My book, Linux Phrasebook, which is still selling well & still just as useful today as when it came out in 2006 (& will be for another decade or two, given how consistent the Linux command line is), has been translated into Russian. You can find it at this Russian website, where I found out that it’s translated title is Linux Карманный справочник, which looks pretty cool. The other cool thing I found out from going to the page is how to display my name in Russian: Скотт Граннеман.
From Jim Giles’ “The inside story of the Conficker worm” (New Scientist: 12 June 2009):
23 October 2008 … The dry, technical language of Microsoft’s October update did not indicate anything particularly untoward. A security flaw in a port that Windows-based PCs use to send and receive network signals, it said, might be used to create a “wormable exploit”. Worms are pieces of software that spread unseen between machines, mainly – but not exclusively – via the internet (see “Cell spam”). Once they have installed themselves, they do the bidding of whoever created them.
If every Windows user had downloaded the security patch Microsoft supplied, all would have been well. Not all home users regularly do so, however, and large companies often take weeks to install a patch. That provides windows of opportunity for criminals.
The new worm soon ran into a listening device, a “network telescope”, housed by the San Diego Supercomputing Center at the University of California. The telescope is a collection of millions of dummy internet addresses, all of which route to a single computer. It is a useful monitor of the online underground: because there is no reason for legitimate users to reach out to these addresses, mostly only suspicious software is likely to get in touch.
The telescope’s logs show the worm spreading in a flash flood. For most of 20 November, about 3000 infected computers attempted to infiltrate the telescope’s vulnerable ports every hour – only slightly above the background noise generated by older malicious code still at large. At 6 pm, the number began to rise. By 9 am the following day, it was 115,000 an hour. Conficker was already out of control.
That same day, the worm also appeared in “honeypots” – collections of computers connected to the internet and deliberately unprotected to attract criminal software for analysis. It was soon clear that this was an extremely sophisticated worm. After installing itself, for example, it placed its own patch over the vulnerable port so that other malicious code could not use it to sneak in. As Brandon Enright, a network security analyst at the University of California, San Diego, puts it, smart burglars close the window they enter by.
Conficker also had an ingenious way of communicating with its creators. Every day, the worm came up with 250 meaningless strings of letters and attached a top-level domain name – a .com, .net, .org, .info or .biz – to the end of each to create a series of internet addresses, or URLs. Then the worm contacted these URLs. The worm’s creators knew what each day’s URLs would be, so they could register any one of them as a website at any time and leave new instructions for the worm there.
It was a smart trick. The worm hunters would only ever spot the illicit address when the infected computers were making contact and the update was being downloaded – too late to do anything. For the next day’s set of instructions, the creators would have a different list of 250 to work with. The security community had no way of keeping up.
No way, that is, until Phil Porras got involved. He and his computer security team at SRI International in Menlo Park, California, began to tease apart the Conficker code. It was slow going: the worm was hidden within two shells of encryption that defeated the tools that Porras usually applied. By about a week before Christmas, however, his team and others – including the Russian security firm Kaspersky Labs, based in Moscow – had exposed the worm’s inner workings, and had found a list of all the URLs it would contact.
[Rick Wesson of Support Intelligence] has years of experience with the organisations that handle domain registration, and within days of getting Porras’s list he had set up a system to remove the tainted URLs, using his own money to buy them up.
It seemed like a major win, but the hackers were quick to bounce back: on 29 December, they started again from scratch by releasing an upgraded version of the worm that exploited the same security loophole.
This new worm had an impressive array of new tricks. Some were simple. As well as propagating via the internet, the worm hopped on to USB drives plugged into an infected computer. When those drives were later connected to a different machine, it hopped off again. The worm also blocked access to some security websites: when an infected user tried to go online and download the Microsoft patch against it, they got a “site not found” message.
Other innovations revealed the sophistication of Conficker’s creators. If the encryption used for the previous strain was tough, that of the new version seemed virtually bullet-proof. It was based on code little known outside academia that had been released just three months earlier by researchers at the Massachusetts Institute of Technology.
Indeed, worse was to come. On 15 March, Conficker presented the security experts with a new problem. It reached out to a URL called rmpezrx.org. It was on the list that Porras had produced, but – those involved decline to say why – it had not been blocked. One site was all that the hackers needed. A new version was waiting there to be downloaded by all the already infected computers, complete with another new box of tricks.
