virus software has improved, malware has also become more sophisticated and harder to detect.

It will be a never ending cat and mouse game.

For consumers, the advice is to buy only from trusted sources and to always install the latest security patches.

And beware downloading that free movie because it also comes with free viruses that can wreak havoc - not just on your computer, but those of many others, including family members, colleagues and friends

This article was published on April 27 in The Straits Times.Get a copy of The Straits Times or go to straitstimes.com for more stories.