Creators of computer viruses are winning the battle with law enforcers and getting away with crimes that cost the global economy some $13 billion this year, a Microsoft official said Wednesday.

Counterfeit centers are shifting from California and Western Europe to countries including Paraguay, Colombia and Ukraine said David Finn, Microsoft's director of digital integrity for Europe, the Middle East and Africa.

In Asia, pirate plants have emerged in Vietnam, Macao, and Myanmar (Burma) in addition to more established facilities in Indonesia, Malaysia and Thailand.

"So far they are getting away with it. They are winning by a considerable margin. Very few have been identified or prosecuted or punished," Finn said.

He cited estimates by Business Week that financial damage this year from bugs like the Blaster worm and the SoBig.F e-mail virus, which crashed systems and disrupted Internet traffic around the world, would total some $13 billion.

The cost of protecting networks against such cyberattacks was put at $3.8 billion.

Finn also said neither civil lawsuits nor criminal prosecutions were doing an adequate job of stamping out software piracy and seizing the multimillion dollar profits it generates.

Finn said the number of counterfeit Microsoft products intercepted had more than doubled to four million units this year from 1.75 million two years ago. But the value of pirate software seized--$1.3 billion over three years--was "a small fraction of what's really out there."

He estimated the profit margin on counterfeit software at 900 percent--nine times higher than for distributing cocaine.

Sobering picture
Finn was addressing a cybercrime conference in Germany at which experts presented a sobering picture of progress against hackers, fraudsters, drug runners, child pornographers and other assorted criminals exploiting the World Wide Web.

Britain's top high-tech crime officer told Reuters in an interview that drug dealers and arms traffickers were recruiting experts from the computer industry using cash inducements or threats.

"Organized crime is identifying those kinds of skills and buying them in," said Len Hynds, head of the National High-Tech Crime Unit.

"I know of sophisticated drug-trafficking organizations, arms-trafficking organizations that are now making use of hacking skills and hacking into the servers of unsuspecting businesses so that they can then launch attacks and hide their activity and their illicit material."

He said "we shouldn't be surprised" if terror organizations were looking to recruit computer expertise.

Hynds said gangs were recruiting people with IT skills not only to help them commit cybercrime but to secure their own communications networks and avoid detection.

"Organized crime, whatever its commodity, is driven by a desire for profit, and often its Achilles' heel is its communications processes. We're aware that organized crime is now using sophisticated methods to make its communications more secure, and it will recruit people to assist in the process."

He said companies needed to recruit more carefully.

"They need to look at how they recruit staff, how they vet staff, how they recruit consultants who may only be with them for a very short period of time. Although remote attack is becoming more prevalent, it's still a fact that most threats come from inside a company," he said.

Hynds said British police were also seeing a sharp rise in 'spoof' Web sites of financial institutions, intended to dupe customers into revealing their account details and passwords.

He said the number of cases had risen to 40 so far this year from just seven in 2002 and the fake sites had become "far more sophisticated."

Source: ZDNet

Good artists copy, great artists