I suppose I can boil down my complaints about U.S. law enforcement's attempts to do something effective about rampant and metastasizing cybercrime to two things. The first is that our guys don't have good relations with Russia and other countries that are knowingly harboring the worst criminals. And the second is that they don't have bad relations with those countries–not bad enough to blow the whistle.
Instead, U.S. authorities are the co-dependents in a perennially depressing romance, always thinking that real change in their partner is right around the corner. Think about Lucy holding the football for Charlie Brown.
After spending a couple of vacation days this week at a cybercrime conference aimed mostly at bankers–'cause hey, that's how I roll–I'm still convinced that we are in much bigger trouble than people realize. The Zeus family of financial computer trojans, which are probably on millions of PCs and often escape the notice of antivirus software, is truly impressive. Even if your bank cares enough about you to hand over a gadget with ever-changing one-time passwords, Zeus can intercept them and do other neat tricks, like redirecting you to a "down for maintenance" page while it cleans out your account. It can then do math on the fly so that when you check your balance, it appears to be right where it should be. I'm pretty sure it can walk on its hands while juggling with its feet, but you should check with one of the people who have lost or nearly lost their businesses, like Karen McCarthy. (more…)