News

Column: Your forecast is cloud, with massive outbreaks of crime

Nick Booth

The crime scene is the fastest growing sector of IT and it's never been easier to start a spamming service. Better still, nobody does anything about it, writes Nick Booth.

I was delighted to learn recently that I appeared on Trend Micro's excellent Email Reputation Service. My IP address is firmly on the map. OK, it turns out this is a roll call of shame, but at least my name is out there now. All publicity is good publicity, etc (there's nothing worse than not being talked about).

Out of curiosity, this column asked Trend Micro for more details. It turns out my IP address has been identified as a leading supplier of spam. In fact, Trend has written to my ISP - Strato Hosting - to ask them to act on this, but they've done nothing for almost two weeks.

"It's not all that unusual," Rik Ferguson, Trend Micro's director of security research, tells me. "We tell all service providers when they are hosting spammers and a lot of them don't act on it very quickly," he says.

One can only conclude that spamming must be good business. I can't remember setting up the service, but I do get a lot of offers from PRs so maybe one of them set it up for me. I'll let you know if we make any money. Meanwhile, crime is booming in IT. But how do you get started?

To begin with, you may wish to go in for a short con, with something mildly dishonest. You know they type of thing - services that are advertised with a bold statement about an unbeatable offer - followed by a long list of terms and conditions. So they'll start like this:

"Win an iPad 3! Win a bargain home! Get Unlimited Broadband for only £1 a month!"

The other 99% of the advert is a blur of terms and conditions that either appears as small print or is read out like a racing commentary played at the wrong speed. 

"IPad 3 offer may not exist. Subscribers may receive a lifetime's supply of junk mail. We reserve the right to bombard you with unsolicited phone calls from a man on third world wages speaking in his second or third language."

It doesn't seem to put people off. Nobody ever reads their software licensing agreement. Nor do they read the terms and conditions of their cloud services any more diligently. Well they should do. Especially the millions of people who use file transfer systems like Huddle, Dropbox and GoogleDrive. Look at these T&Cs...

"In the course of using the Service, we may collect personal information that can be used to contact or identify you ...to provide and improve our Service...to better understand your needs and interests...and....to provide or offer software updates and product announcements," goes a typical section.

If collating your personal information and using it to their own ends isn't bad enough, what about this bit?

"We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Service. We may share your information with a third party application. We are not responsible for what those parties do with your information."

So they can basically take all the information you've sent to yourself because it travelled across their servers. Your bank details, personnel records, company secrets, you name it.

So, without realising it, you could be breaking the Data Protection Act and its European and American equivalents. These new cloud based file sync services are clearly a massive threat to big corporations. And where there's threats, as they say in the crime scene, there's opportunity.

Simon Bain, CTO at content search and document management specialist Simplexo, is one of those spoilsports who wants to protect big corporations from the dangers of consumerisation. 

"I've never known a time when users got to choose their supplier," he says of the BYOD and BYOS (Service) phenomena. We're about to witness a horrible phenomenon, the BYOS of summer. People who work from home during the Olympics, using Dropbox, Huddle and Google Drive, could inadvertently become the agents of malware, he warns.

"It can easily be done because nobody ever reads the terms and conditions of these services," Bain warns. 

There are, however new breeds of technology, such as Varonis', that'll be sufficiently locked down to keep the users within the safe boundaries and the criminals out, he warns. So the window of opportunity might not be open long for criminals. "We are trying to make people aware of the dangers," he boasts. 

So, for the moment, spamming seems to be your best chance of a long term criminal enterprise. Nobody seems to bother closing that down. Not if Strato Hosting is anything to go by. I'm still being blocked by Trend Micro because the IP address of my mail server remains on the Reputation List.

And Strato Hosting continues to do nothing.


Join the conversation Comment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.