Run Silent, Run Deep: How Cyber Criminals Protect Their Code - Case Study Example

Critical Review on Research Seminar: Run Silent, Run Deep: How Cyber Criminals Protect Their Code by David Emm 1. Introduction In this modern world of high-speed connectivity, one can have access to a massive quantity of information, services and connection to other individuals in a relatively anonymous environment worldwide with the aid of a computer and the internet. The internet contain loads of information and services such as the World Wide Web, electronic mail, file sharing, online chatting and gaming. Due to the availability of relevant information, there has been a wide proliferation of cyber crime. Cyber crime is any criminal act in which a computer is used as a tool, source or target in executing the crime. These include hacking, internet fraud, identity theft, credit card account thefts, bullying and telemarketing. At present, there has been a widespread activity of cyber crime and these criminals utilize various ways and tools to accomplish their acts. The law, government and society worldwide have been working hard to catch-up with these criminals and their activities. With the rapid progress of technology, it is therefore essential to have an idea how these cyber crimes are executed and how these criminals operate. Mr. David Emm and his team, a Senior Technology Consultant at Kaspersky Lab are analyzing the ways and methods and future activities of cyber criminals. Kasperky Lab, with its headquarters in Moscow, is one of the leading information technology companies providing information security solutions. The purpose of this paper is to critically review the seminar given by Mr. David Emm entitled, “Run Silent, Run Deep: How Cyber Criminals Protect Their Code.” The seminar described the various modern techniques used and the future methods that will cyber criminals will be utilizing or looking at. In the rest of the report, the key elements of the talk or seminar will be discussed; the speaker’s use of references will be noted; and a critical analysis of the conduct of the seminar. Lastly, a conclusion of the overall review of the seminar will presented. 2. Key Elements of the Talk The speaker started out by giving the agenda of the seminar in which he outlined the key points of the seminar. The first key element of the seminar is reporting the widespread status of cyber crime. The recent data gathered by Mr. Emm and their company showed a huge number of cyber criminals in the last decade have risen to an alarming high of about 500,000 last year and out of these numbers, cyber crime was the highest malware activity in the last four years. He also presented the findings of their lab the latest viruses that are predominantly being used. Most of these viruses were the Trojan, Worm and Backdoor viruses. However, he ended the first part by showing that global epidemics on computer viral infection have greatly declined in the resent years and up to date. The next key element presented was the common and widespread methods that cyber criminals use at present. The speaker started by stating that cyber criminals’ main tactics nowadays make use mainly of low-key, localized outbreaks. This is tactics allow criminals to be less visible to anti-virus programs and being low-key means being less visible to the law enforcement agencies. Having localized outbreaks rather than a large-scale or widespread outbreak also connote that the infected PC population is more manageable or easier to process stolen data. He continued to describe the attack methods used such as spam mailing instead of self-replication, Trojan viruses which are used in different ways, exploits through “Drive-by Downloads’ method and the Phishing attacks which involve social engineering. About 90% of today’s threats are Trojan viruses which do harm to a computer by duplicating itself without the knowledge of the user. There are different Trojans and botnets existing today and these were also discussed as well as the various inflictions it causes. One of the most dangerous and effective viruses are backdoors which are botnets and functions by locating all victims and control their activities by using special IRC channels. One of the main activities of cyber criminals is identity theft. This can be stealing of confidential data, physical data and other online data which are done on different purposes. The theft of confidential data involves assuming the victim’s identity and making money illegally. Physical data theft on the other hand is rummaging through one’s garbage and lastly, online data theft is done by Phishing or Trojan viruses. Phishing is one of the prevalent methods used today wherein the criminal sends an electronic mail to a user pretending to be a trustworthy entity in order to get vital information that will be used for identity theft. The speaker further presented the extent of the crimes on identity theft that has been happening only in the UK. A lot of these fraudulent activities were all about stealing money or making money through banking online and online shopping. Online banking fraud alone have reached an estimated amount of £33.5 million in the year 2006. Mr. Emm described three (3) banking malware practices and each process was briefly explained. These three processes can be done using social engineering, technical engineering and the “Man in the middle” scheme. Another part of the presentation was a report on recognized cyber criminals