Touched Yet by Cybercrimes Pandemic? Dont Worry; you Will!

By: Etienne A. Gibbs, MSW

The following is adapted by an article in eWEEK.com entitled, 2004: Year of the Cyber-Crime Pandemic. Although written in 2004, the epidemic appears to be getting worst, not better.

But wait a minute! Notice I said, "appears to be getting worst". On the surface, it seems like the epidemic has become a pandemic. While cybercrime might have increased so, too, has online security to combat it. Although cybercriminals might be a step or two ahead of authorities, they don't stay there long. As soon as authorities close in on them, they shut down operation and move on. In a way that's a small victory. The small battles may be won by the authorities and experts, but for them the war against cybercrime and cybercriminals wages on.

Now, here's what eWEEK.com had to say, in paraphrased fashion:

Internet crime and security have become increasingly complicated in the past years. In November alone, there were 8,459 new, unique phishing e-mail messages reported to the Anti-Phishing Working Group. That's nearly four times the number received in August and represents an average monthly growth rate of 34 percent since July.

What's uniquely alarming about this epidemic is that phishing is such an alluringly lucrative cybercrime: It involves duping victims into revealing personal financial data, including credit card numbers, account user names and passwords, and/or Social Security numbers.

The sophistication of these attacks has grown by leaps and bounds. For example, as eWEEK.com's Matthew Broersma reported in December, researchers have found that most Web browsers handle pop-up windows in a manner that makes them vulnerable to a simple phishing technique that allows fake content to look genuine.

Even fully patched, standard versions of globally used browsers including Internet Explorer, Firefox, Opera, Konqueror, and Safari-used by trusted sites such as banks-allow malicious sites to insert their own content into any pop-up window, as long as the target name of the window is known.

Over the past year, experts also warned of new attacks that not only circumvent DomainKeys but, adding insult to injury, even exploit the fledgling e-mail signing technology for their nefarious ends.

As eWEEK's Dennis Fisher reported, the technology once regarded by many in the security community as one of the best hopes for preventing e-mail address forgery is now being used to make bogus messages appear legitimate, thus undercutting confidence in the system.

"It proves that people will get to the point where they can't trust e-mail from anywhere," one security expert, who requested anonymity, told Fisher.

During a quarter in which analysts declared a 500 percent increase in global phishing activity over the previous quarter, Veterans Day was the nadir. Beginning in the early morning and continuing into the weekend, the Internet exploded with attacks against companies including eBay, Citibank and other financial institutions.

Indeed, financial institutions are traditionally the likeliest targets of Internet crime, yet chief security officers in the industry said they got scant help from the Feds over the past year, eWEEK's Fisher reported.

Dave Cullinane, president of the Information Systems Security Association, gave a speech at the CSO Interchange gathering, during which he said that the FBI and other federal agencies are generally unresponsive to requests for help from banks on phishing attacks unless the bank can show substantial financial losses. "If you're running on the assumption that calling the FBI will get you assistance, it won't," he said.

The growing threat of spyware. Beyond the phishing epidemic, spyware was on track to replace mass-mailing worms as the biggest security threat in the coming year. This technology, which uses covert techniques to install itself on computers and track user activity, is dangerous because malicious code can be executed on infected systems.

As eWEEK.com's Ryan Naraine reported, spyware, also known as adware, has become the preferred way to deliver malicious Trojans, which can relay information to other computers or Web locations, thus putting user passwords, log-in details, credit card numbers and other personal information at risk.

Notwithstanding financial chief security officers' complaints, the Feds spent a good deal of the past year studying cyber-crime, pondering and passing legislation to thwart it, and even handing down the first-ever felony conviction of a spammer. The spammer, Jeremy Jaynes, received a sentence of nine years in prison when a jury in AOL's home county convicted him and his sister.

Meanwhile, a federal sweep, named Operation Web Snare, nabbed 150 individuals and 117 criminal complaints between June and August. As eWEEK's Dennis Callaghan reported, the effort, largely directed against phishers, was thought to be the largest one yet taken against cyber-criminals.

Reactions to the cyber-criminal sweep were mixed, however, as some legal and online fraud experts opined that it was too little, too late.

Finally, if there's any silver lining to the dark cloud of cyber-crime that's blossomed in the past year, it is this: Congress is finally taking these issues seriously.

As eWEEK's Caron Carlson reported, the Senate in June approved legislation aimed at stopping identity theft by increasing criminal penalties and creating a new crime of aggravated ID theft, which the president has since signed into law.

The House took on the task of probing spyware in April, and legislation targeting spyware was introduced into the Senate and House, with Utah ahead of the curve in enacting an anti-spyware law.

The House in September approved legislation that prohibits "taking control" of a computer, surreptitiously modifying a Web browser's home page, or disabling anti-virus software without proper authorization.

With all of these busts, and with all of this legislative pondering, does it finally mean we have some tools to beat down the alarming rise of cybercrime? eWEEK.com's Larry Seltzer earlier in the year had read various versions of bills pending at the time, and he wasn't optimistic, given that the legislative language had too much wiggle room.

The upshot: In 2005, you'll have to be more vigilant, you'll have to demand more from vendors vis-Ã?-vis secure products, and you'll have to go through legislative wording with a fine-toothed comb.

Is that different from other years? No. But take it much, much more seriously this year.

To protect yourself, you need an Internet security team of experts making sure that you, your family, and your business computer are always safe and secure. The best protection you can have in today's rapidly changing world of cyber-attacks is to have expert support for all your Internet security needs that will provide technical support without any hassles and without charging you extra fees. It will become even more critical than it is today as time goes on. You need to find your own personal team of experts to rely on. If you ever have a security problem, you will want to have a trusted expert you can call for professional help, without any hassles and extra costs!

Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk. These cybercriminals leave you with three choices: (1) Do nothing and hope their attacks, risks, and threats don't occur on your computer. (2) Do research and get training to protect yourself, your family, and your business. (3) Get professional help to lockdown your system from all their attacks, risks, and threats.

Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!

Share this article :

Most Read
• A Life Touched, by Wayne and Tamara
• Touched By An Angel (Season 2) DVD Review, by Britt Gillette
• Recent Avian Pandemic, by Bob Taylor
Top Searches on Home Security
•  Security System Car•  House Security Systems