Russia has acquired a reputation for being the source of a lot of sophisticated cybercrime. The most notable example of large-scale computer crime this century, purportedly of Russian origin, was the DOS (Denial Of Service) attack on Estonia, which practically brought down the infrastructure of that country. These days, being Russian, with the proximity of all that Russian cybercrime, can be quite an advantage, if you are selling yourself as an Internet security specialist.
The DOS attack on Estonia is mentioned also in this article. It is, however, fairly old news. The incident occurred back in April 2006. It was a co-ordinated DOS attack using Microsoft Zombies. A more detailed and much scarier account of it can be found on the ABC website. Last year, on the 24th of June, the radio program, Background Briefing produced an excellent report on Internet security titled Your Money Dot Com. It was repeated in the ABC summer series. If you want to hear the full program you can still download the podcast. Even though the program is almost a year old, it is still a good summary of many of the issues tied up with Internet Security and guaranteed to scare the pants off the average user ... or it should.
One of my favourite quotes from the Background Briefing story was this from David Vaile (University of NSW):
There's a growing suspicion that in fact the security model for the Internet and for a lot of modern software may actually be broken in a fundamental way. Because in the beginning most of the people who used the Internet, who used the software, were reasonably technically literate. These days, you can't make any assumptions at all about the level of computer literacy, or their appreciation of all the sort of complicated risks and dangers and precautions that might actually work. So consequently when you get someone saying, 'Oh, the security certificate for this page that your batch is out of date. Click here, Yes or No', no-one's got a sensible answer to that. Yet the assumption that you can make it all work by asking those sort of questions still seems to be the basis on which the protection's sitting.
How could this happen? If the aviation industry had promoted airplanes that were user-friendly and so easy to fly that any idiot could fly them, without even the slightest inkling of the basics of aviation safety and rules, would this have been allowed? If the motor vehicle manufacturers promoted vehicles that were so easy to drive that anyone could use them even if they did not have a basic knowledge of road rules or vehicle safety and maintenance, would this catch on? More likely any manufacturer who tried such an approach would be put out of business by civil proceedings, class actions and regulations. So how have computer manufacturers managed to do this with a product that is at least as complex and technically difficult to master as a vehicle? i.e. Software that is so smart, that any dummy can use it. And users that boast of being computer illiterate Probably because unlike vehicles, no-one gets killed if a cybercriminal hijacks your workstation, or you crash on the virtual highway because you don't know the first thing about computer safety or the road rules.
But it seems as if gradually, ever so gradually, the problem of Internet Security is starting to paint on the radar screen. There is one valuable piece of information missing from many of the mainstream articles on this issue. And that is the fact that one can download effective anti-malware software. It's called the Ubuntu Download, and it's absolutely free. This won't be a total solution to all your Internet Security concerns but it will be a big step in the right direction.