last year. The report enumerated several of the high crimes committed describing the kind of crime and the process which these criminals used to commit the crimes. Most were fraudulent crimes in stealing money in various parts of the world. The final and an important key element of the seminar was how cyber criminals are executing their acts in the modern way of protecting their codes. Several of these methods are by use of stealth or moving in a secret or concealed manner, code obfuscation, packing of malicious codes, rootkits or programs that allow taking full control of a computer without the user’s knowledge and sabotage of anti-virus programs. In the last and the most important part of the seminar, Mr. Emm showed the methods in which the cyber criminals are probably to do such as continuation of current trends in cyber criminal activity and “Upping the Anti” or taking into consideration higher security measures than anti-viruses. Continuation of current trend may mean automatic generation of malwares, server-side polymorphism, more compression and encryption of malicious codes, continued use of exploits and the ever increasing number of cyber criminals and activities. Going from AV to Internet security, the cyber criminals may take into consideration signatures, statistical analysis and emulation, heuristic analysis, generic detection, anti hacker, behavioral analysis and Identifications. It is important to know that in the future, the world is prepared on how to deal with future criminal activities before it happens. As a summary, the key elements of the seminar are as follows: Cyber crime has been alarmingly increasing in great numbers over the past decade. The main style that cyber criminals use in performing the crime is by being less visible to antivirus or law enforcement agencies and having localized outbreak in order to easily manage stolen data which is done through spam mailing, Trojans, exploits and phishing attacks. These results in identity thefts, banking malware and a lot of online frauds. At present, cyber criminals make use of sophisticated methods to conceal their activities by use of stealth, code obfuscation, packing of malicious codes, rootkits and sabotage. With the fast-phased growth of technology, cyber criminals are looking into the future prospective on doing their act through continuation of current trends in computer technology and targeting internet security rather than antivirus programs. 3. Author’s References/ Other Work As can be seen in the presentation, the speaker did not present a lot of references as basis for his lecture. This can be due to the fact that the speaker is very knowledgeable in the subject matter and a lot of data presented came from their company which is very much in line with the topic. The speaker used mainly data and references generated or researched by their company, Kaspersky Lab and its the same seminar presented in the Virus Analyst Summit held at Moscow just last January 2008. Data on online transaction in the UK was obtained from the APACS, a UK trade association for payments which can clearly give a summary of online trade transaction activities. The lack of references by the speaker about on his discussion does not imply that it is not factual or unreliable. It may have been from stock knowledge and what the company of Mr. Emm has been doing for more than 10 years. The company is an industry-leading antivirus software company and they have to be at the top and ahead of cyber criminals’ activity. 4. Current Literature The main issues identified and pointed out by Mr. Emm during the presentation is the current and future activities of cyber criminals and the techniques that they are using at present and will likely be doing in the future. He has presented the extent of damage these criminal activities have brought and that they have been more and more sophisticated in their methods. News.com.au (2008) reported an 18 year old boy, who designed a stealth virus that was undetectable by anti-virus software and was used by other criminals to commit crimes which in turn affected millions of computers worldwide. This only shows the power of stealth as a means of committing cyber crime. On the other hand, Virus Bulletin (2008) have reported that the there have been a dramatic increase in the occurrence of phishing but the improved awareness to online bankers have caused the actual losses to decline with the improved method in spotting malicious messages. Cupta (2007) stated that code obfuscation does not make one’s program “fool-proof” against reverse engineering but makes the job more difficult to reverse engineer the program as the techniques becomes more complex. Government Computer News (GCN) (2008) have reported that rootkits are increasingly surfacing to be insinuating malicious code in targeted IT systems. Several entities, agencies and companies are doing research in combating future cyber crimes. One of this is the generation of automatic spyware or malware to fight crimes involved using auto-generating malware. Baseline (2008) reported security researchers at two (2) US academic universities have created a new system that automatically generates vulnerability signatures that blocks exploits which targets unpatched systems. To conclude, many cyber criminals are still out there perfecting and doing various systems to beat the programs and do identity theft and stealing but Information Technology experts are also on their feet catching up on their activities. 