Now the cat-and-mouse game became clear. Conficker’s authors had discerned Porras and Wesson’s strategy and so from 1 April, the code of the new worm soon revealed, it would be able to start scanning for updates on 500 URLs selected at random from a list of 50,000 that were encoded in it. The range of suffixes would increase to 116 and include many country codes, such as .kz for Kazakhstan and .ie for Ireland. Each country-level suffix belongs to a different national authority, each of which sets its own registration procedures. Blocking the previous set of domains had been exhausting. It would soon become nigh-on impossible – even if the new version of the worm could be fully decrypted.
Luckily, Porras quickly repeated his feat and extracted the crucial list of URLs. Immediately, Wesson and others contacted the Internet Corporation for Assigned Names and Numbers (ICANN), an umbrella body that coordinates country suffixes.
From the second version onwards, Conficker had come with a much more efficient option: peer-to-peer (P2P) communication. This technology, widely used to trade pirated copies of software and films, allows software to reach out and exchange signals with copies of itself.
Six days after the 1 April deadline, Conficker’s authors let loose a new version of the worm via P2P. With no central release point to target, security experts had no means of stopping it spreading through the worm’s network. The URL scam seems to have been little more than a wonderful way to waste the anti-hackers’ time and resources. “They said: you’ll have to look at 50,000 domains. But they never intended to use them,” says Joe Stewart of SecureWorks in Atlanta, Georgia. “They used peer-to-peer instead. They misdirected us.”
The latest worm release had a few tweaks, such as blocking the action of software designed to scan for its presence. But piggybacking on it was something more significant: the worm’s first moneymaking schemes. These were a spam program called Waledac and a fake antivirus package named Spyware Protect 2009.
The same goes for fake software: when the accounts of a Russian company behind an antivirus scam became public last year, it appeared that one criminal had earned more than $145,000 from it in just 10 days.
From Brian Kreb’s “An Odyssey of Fraud” (The Washington Post: 17 June 2009):
Andy Kordopatis is the proprietor of Odyssey Bar, a modest watering hole in Pocatello, Idaho, a few blocks away from Idaho State University. Most of his customers pay for their drinks with cash, but about three times a day he receives a phone call from someone he’s never served — in most cases someone who’s never even been to Idaho — asking why their credit or debit card has been charged a small amount by his establishment.
Kordopatis says he can usually tell what’s coming next when the caller immediately asks to speak with the manager or owner.
“That’s when I start telling them that I know why they’re calling, and about the Russian hackers who are using my business,” Kordopatis said.
The Odyssey Bar is but one of dozens of small establishments throughout the United States seemingly picked at random by organized cyber criminals to serve as unwitting pawns in a high-stakes game of chess against the U.S. financial system. This daily pattern of phone calls and complaints has been going on for more than a year now. Kordopatis said he has talked to the company that processes his bar’s credit card payments about fixing the problem, but says they can’t do anything because he hasn’t actually lost any money from the scam.
The Odyssey Bar’s merchant account is being abused by online services that cyber thieves built to help other crooks check the balances and limits on stolen credit and debit card account numbers.
From Annie Karni’s “Gabbing Taxi Drivers Talking on ‘Party Lines’” (The New York Sun: 11 January 2007):
It’s not just wives at home or relatives overseas that keep taxi drivers tied up on their cellular phones during work shifts. Many cabbies say that when they are chatting on duty, it’s often with their cab driver colleagues on group party lines. Taxi drivers say they use conference calls to discuss directions and find out about congested routes to avoid. They come to depend on one another as first responders, reacting faster even than police to calls from drivers in distress. Some drivers say they participate in group prayers on a party line.
It is during this morning routine, waiting for the first shuttle flights to arrive from Washington and Boston, where many friendships between cabbies are forged and cell phone numbers are exchanged, Mr. Sverdlov said. Once drivers have each other’s numbers, they can use push-to-talk technology to call large groups all at once.
Mr. Sverdlov said he conferences with up to 10 cabbies at a time to discuss “traffic, what’s going on, this and that, and where do cops stay.” He estimated that every month, he logs about 20,000 talking minutes on his cell phone.
