George Orwell, in his classic vision of the future "Nineteen Eighty-Four," foresaw a totalitarian state filled with devices termed telescreens that were the state's means of monitoring citizens. Today, with our dependence on modern technologies such as PCs and mobile devices, and the widespread availability of crimeware, we've exceeded anything Orwell could ever have imagined. Crimeware is a class of malware that is specifically designed to automate large-scale financial crime. We now carry our own version of Orwell's telescreens with U.S. -- termed mobile devices -- having cameras, microphones, GPS, and containing all our interactions. Instead of Orwell's vision of a totalitarian state monitoring citizens' lives, we now have a limitless number of individual criminals or hostile states from around the globe capable of using crimeware within our technologies to track our every movement, conversation and action.
With the widespread proliferation of crimeware, we virtually broadcast our very lives around the world for criminals, competitors, and enemies to do with what they will. There is no longer any notion of yesteryear's security, let alone the fatigued concepts of privacy or anonymity.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]
There are few viable options to combat crimeware's success in undermining today's technologies. One proposed approach fights fire with fire, using malware's own techniques in hand-to-hand combat for the ultimate control of processors. This anti-crimeware approach defeats crimeware by disabling its methods of harvesting data from within PCs, but makes no actual inroads into removing crimeware. Intel and McAfee recently proposed scrapping current processor technology and starting again to design new impenetrable processors [PDF link]. One can only imagine the time and cost necessary to replace and update our entire processor infrastructure. In either case, it is important to know how seriously crimeware has undermined our technologies and the radical thinking required to fight crimeware.
Crimeware: Foundation of today's telescreens
From its origins in 2003, crimeware (also termed financial malware, stealth malware, or banking Trojans) evolved through a series of advancements that outpaced any and all traditional security defenses, including the foundational Internet defense triad of SSL encryption, anti-virus, and two-factor authentication. The result of these advancements is an efficient attack tool -- Zeus and SpyEye being the leading examples -- capable of collecting large volumes of highly-sensitive authentication data. While no application is immune, criminals, as expected, are focusing their attacks on those applications that give them the most direct payoff -- online banking accounts.