continued from page 1

The growth in Internet communications and business since that time has soared. The Internet began to take off with the popularization of Netscape’s browser in the mid-1990s. By 2004, three out of four Americans had access to the Internet at home.(8) Just over a year and a half later, two out of five Americans, or nearly 121 million people, had high-speed broadband access to the Internet.(9)

Business has moved online just as quickly. While a major corporation setting up a consumer Web site was still news in the mid-1990s, by 2003, nearly $1.6 trillion in goods and services were sold online in the United States, accounting for roughly 10 percent of all shipments in industries tracked by the U.S. Census Bureau.(10)

Besides transforming traditional industries, the Internet has spawned new ones. Google grew in just 10 years from an idea for an Internet search engine developed by two Stanford University graduate students to a publicly traded company with a market value of more than $100 billion, rivaling the worth of the world’s most valuable and long-established companies.

The Risks of the Information Economy
Advances in computing and telecommunications have transformed business. Where once business ran on reams of paper, much of commerce is now conducted via streams of digital data. Information technology has become an integral part of every industry, from agriculture to professional services.

The global public Internet also allows computer users to buy goods online, pay electronically, and query corporate networks for information. Now anyone with access to a computer can connect to corporate Web sites, which, if not properly managed and secured, can be used as gateways to networks holding vast amounts of valuable personal and proprietary information. By exposing their networks to the outside world, companies have opened themselves up to new risks. The data that companies have spent decades collecting represents not just a highly valuable business asset but also a treasure trove to defend.

At the same time that businesses have built huge databases of consumer information and developed increasingly powerful e-commerce capabilities, they have paved the way for criminals to exploit overlooked vulnerabilities in their technology. Internet gateways to corporate systems offer openings to criminals as well as clients and consumers. While businesses have spent billions of dollars to harden their systems, criminals have kept pace by developing new attacks. As Internet-based operations and communications have become critically important for businesses, they have engendered a new class of criminal activity — cyber crime.

The Criminal Revolution
While technology allows businesses to communicate and collaborate on an unprecedented scale, technology-savvy criminals have taken advantage of new technology-based opportunities to commit crime. Whether by exploiting security glitches to break into corporate systems or by using malicious code to create armies of remote-controlled “zombie” computers, criminals have adopted new technology as avidly as businesses have.

The paradox for business was summed up neatly by authors Stewart Brand and Matt Herron in 1984: “On the one hand, information wants to be expensive, because it’s so valuable,” they said. “On the other hand, information wants to be free, because the cost of getting it out is getting lower and lower all the time.”(11) Criminals, of course, recognize the value and mobility of digital information and look to steal it. The Internet enables them to do so from a desktop thousands of miles away from where the data are stored.

The theft of information via the Internet is a rapidly growing problem as criminals keep pace with technology and employ increasingly sophisticated and fast-spreading attacks. As new technologies are adapted by wider numbers of people, criminals respond by trying to find new vulnerabilities. For instance, as cell phones and wireless networks become more powerful and allow callers to connect to the Internet, they present increasingly tempting targets. Criminals also have been quick to change their tactics, shifting in some cases from attacks against operating systems to attacks against applications such as media players, database software, and even antivirus programs.(12)

The increasing sophistication and organization of computer criminals poses a serious threat. No longer is the lone hacker the main concern for corporate
computer security. Now, more and more computer attacks are being carried out by professional criminal gangs operating freely from places such as Eastern Europe. Criminals account for about 90 percent of the malicious code being released onto the Internet, according to an estimate by the computer security company Kaspersky Labs.(13)

The motivation for the attacks against computer systems is simple: that’s where the money is. There’s plenty of illicit profit to be gained from stealing, or even threatening to publish, confidential information.

Malware and Botnets
The most well-known attacks have been highly publicized viruses such Code Red, Sobig, and My- Doom. The MyDoom virus, in early 2004, for instance, spread by sending around 100 million infected e-mails in the first 36 hours.(14) Those viruses, however, represent just a small fraction of those that are loosed upon the Internet every day. In October 2005, for example, a record 1,685 new viruses and variants hit the Internet, although none were particularly widespread or dangerous.(15)

continued on next page>>
1|2|3|4|5|6|7|8