While civilian drivers are allowed to use hands-free devices to talk on cell phones while behind the wheel, the Taxi & Limousine Commission imposed a total cell phone ban for taxi drivers on duty in 1999. In 2006, the Taxi & Limousine Commission issued 1,049 summonses for phone use while on duty, up by almost 69% from the 621 summonses it issued the previous year. Drivers caught chatting while driving are fined $200 and receive two-point penalties on their licenses.
Drivers originally from countries like Israel, China, and America, who are few and far between, say they rarely chat on the phone with other cab drivers because of the language barrier. For many South Asians and Russian drivers, however, conference calls that are prohibited by the Taxi & Limousine Commission are mainstays of cabby life.
From Steven Weinberg’s “Without God” (The New York Review of Books: 25 September 2008):
It has often been noted that the greatest horrors of the twentieth century were perpetrated by regimes – Hitler’s Germany, Stalin’s Russia, Mao’s China – that while rejecting some or all of the teachings of religion, copied characteristics of religion at its worst: infallible leaders, sacred writings, mass rituals, the execution of apostates, and a sense of community that justified exterminating those outside the community.
From Kelly Jackson Higgins’ “The World’s Biggest Botnets” (Dark Reading: 9 November 2007):
You know about the Storm Trojan, which is spread by the world’s largest botnet. But what you may not know is there’s now a new peer-to-peer based botnet emerging that could blow Storm away.
“We’re investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication,” says Tripp Cox, vice president of engineering for startup Damballa, which tracks botnet command and control infrastructures. “We can’t say much more about it, but we can tell it’s distinct from Storm.”
Researchers estimate that there are thousands of botnets in operation today, but only a handful stand out by their sheer size and pervasiveness. Although size gives a botnet muscle and breadth, it can also make it too conspicuous, which is why botnets like Storm fluctuate in size and are constantly finding new ways to cover their tracks to avoid detection. Researchers have different head counts for different botnets, with Storm by far the largest (for now, anyway).
Damballa says its top three botnets are Storm, with 230,000 active members per 24 hour period; Rbot, an IRC-based botnet with 40,000 active members per 24 hour period; and Bobax, an HTTP-based botnet with 24,000 active members per 24 hour period, according to the company.
Size: 230,000 active members per 24 hour period
Purpose: Spam, DDOS
Malware: Trojan.Peacomm (aka Nuwar)
Few researchers can agree on Storm’s actual size — while Damballa says its over 200,000 bots, Trend Micro says its more like 40,000 to 100,000 today. But all researchers say that Storm is a whole new brand of botnet. First, it uses encrypted decentralized, peer-to-peer communication, unlike the traditional centralized IRC model. That makes it tough to kill because you can’t necessarily shut down its command and control machines. And intercepting Storm’s traffic requires cracking the encrypted data.
Storm also uses fast-flux, a round-robin method where infected bot machines (typically home computers) serve as proxies or hosts for malicious Websites. These are constantly rotated, changing their DNS records to prevent their discovery by researchers, ISPs, or law enforcement. And researchers say it’s tough to tell how the command and control communication structure is set up behind the P2P botnet. “Nobody knows how the mother ships are generating their C&C,” Trend Micro’s Ferguson says.
Storm uses a complex combination of malware called Peacomm that includes a worm, rootkit, spam relay, and Trojan.
But researchers don’t know — or can’t say — who exactly is behind Storm, except that it’s likely a fairly small, tightly knit group with a clear business plan. “All roads lead back to Russia,” Trend Micro’s Ferguson says.
“Storm is only thing now that keeps me awake at night and busy,” he says. “It’s professionalized crimeware… They have young, talented programmers apparently. And they write tools to do administrative [tracking], as well as writing cryptographic routines… and another will handle social engineering, and another will write the Trojan downloader, and another is writing the rootkit.”
Size: 40,000 active members per 24 hour period
Purpose: DDOS, spam, malicious operations
Malware: Windows worm
Rbot is basically an old-school IRC botnet that uses the Rbot malware kit. It isn’t likely to ever reach Storm size because IRC botnets just can’t scale accordingly. “An IRC server has to be a beefy machine to support anything anywhere close to the size of Peacomm/Storm,” Damballa’s Cox says.
