The growing threat of cybercrime

    After a decade
    of untold havoc wrought by worms, viruses, Trojan horses and spam,
    something curious is going on in the Internet’s netherworld: the volume
    of attacks is beginning to fall off.

    That’s not at all good news for government and industry security
    experts, who say the declining number of spectacular attacks shows the
    architects of Internet instability are adopting a clever new strategy
    of heading undercover to avoid exposure, and forming into groups to
    better accomplish their goal of stealing financial secrets.

    “We
    have a significant cyber-risk in this country,” warned Andy Purdy,
    acting director of the Department of Homeland Security’s cyber security
    division.

    At a briefing for congressional aides on computer
    threats this week, Purdy said he’s cautioned businesses that this isn’t
    the time to relax security against cyber-criminals who are out for
    their trade secrets and financial data. Even now, Purdy said, some
    malevolent program may be worming its way into any company’s computer
    system to lurk there and gather information.

    “We have to raise
    the bar (about security). This is the challenge,” Purdy said. Publicly
    traded companies are already required by law to have cyber security
    systems, and private companies need to improve their security
    procedures as well, Purdy said.

    Larry Johnson, special agent in
    charge of the Secret Service’s criminal investigative division, warned
    that recent Internet attacks are showing increasing professionalism and
    going after large amounts money, like information on the 401K
    retirement accounts Americans hold.

    “That’s not surprising because that’s where people have most of their money,” Johnson said.

    The criminals use programs that insert themselves into people’s
    computers, then search for sensitive financial data or do other tasks
    like recording keystrokes as computer users log on to their personal
    accounts. The programs then automatically send what they find back to
    their mother computers over the Internet, where criminals retrieve the
    information and use it to close out bank or stock accounts.

    Johnson said the Secret Service has 20 online undercover investigations
    under way and urged computer users to take more care that their private
    information is protected.

    “Prevention is first and foremost.
    Once the cow is out of the barn, it’s too late,” noting it often takes
    individuals more than a year to straighten out their bank accounts and
    credit ratings after their identity is stolen. Although the Secret
    Service is best known publicly for guarding the president, the agency’s
    other responsibilities involve investigating financial and credit card
    crimes.

    Art Wong, director of security response for Symantec,
    a security software concern, said traditional hacking and attacks using
    worms and viruses are declining, but secretive attacks on computers
    using malevolent programs, known as malware, are increasing. These
    programs worm their way into computers either when surfers visit
    certain Web sites, open their e-mail, or download games or other
    software.

    “They are trying to slip under the radar. They do not
    want to be detected,” Wong said. “I think this is more insidious than
    we’ve seen in the past.”

    He said most of the attacks are
    originating in the United States, Canada, Korea, China and Germany, and
    he cited one message offering to sell a malware program exploiting
    vulnerabilities in commonly used operating software for $1,000.

    Wong said many companies could protect themselves simply by following
    industry “best practices” and ensure their computer systems are
    protected against intrusions.

    He said that over the next year,
    he expects to see more attacks from organized criminal enterprises, who
    are becoming more specialized.

    “People think they are safer than in the past. But today the environment is more dangerous than ever,” Wong said.

    Betsy Broder, an assistant director at the Federal Trade Commission,
    said it’s clear from recent thefts of identities of tens of thousands
    of people from data banks that criminals are moving to more
    sophisticated ways of stealing people’s money.

    “Instead of dumpster-diving for people’s identity, they’re trying to get the honey pot of data,” she said.

    (Contact Lance Gay at GayL(at)SHNS.com.)