Today’s news that a New Zealand national has been ordered to pay $15.5 million US dollars in fines due to his participation in an international spam network, highlights the seriousness with which authorities are starting to take malware production.
But it also reveals the problems with enforcement that currently pervade the system, as the man in question will not have to pay the fine unless he sets foot on American soil.
Last month we highlighted how malware production was dispersing.
The traditional centers of production (such as Brazil, the US and Korea) were starting to produce less malware, whereas other countries like India and Vietnam were beginning to produce more.
Now, Vietnam has become the number one source of spam – being responsible for more than 10 per cent of the worlds spam emails – and the UK has entered the virus production charts, being responsible for 2.79 per cent of the world’s viruses.
Brazil, the US and Korea still dominate when it comes to virus production.
As we have said before, it is incredibly important that there is effective international policing and enforcement when it comes to cybercrime.
Yes, it’s good news that governments are willing to levy such massive fines against perpetrators, but what is the use of such a fine if it the offender can simply choose not to pay it?
Although we have developed strong measures to track and trace production, and we can do a considerable amount to protect the end user, there needs to be a substantial international effort from the authorities to educate the end user and co-operate over the policing and enforcement of malware production.
EU Gets Tough On Spammers
A recent study funded by the EU has highlighted major differences in the spam enforcement policies of 22 member states.
According to the report, which is published on Thursday, there is a wide variation across the EU of the numbers of prosecutions and the level of fines issued.
The report reveals the urgent need for an international, collaborative approach in the fight against malware.
Whilst some of our European neighbours have stringent anti-spam legislation, the UK’s policies have been diminished due to pressure from business interests such as the direct marketing industry.
In fact, the UK doesn’t even feature in the EU spam prosecution figures, because there haven’t been any cases taken to court (although those responsible have been prosecuted under other laws such as fraud).
This does not mean that laws are not in place. Spammers can be fined up to �5,000 under the Data Protection Act, but to date, not a single fine has been levied.
The report concludes that there are many methods of combating spam and malware in the UK and that these methods are well publicised. However the fight against spam is currently tackled on an individual basis.
The large array of programs available to internet users and the differing degree to which those users are aware of spam, malware and phishing scams have the potential to leave computers vulnerable to attack.
In short, there needs to be not only an international level of co-operation, but a clear, unified and enforced domestic policy in place in order to stand a chance of winning the fight against malware.
Without this, our defences are only as strong as the weakest link in the chain.