It can disable antivirus software, too. Rbot’s underlying malware uses a backdoor to gain control of the infected machine, installing keyloggers, viruses, and even stealing files from the machine, as well as the usual spam and DDOS attacks.
Size: 24,000 active members per 24 hour period
Malware: Mass-mailing worm
Bobax is specifically for spamming, Cox says, and uses the stealthier HTTP for sending instructions to its bots on who and what to spam. …
According to Symantec, Bobax bores open a back door and downloads files onto the infected machine, and lowers its security settings. It spreads via a buffer overflow vulnerability in Windows, and inserts the spam code into the IE browser so that each time the browser runs, the virus is activated. And Bobax also does some reconnaissance to ensure that its spam runs are efficient: It can do bandwidth and network analysis to determine just how much spam it can send, according to Damballa. “Thus [they] are able to tailor their spamming so as not to tax the network, which helps them avoid detection,” according to company research.
Even more frightening, though, is that some Bobax variants can block access to antivirus and security vendor Websites, a new trend in Website exploitation.
From Tom Espiner’s “Cracking open the cybercrime economy” (CNET News: 14 December 2007):
“Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don’t think we are really winning this war.”
As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.
“From Trojan creation sites out of Germany and the Eastern bloc, you can purchase kits and support for malware in yearly contracts,” said [David Marcus, security research manager at McAfee Avert Labs]. “They present themselves as a cottage industry which sells tools or creation kits. It’s hard to tell if it’s a conspiracy or a bunch of autonomous individuals who are good at covering their tracks.”
Joe Telafici, director of operations at McAfee’s Avert Labs, said Storm is continuing to evolve. “We’ve seen periodic activity from Storm indicating that it is still actively being maintained. They have actually ripped out core pieces of functionality to modify the obfuscation mechanisms that weren’t working any more. Most people keep changing the wrapper until it gets by (security software)–these guys changed the functionality.”
Peter Gutmann, a security researcher at the University of Auckland, says in a report that malicious software via the affiliate model–in which someone pays others to infect users with spyware and Trojans–has become more prevalent in 2007.
The affiliate model was pioneered by the iframedollars.biz site in 2005, which paid Webmasters 6 cents per infected site. Since then, this has been extended to a “vast number of adware affiliates,” according to Gutmann. For example, one adware supplier pays 30 cents for each install in the United States, 20 cents in Canada, 10 cents in the United Kingdom, and 1 or 2 cents elsewhere.
Hackers also piggyback malicious software on legitimate software. According to Gutmann, versions of coolwebsearch co-install a mail zombie and a keystroke logger, while some peer-to-peer and file-sharing applications come with bundled adware and spyware.
In March, the price quoted on malware sites for the Gozi Trojan, which steals data and sends it to hackers in an encrypted form, was between $1,000 and $2,000 for the basic version. Buyers could purchase add-on services at varying prices starting at $20.
In the 2007 black economy, everything can be outsourced, according to Gutmann. A scammer can buy hosts for a phishing site, buy spam services to lure victims, buy drops to send the money to, and pay a cashier to cash out the accounts. …
Antidetection vendors sell services to malicious-software and botnet vendors, who sell stolen credit card data to middlemen. Those middlemen then sell that information to fraudsters who deal in stolen credit card data and pay a premium for verifiably active accounts. “The money seems to be in the middlemen,” Gutmann says.
One example of this is the Gozi Trojan. According to reports, the malware was available this summer as a service from iFrameBiz and stat482.com, who bought the Trojan from the HangUp team, a group of Russian hackers. The Trojan server was managed by 76service.com, and hosted by the Russian Business Network, which security vendors allege offered “bullet-proof” hosting for phishing sites and other illicit operations.
According to Gutmann, there are many independent malicious-software developers selling their wares online. Private releases can be tailored to individual clients, while vendors offer support services, often bundling antidetection. For example, the private edition of Hav-rat version 1.2, a Trojan written by hacker Havalito, is advertised as being completely undetectable by antivirus companies. If it does get detected then it will be replaced with a new copy that again is supposedly undetectable.