5. Critical Appraisal The way in which the paper was presented will be discussed in this section. Presentation skills are very important in conveying to the audience your discussion in order to get the objective of the topic. Seminars are important today as it can be valuable information for current trends and issues and it is the main reason for people attending such events. The seminar started out in the right context by the introduction of the topic and the speaker, his background, position and the agency to which he was connected. This information gives the speaker credibility and reliability to the data and facts that he will be presenting to the audience. The contact email was also presented as anyone in the audience having more questions about the topic after the seminar could easily contact the speaker. The topic has been presented at the Virus Analyst Summit last January 2008 in Moscow. And have the layout and logo of the company with which Mr. Emm is working. The title in which the speaker chose was a very catchy one and not a very technical. This gives the audience attention and curiosity to the subject matter. The layout of the presentation was simple and concise but can be understood easily and direct to the point. Good presentation materials need not be too wordy or in sentence structure as the audience tend to be bored and focused on the presentation materials and not to the speaker. This gives the speaker more time and freedom to discuss and expound on matters in his presentation. Data were presented by means of graphs and tables where it is easier to understand at a glance. They were also very up-to-date and have been very well researched by their company. This gives the audience of an latest events in the world of cyber crime. In terms of organization of the topics, the speaker had presented it in an organized manner although some topics overlap the other. But this was only so to give emphasis to certain topics which the speaker feels are important to explain and discuss. Certain topics under a category seem to be a bit confusing and wrongly categorized but overall were well presented. The topics were presented well and the speaker was able to give a lot of information by giving out many ways in which current cyber crimes are committed. It was not focused on only one or two methods but several that are very important for the audience to know and which are prevalent. Each method of cyber crime was well discussed and various examples were also mentioned. It was very welcoming of the speaker to add at the end of his discussion what the future has in store in the fight on cyber crimes and has the generosity of enumerating the many ways in which criminals can do their acts in the future. This allowed the audience to think what else can be done in the future and a smart move for anyone in the information technology world that needs to be one step forward with the cyber criminals. The speaker ended his presentation by thanking the audience in listening to his lecture and again, the name and contact details were shown at the end of the seminar to remind the audience of this important information. To conclude, the presentation was very organized, simple, direct to the point, concise, well prepared and most importantly attained its goal in delivering the topic to the audience. 6. Conclusion The topic presented was a very interesting one as it is of utmost importance in the cyber world. The aim of the seminar under consideration was to know the current trends in cyber crime and what methods the criminals are utilizing in performing such acts particularly concealing was met. Knowledge and awareness of this valuable information is very important in fighting against cyber crime which is very prevalent and alarming. The information given by the speaker was the latest as justified by facts and data from their company. This was presented in an organized, detailed, and concise manner by the speaker. The author finds the topic and presentation to be very interesting. In the context of the topic presented, it is very interesting to note what can be done in the future and can be a topic for research which can help the information technology world. To conclude the review, it is interesting to note that no matter how technical the cyber world may seem, it can be presented in a simple manner that can be understood easily by the audience and keep them interested in the subject matter. Not should the topic and data be discussed in a seminar but it is also important to note the current and future trends which could be a good basis for research. 7. References Government Computer News (2008) Rootkits emerge as a maturing IT threat. Available HTTP: http://www.gcn.com/online/vol1_no1/41537-1.html (Accessed 22 April 2008) Gupta, S (2005) Code Obfuscation Available HTTP: http://palisade.plynt.com/issues/2005Aug/code-obfuscation/ (Accessed 21 April 2008) Kasperskey Lab (1997) About Us Available HTTP: http://www.kaspersky.com/about (Accessed 21 April 2008) News.com.au (2008) NZ teen convicted over global cyber crime ring. Available HTTP:http://www.news.com.au/technology/story/0,25642,23466456-5014111,00.html (Accessed 22 April 2008) Virus Bulletin (2008) News: Phishing on rise, but anti-phishers fighting back Available HTTP: http://www.virusbtn.com/news/2008/04_16a.xml (Accessed 22 April 2008) WIkipedia (2008) Cybercrime Available HTTP: http://en.wikipedia.org/wiki/Cybercrime (Accessed 21 April 2008) Read More