Inside a gloomy tower block on the northwestern outskirts of Moscow a team of young computer programmers is deep in concentration. In a former life it was a nuclear research facility at the heart of the Cold War. Now this dark skyscraper is home to a different kind of power struggle.
Each day a dozen team members at the anti-virus firm, Kaspersky Lab — mostly in their late teens or early 20s and nicknamed ”woodpeckers” — work in 12-hour shifts to crack, decode and eradicate some of the world’s most malicious computer viruses, or ”crimeware”. They examine and create antidotes to more than 200 pieces of code every day, but it is a task that is proving increasingly difficult.
Last weekend thousands of computers worldwide were crippled by the latest virus, Kama Sutra. The worm, which had spread through e-mails and inside computer networks over the past month, was estimated to have caused tens of thousands of dollars of damage as it attempted to erase files on infected computers. Last week the Russian stock exchange shut down for an hour after a virus attack.
The danger of crimeware and hackers is being recognised by authorities and law enforcement around the globe. Last week Britain unveiled plans to stiffen its computer crime laws, doubling the maximum jail sentence for hacking to 10 years and making it illegal to own ”hacking tools” such as password cracking software. And with good reason, say experts.
”Hackers don’t want to damage computers any more, they want to own them,” said Eugene Kaspersky, the founder of Kaspersky Lab. ”They’ve started to run direct attacks where just one business, or even just one computer, is infected.”
Kaspersky knows the mind of a cyber-criminal better than most. For 15 years he has worked on understanding viruses and their creators. His company is one of a host of anti-virus and Internet security companies fighting to keep their customers secure. It is a battle that is getting bigger. According to figures released by the FBI last week, about 90% of people have experienced computer security problems recently. Research published last year suggested that the global cybercrime industry is now worth more than the international illegal drugs trade.
Through viruses and worms, hackers can control thousands of computers — turning them into ”zombies”. After that, they can steal people’s identities, engage them in complex fraud or blackmail, send spam, attack websites, or run cyber-protection rackets. The Internet security firm Sophos estimates that an unprotected computer connected to the Internet has a 50% chance of being infected within 12 minutes.
It is all a far cry from the earliest days of hacking when viruses were created by bored teenagers. It is 20 years since the first widespread PC virus, Brain, which was created by brothers Amjad and Basit Farooq Alvi. Brain was a piece of trickery that began as a benign experiment but left corporate United States shaking. Although there had been viruses before, business simply didn’t understand the concept of security. As a result, Brain caused panic.
”What we saw 20 years ago was really technical enthusiasts, and people creating proof of concept viruses,” said Sal Viveros, a security specialist with the anti-virus company McAfee. ”For the first seven or eight years that was really who made these things.”
But the days of playing for fun are long gone. According to research, just 5% of malicious programs are now written by bored teenagers. The rest are produced by ever increasing numbers of professional criminals.
”A lot of people are stuck in the 1990s, with their image of a virus writer as a kid eating pizza in their bedroom,” said Graham Cluley, an expert with Sophos. ”In fact they are now much more serious, and nastier.”
Viveros agrees. ”Now that there’s money involved, the threats have become a lot greater. The widespread adoption of broadband internet means that hackers have targets they can always access.”
Russia is often blamed for such activities, and a huge influx of computer science graduates and a large criminal fraternity have certainly combined to create a thriving underground. But China and Brazil are also notorious hacker hotbeds, and there have been plenty of recent cases in Britain and US.
The hackers’ change in attitude has also had other side effects. ”There are no global epidemics like there were in the past,” said Kaspersky. ”Just local ones.”
Several years ago virus epidemics regularly hit the headlines. Now the smarter focus from criminals means they don’t get as much coverage, despite being more successful. Some experts say that this creates a sense of complacency.
”If the guys on the News at Ten aren’t talking about viruses, then the guy on the street doesn’t think about it,” said Cluley. ”But we’re seeing fewer massive outbreaks, because actually clever criminals don’t want access to 200 000 bank accounts at once, because they can’t cope with that many. Instead they get access to 200, and just keep going back for more. The problems are less likely to get headlines, but that makes them more dangerous.”
Back in his Moscow laboratory, Kaspersky directs his woodpeckers as they cope with a new influx of crimeware. Outside is winter, but inside the chill is warded off by the banks of screens. He knows that his job will never be over. ”Sometimes when you feel ill you can go to the chemist, and sometimes you need to go to hospital,” he shrugged. ”But people will never stop getting sick.” — Â