Hackers can buy denial-of-service attacks for $100 per day, while spammers can buy CDs with harvested e-mail addresses. Spammers can also send mail via spam brokers, handled via online forums such as specialham.com and spamforum.biz. In this environment, $1 buys 1,000 to 5,000 credits, while $1,000 buys 10,000 compromised PCs. Credit is deducted when the spam is accepted by the target mail server. The brokers handle spam distribution via open proxies, relays and compromised PCs, while the sending is usually done from the client’s PC using broker-provided software and control information.
Carders, who mainly deal in stolen credit card details, openly publish prices, or engage in private negotiations to decide the price, with some sources giving bulk discounts for larger purchases. The rate for credit card details is approximately $1 for all the details down to the Card Verification Value (CVV); $10 for details with CVV linked to a Social Security number; and $50 for a full bank account.
From Jonah Lehrer’s “Hell is a Perfect Memory” (The Frontal Cortex: 2 December 2008):
This isn’t the first case report of a person with perfect memory. In the masterful The Mind of A Mnemonist, the Soviet neurologist A.R. Luria documented the story of a Russian newspaper reporter, D.C. Shereshevskii, who was incapable of forgetting. For example, D.C. would be bound by his brain to memorize the entire Divine Comedy of Dante after a single reading. Audiences would scream out random numbers 100 digits long and he would effortlessly recount them. The only requirement of this man’s insatiable memory was that he be given 3 or 4 seconds to visualize each item during the learning process. These images came to D.C. automatically.
Eventually, D.C.’s memory overwhelmed him. He. struggled with mental tasks normal people find easy. When he read a novel, he would instantly memorize every word by heart, but miss the entire plot. Metaphors and poetry – though they clung to his brain like Velcro – were incomprehensible. He couldn’t even use the phone because he found it hard to recognize a person’s voice “when it changes its intonation…and it does that 20 or 30 times a day.”
From Mark Gibbs’ “Debt collectors mining your secrets” (Network World: 19 June 2008):
[Bud Hibbs, a consumer advocate] told me any debt collection company has access to an incredible amount of personal data from hundreds of possible sources and the motivation to mine it.
What intrigued me after talking with Hibbs was how the debt collection business works. It turns out pretty much anyone can set up a collections operation by buying a package of bad debts for around $40,000, hiring collectors who will work on commission, and applying for the appropriate city and state licenses. Once a company is set up it can buy access to Axciom and Experian and other databases and start hunting down defaulters.
So, here we have an entire industry dedicated to buying, selling and mining your personal data that has been derived from who knows where. Even better, because the large credit reporting companies use a lot of outsourcing for data entry, much of this data has probably been processed in India or Pakistan where, of course, the data security and integrity are guaranteed.
Hibbs points out that, with no prohibitions on sending data abroad and with the likes of, say, the Russian mafia being interested in the personal information, the probability of identity theft from these foreign data centers is enormous.
From Tim Wilson’s “Researchers Link Storm Botnet to Illegal Pharmaceutical Sales” (DarkReading: 11 June 2008):
“Our previous research revealed an extremely sophisticated supply chain behind the illegal pharmacy products shipped after orders were placed on botnet-spammed Canadian pharmacy Websites. But the relationship between the technology-focused botnet masters and the global supply chain organizations was murky until now,” said Patrick Peterson, vice president of technology at IronPort and a Cisco fellow.
“Our research has revealed a smoking gun that shows that Storm and other botnet spam generates commissionable orders, which are then fulfilled by the supply chains, generating revenue in excess of $150 million per year.”
In fact, the “Canadian Pharmacy” Website, which many Storm emails promote, is estimated to have sales of $150 million per year by itself, the report says. The site offers a customer service phone number that goes into voice mail and buyers usually do receive the drugs — but the shipments include counterfeit pharmaceuticals from China and India, rather than brand-name drugs from Canada, IronPort says.
IronPort’s research revealed that more than 80 percent of Storm botnet spam advertises online pharmacy brands. This spam is sent by millions of consumers’ PCs, which have been infected by the Storm worm via a multitude of sophisticated social engineering tricks and Web-based exploits. Further investigation revealed that spam templates, “spamvertized” URLs, Website designs, credit card processing, product fulfillment, and customer support were being provided by a Russian criminal organization that operates in conjunction with Storm, IronPort says.
However, IronPort-sponsored pharmacological testing revealed that two thirds of the shipments contained the active ingredient but were not the correct dosage, while the others were placebos.
