BBC Home
Explore the BBC
BBC News
Launch consoleBBC NEWS CHANNEL
Last Updated: Thursday, 21 June 2007, 11:57 GMT 12:57 UK
How corporates host hi-tech crime
Spam in e-mail inbox, BBC
Many big companies are harbouring hijacked PCs that send out spam
The spammers behind the billions of junk mail messages bombarding our inboxes are often shadowy figures adept at hiding their tracks.

But though these people are tricky to trace some of their accomplices, who actually relay the e-mail, are easy to find.

Walk down the high street or scan the Fortune 500 list of the largest US corporations and most of the names you see will, unwittingly, be sending out spam for the bad guys.

This is because some of the workers in those large firms have opened a booby-trapped e-mail attachment or visited the wrong website.

The result? A cyber criminal somewhere in the world gains a toehold inside that vast corporation and soon starts using that hijacked PC to send out junk mail.

Net losses

Network security firm Support Intelligence has started naming and shaming those large organisations who have become shills for the spammers.

"You do not expect banks, airlines or energy companies to be spammers because you assume they are secure and have a lot of guys and are highly incentivised to lock their networks down," said Adam Waters, chief operating officer of Support Intelligence.

The good guys are behind the curve
Adam Waters, Support Intelligence
But as the Support Intelligence blog shows that many huge corporations are sheltering spammers on their networks.

And, said Mr Waters, Support Intelligence has evidence about enough compromised corporates to keep the blog running for a long, long time.

Support Intelligence finds out who is harbouring the spam relays by exhaustive analysis of net traffic to trace so-called networks of hijacked PCs or botnets.

"We started tracking across many different vectors," said Mr Waters, "and where all the roads cross was with botnets, that was the root cause of all this."

Danger point

The reason for naming companies on the blog is to shame them into taking action and to prompt people to take the threat from botnets much more seriously.

Laptop, BBC
Many work laptops return carrying viruses and spyware
"It's not about spam," said Mr Waters. "The issue is that they have systems on their corporate network that they do not have control over. The bots could be keylogging, password sniffing or data mining. They just don't know."

"The bots are modular, you can download the spam module, password sniffing module or data miner or whatever you want," he said. "They are lining themselves up for data loss."

Tim Eades, a spokesman for security firm Sana, said spotting a compromised PC can be tricky because it might only be sending a bit of e-mail or web traffic every now and then.

Only large-scale analysis would reveal that the mail messages were part of a huge spam run or the web traffic was part of an attack on another site.

"That PC might not look bad at all," he said. "You would have to have a detection engine that could interpret what it was doing."

For a hi-tech criminal having access to a corporate network is a real prize. PCs inside companies typically have access to networks faster than those in homes and which are never switched off.

But that PC could be an attack platform for getting at valuable, saleable information or the beginning point for a digital bank raid.

Losing game

Alex Raistrick, director of security firm ConSentry's Northern Europe operations, said poor security practices by staff allowed the bad guys to break in.

Web browsing warning, Google
Many workers do not heed warnings on web use
Many people who take a work laptop home use it for their personal web use, he said. Often it comes back to the corporate network with some extra passengers.

"If a machine goes out of the network it should be checked before it comes back in," said Mr Raistrick.

Once a PC or laptop has been hijacked they survive, he said, because few corporate network security departments are set up to keep the internal network safe.

"Instead," he said, "most organisations have the perimeter completely sewn up to protect them from other people."

For Mr Waters the success that the botnet operators are enjoying shows that the bad guys have the upper hand.

"The good guys are behind the curve," he said and urged companies to examine their networks to ensure they are clean.

"They have to anticipate that they will have a problem," he said. "They should just assume that it is going to happen, find out what they do to detect it and then shut it down."

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific