Cybercrime is on the rise, and it remains to be seen if Australia’s current policy and legal framework for dealing with cybercrime, is up to the task.
RegNet’s Dr Mamoun Alazab believes there are several areas governments can improve to protect citizens from malicious malware, such as DNSChanger, which had the potential to black out tens of thousands of computers worldwide.
The continued growth of the Internet has resulted in the increasing sophistication of tools and methods used to conduct computer attacks and intrusions. The sign of cybercrime is not showing any decelerating and represents the fastest growing crime globally. Recent reports reveal that cybercriminals attack Domain Name System (DNS) servers. DNS servers deliver an essential task to Internet users by converting user friendly domain names (websites) into the numerical Internet protocol (IP) addresses so computers can communicate via the Internet, to sites such as “anu.edu.au”, to a DNS numerical one such as “188.8.131.52”. This means that typing 'http://www.anu.edu.au/' into a web browser has the same effect as typing 'http://184.108.40.206/'.
Without the correct DNS settings accessing the Internet is difficult. In order to mitigate the threat of DNSChanger malware, it must first be removed from the infected computers and then incorrect DNS settings corrected to their proper values. The goal of DNSChanger malware is to reconfigure the DNS settings on the infected computer in order to achieve illegitimate activities like controlling sites and spreading fake antivirus products.
Last November, after announcing criminal indictments, the FBI obtained a court order and worked with non-profit organisations to set up temporary clean DNS servers to handle requests from infected machines, so that browsers would be redirected to the proper sites until users had a chance to delete the malware from their machines. The court ordered that the clean DNS servers will be turned off on July 9, 2012. During that time FBI, Google, Macafee, Facebook and Internet Service Providers (ISP) warned the public that computers still infected by DNSChanger may lose Internet connectivity at that time.
Contemporary mitigation activities revolve around national and international notification efforts including: raising public awareness of the potential problem, alerting the public about the possibility to disconnect the Internet services after the 9th of July when the US government shuts down the servers, setting up free access to websites to verify if the computer is infected, and providing instructions on how to change and check DNS settings.
There are several areas that the Australian Government could provide increased levels of protection against criminal activities:
1- Developing a systematic way of reporting computer breaches and their effects to measure the impact of cybercrime.
2- Assessing the relationships between public and private sector to provide protection.
3- Identifying workable ways to defeat criminal activities, and to identifying metrics to evaluate the success of legislation or law enforcement.
In response to such threats there is an urgent need to develop international regulation capability. It still remains to be seen, however, if the current policy and legal framework dealing with cybercrime in Australia is comprehensive enough to meet the cybercrime challenges.
Mamoun Alazab is a Research Fellow working with Professor Roderic Broadhurst on the project ‘The evolution of cybercrime: the monitoring of serious crime in cyberspace’ at RegNet, in the ARC Centre of Excellence in Policing and Security (CEPS)