From Dennis Fisher’s “Storm, Nugache lead dangerous new botnet barrage” (SearchSecurity.com: 19 December 2007):
[Dave Dittrich, a senior security engineer and researcher at the University of Washington in Seattle], one of the top botnet researchers in the world, has been tracking botnets for close to a decade and has seen it all. But this new piece of malware, which came to be known as Nugache, was a game-changer. With no C&C server to target, bots capable of sending encrypted packets and the possibility of any peer on the network suddenly becoming the de facto leader of the botnet, Nugache, Dittrich knew, would be virtually impossible to stop.
Dittrich and other researchers say that when they analyze the code these malware authors are putting out, what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process.
The way that Storm, Nugache and other similar programs make money for their creators is typically twofold. First and foremost, Storm’s creator controls a massive botnet that he can use to send out spam runs, either for himself or for third parties who pay for the service. Storm-infected PCs have been sending out various spam messages, including pump-and-dump stock scams, pitches for fake medications and highly targeted phishing messages, throughout 2007, and by some estimates were responsible for more than 75% of the spam on the Internet at certain points this year.
Secondly, experts say that Storm’s author has taken to sectioning off his botnet into smaller pieces and then renting those subnets out to other attackers. Estimates of the size of the Storm network have ranged as high as 50 million PCs, but Brandon Enright, a network security analyst at the University of California at San Diego, who wrote a tool called Stormdrain to locate and count infect machines, put the number at closer to 20,000. Dittrich estimates that the size of the Nugache network was roughly equivalent to Enright’s estimates for Storm.
“The Storm network has a team of very smart people behind it. They change it constantly. When the attacks against searching started to be successful, they completely changed how commands are distributed in the network,” said Enright. “If AV adapts, they re-adapt. If attacks by researchers adapt, they re-adapt. If someone tries to DoS their distribution system, they DoS back.”
The other worrisome detail in all of this is that there’s significant evidence that the authors of these various pieces of malware are sharing information and techniques, if not collaborating outright.
“I’m pretty sure that there are tactics being shared between the Nugache and Storm authors,” Dittrich said. “There’s a direct lineage from Sdbot to Rbot to Mytob to Bancos. These guys can just sell the Web front-end to these things and the customers can pick their options and then just hit go.”
Once just a hobby for devious hackers, writing malware is now a profession and its products have helped create a global shadow economy. That infrastructure stretches from the mob-controlled streets of Moscow to the back alleys of Malaysia to the office parks of Silicon Valley. In that regard, Storm, Nugache and the rest are really just the first products off the assembly line, the Model Ts of P2P malware.
I just had a student email me asking about Russian music download sites. Here’s what I told him:
http://www.mp3sparks.com isn’t accepting payments. Dunno why. They haven’t for a long time, so they’re out of the picture, as far as I’m concerned.
There’s a huge list of Russian music sites here: http://www.squidoo.com/russianmp3sites
Lots of good info there.
Oh, and don’t forget the Amazon MP3 store. It’s actually nice – cheaper than Apple, but not as cheap as the Russians!
From Charles Glass’ “The New Piracy:Ã‚Â Charles Glass on the High Seas” (London Review of Books: 18 December 2003):
Ninety-five per cent of the worldÃ¢â‚¬â„¢s cargo travels by sea. Without the merchant marine, the free market would collapse and take Wall StreetÃ¢â‚¬â„¢s dream of a global economy with it. Yet no one, apart from ship owners, their crews and insurers, appears to notice that pirates are assaulting ships at a rate unprecedented since the glorious days when pirates were Ã¢â‚¬ËœprivateersÃ¢â‚¬â„¢ protected by their national governments. The 18th and 19th-century sponsors of piracy included England, Holland, France, Spain and the United States. In comparison, the famed Barbary corsairs of North Africa were an irritant. Raiding rivalsÃ¢â‚¬â„¢ merchant vessels went out of fashion after the Napoleonic Wars, and piracy was outlawed in the 1856 Declaration of Paris (never signed by the US). Since the end of the Cold War, it has been making a comeback. Various estimates are given of its cost to international trade. The figure quoted most often is the Asia FoundationÃ¢â‚¬â„¢s $16 billion per annum lost in cargo, ships and rising insurance premiums.
