continued from page 2

Today, most viruses are being written with illegal profits in mind. Criminals may seek to leave behind bits of code, known as Trojan horses, to track a computer user’s key strokes and to steal confidential information such as passwords and credit card numbers. Increasingly, criminals are seeking to infect huge groups of personal computers with code that allows them to remotely control those systems.

These armies of compromised computers, known as botnets, can then be used to send huge amounts of spam or to organize denial-of-service attacks against corporate computer systems or Web sites. By some estimates, nearly three-quarters of all spam is now sent over botnets, with U.S. spammers hiring out time on zombie networks managed from places such as Russia.(16)

By using thousands of widely dispersed personal computers to carry out attacks, criminals can hide their tracks or simply switch to a different group of computers when the first is shut down. Fast-spreading viruses have allowed criminals to assemble massive groups of compromised computers. In 2005, Dutch police broke up a ring that had assembled the largest- ever botnet, made up of 1.5 million computers and servers.(17) Criminals have been known to rent out botnets on the black market for as little as $100 an hour.(18)

Cyber Shakedowns
For businesses, distributed-denial-of-service attacks strike at the heart of their Internet operations. By swarming Web sites with thousands of simultaneous hits, these attacks shut out legitimate customers and clients from the site. The MyDoom virus, for example, was used to infect thousands of computers and direct them to attack a software company’s Web site at a specific time and date, bringing the site down on schedule.(19)

Unscrupulous businesses have also sought to shut down rivals’ Web sites. In early 2005, a Michigan owner of a Web-based sportswear business hired a New Jersey teenager to mount denial-of-service attacks against his rivals. The teenager, who was paid in sports clothes and designer sneakers, not only shut down the rival sites, but disrupted other businesses as far away as Europe.(20)

Such attacks are difficult to defend against because the worldwide reach of the Internet means they can be launched from individual computers located all over the world. Criminals also have turned to using the mere threat of such attacks as a way to shake down businesses.

The Internet has enabled criminals to update the old “protection” racket with modern technology in a growing crime known as cyber extortion. Rather than threatening to physically damage a business, criminals now threaten to shut down a Web site, release confidential information, damage corporate networks, or erase valuable data. Now, criminals can credibly pose a threat from thousands of miles away and demand that target companies electronically transfer the extortion payments.

Thousands of organizations are believed to be paying off criminals to avoid having their businesses or reputations damaged.(21) When one online retailer
refused to pay, the would-be extortionists posted 25,000 of the retailer’s customer’s credit card numbers on the World Wide Web.(22)

Particularly vulnerable are companies that rely on online business or seasonal sales and can ill afford a shutdown at the wrong time. While payoff demands typically run in the thousands or tens of thousands of dollars, some criminals have sought millions.

The threat that personal information will be misused is a major concern for both businesses and consumers. With identity theft in the headlines every day, consumers are increasingly afraid that they will be stuck holding the bill for fraudulent purchases or phony accounts set up in their name. Businesses are worried that security breaches may cost them dearly, not only in expenses to repair the actual damage but also in lost business from consumers and corporate clients.

Consumer Fears
As electronic commerce has become a part of everyday life, consumers have grown increasingly concerned about identity theft over the Internet. Millions of U.S. citizens have had their personal information stolen, with the thief then ringing up charges on an existing account or opening fraudulent new accounts. The number of U.S. citizens who became victims of identity theft in 2004 was 8.9 million.(23) According to a survey done for the Federal Trade Commission, the losses for all forms of identity theft for 2003 were estimated at nearly $48 billion for business and resulted in $5 billion in out-of-pocket expenses for consumers.(24) In addition, victims of identity theft had to spend dozens of ours to clear up their accounts.

Sixty-two percent of consumers are worried that their financial information could be stolen online, more than the percentage who were concerned about having such fraud happen at a restaurant or a retail store, another survey showed.(25) Consumer fears about Internet theft are tied to the portability of information in an online environment. While thefts of personal information at a brick-and-mortar establishment typically take place one account at a time, breaking into a consumer database can allow criminals to harvest thousands of accounts in seconds.

continued on next page>>
1|2|3|4|5|6|7|8