You and I and the people in our immediate circles will be the next wide-scale victims of cyber-crime. Problem is, cyber-criminals will take so little from each of us at a time that we probably won`t notice it as they gather in millions from a largely unsuspecting public. This is the word from the respected and normally sober GartnerGroup, and when an organisation as reserved as this warns of such an occurrence, we`d best take it seriously.
Every time you send out an e-mail from Hotmail, Yahoo or whichever service you`re using, it sends out quite a bit of revealing information.
Ian Melamed is chief technology officer of SatelliteSafe
Gartner refers to this future event as an act of "economic mass victimisation" that will occur in the next two years. It will go undetected by law officials because they are under-prepared, and because it is driven largely by a growing base of talented Internet users in countries with depressed economies. Typically, this has translated to Eastern European and South American countries.
Because the crime will occur across a wide base, involving a small amount at a time from millions of customers, the cyber-criminals are likely to get away with the crime. And, as they do so, they`re likely to increase the size of each theft.
Gartner paints a gloomy picture of cyber-crime, saying its cost will soar, increasing by 1 000% to 10 000% by 2004 as law enforcement agencies address their backlog in competence. Gartner notes that the US federal government`s spending on cyber-crime enforcement makes up less than 1% of all law enforcement spending; and it expects this to remain the norm.
Gartner warns that the attacks on 40 e-commerce sites in the US, launched from the former Soviet Union, highlight the severity of the problem. Millions of credit card details were stolen in these attacks, and they were in all likelihood sold to the Russian Mafia.
Gartner`s recommendations: to embark on a proactive campaign of prevention, starting at the user level, embracing corporate policy and extending to international co-operation and agreements to limit the movements of cyber-criminals.
And go through your credit card with the finest toothcomb!
The Anna Kournikova virus was a spectacular nuisance, now Brazilian hacker [K]alamar has upgraded the worm generation software he used to create the virus, so it can carry damaging payloads. It can now produce worms scrambled with two types of encryption, an anti-delete function and it can carry a payload of an executable file. To ensure [K]alamar cannot be held liable for ensuing damage, anyone downloading his kit has to agree to a disclaimer absolving him of responsibility for such damage. Yeah, right!
While Microsoft is rightly a consistent focus area for security and virus issues, Linux is grabbing headlines increasingly often. A new worm, Adore, has made its appearance. Designed to compromise the security of Linux systems and identify them to potential hackers, Adore, a variant of Raman, creates back doors on these systems and sends information identifying the compromised systems to four e-mail addresses on servers in China and the US. Last month we saw the Lion worm, which used a well-known Linux flaw to spread among servers using domain name service software. Word is that Adore is spreading quickly and scanning a variety of servers to uncover the vulnerabilities.
The scale of hacking continues to beggar belief. The US Congress has been advised that hackers gained complete control of at least 155 government computer systems in 32 federal agencies last year. The co-ordinated response: most agencies have yet to conduct full security audits, so they have no idea which systems are vulnerable. British Telecom had two of its UK Web sites defaced: hackers left a rant about ADSL on the search.bt.com site, and btworldwide.com was defaced by Prime Suspectz. The telecoms giant has also been advised of a vulnerability on its btcellnet.net servers which could compromise customer accounts, but has not fixed it. Then Visa`s German home page was also broken into, ostensibly by Brazilian hackers. Certainly engenders confidence in the credit card company, doesn`t it? Microsoft`s Windows NT and Internet Information Server continue to be the software most consistently compromised.
And now for some bad news for people who think their anonymous (usually free) e-mail can protect them from detection: it can`t! Every time you send out an e-mail from Hotmail, Yahoo or whichever service you`re using, it sends out quite a bit of revealing information. This includes an extra "X-Originating-IP:" SMTP header. Yahoo and Hotmail include the browser`s IP address in the initial "Received:" header. The only way to overcome this situation is to use an anonymising proxy. If you don`t have one, don`t use your free e-mail address to send out potentially compromising e-mail.
(Sources: Silicon.com, MSNBC, Hacker News Network, Reuters and CNet.)
Share