The International Maritime Bureau (IMB), which collects statistics on piracy for ship owners, reports that five years ago pirates attacked 106 ships. Last year they attacked 370. This year looks worse still.
In waters where piracy flourished in the past, the tradition embodied in figures such as Captain Kidd has persisted: off the Ganges delta in Bangladesh, in the Java and South China Seas, off the Horn of Africa and in the Caribbean. Three conditions appear necessary: a tradition of piracy; political instability; and rich targets Ã¢â‚¬â€œ Spanish galleons for Drake, oil tankers for his descendants. A fourth helps to explain the ease with which it happens: Ã¢â‚¬ËœThe maritime environment,Ã¢â‚¬â„¢ Gunaratna said, Ã¢â‚¬Ëœis the least policed in the world today.Ã¢â‚¬â„¢
The IMB has not been able to persuade the international community or the more powerful maritime states to take serious action. The BureauÃ¢â‚¬â„¢s director, Captain Pottengal Mukundan, believes there is nothing crews can do to protect themselves. National maritime laws are not enforced beyond national boundaries Ã¢â‚¬â€œ which is to say, over more than half the earthÃ¢â‚¬â„¢s surface. Beyond territorial waters, there are no laws, no police and no jurisdiction. Many countries lack the will or the resources to police even their own waters. The IMB advises all ships against putting in anywhere near states like Somalia, for instance, where there is a near certainty of attack. …Ã‚Â Piracy is a high-profit, low-risk activity.
The IMB urges crews to take more precautions, but owners canÃ¢â‚¬â„¢t afford every recommended improvement: satellite-tracking devices, closed circuit cameras, electric fencing and security officers on every ship. Owners and trade unions discourage the arming of merchant ships in the belief that firearms will put crewsÃ¢â‚¬â„¢ lives at greater risk. Only the Russians and the Israelis are known to keep weapons aboard. Competition in the shipping business forces owners to minimise expenditure on crews as on everything else. A commission of inquiry into the 1989Ã‚Â Exxon ValdezÃ‚Â spill that nearly destroyed the Alaskan coast reported that Ã¢â‚¬Ëœtankers in the 1950s carried a crew of 40 to 42 to manage about 6.3 million gallons of oil . . . theÃ‚Â Exxon ValdezÃ‚Â carried a crew of 19 to transport 53 million gallons of oil.’ [Quoted inÃ‚Â Dangerous Waters: Modern Piracy and Terror on the High SeasÃ‚Â by John Burnett]Ã‚Â With the automation of many shipboard tasks, vessels today carry even fewer seamen than they did when theÃ‚Â Exxon ValdezÃ‚Â ran aground. That means fewer eyes to monitor the horizon and the decks for intruders.
Air and land transport routes have come under tighter scrutiny since 11 September 2001, but improvements to maritime security are few. An oil tanker can carry a load that is far, far more explosive than any civil aircraft. And most piracy, including the seizure of oil tankers, takes place near countries with powerful Islamist movements Ã¢â‚¬â€œ Indonesia, Malaysia, the Philippines, Yemen and Somalia.Ã‚Â LloydÃ¢â‚¬â„¢s ListÃ‚Â reported on 4 November that Indonesia is Ã¢â‚¬Ëœthe global black spotÃ¢â‚¬â„¢ with 87 attacks in the first nine months of this year Ã¢â‚¬â€œ Ã¢â‚¬Ëœthe number of attacks in the Malacca Straits leaped from 11 in 2002 to 24 this year.Ã¢â‚¬â„¢ Indonesia, which consists of two thousand islands, is the worldÃ¢â‚¬â„¢s most populous Muslim country. It has experienced decades of repression by a kleptocratic military, communal violence and the degradation of a once vibrant economy. Radical Islamists have made it the focus of their activity and recruitment in Asia.
From Wikipedia’s “Napoleon I of France” (5 July 2006):
The French suffered greatly in the course of a ruinous retreat; the Army had begun as over 650,000 frontline troops, but in the end fewer than 40,000 crossed the Berezina River (November 1812) to escape. In total French losses in the campaign were 570,000 against about 400,000 Russian casualties and several hundred thousand civilian deaths.