By LANCE GAY
Scripps Howard News Service
January 26, 2006
That's not at all good news for government and industry security experts, who say the declining number of spectacular attacks shows the architects of Internet instability are adopting a clever new strategy of heading undercover to avoid exposure, and forming into groups to better accomplish their goal of stealing financial secrets.
"We have a significant cyber-risk in this country," warned Andy Purdy, acting director of the Department of Homeland Security's cyber security division.
At a briefing for congressional aides on computer threats this week, Purdy said he's cautioned businesses that this isn't the time to relax security against cyber-criminals who are out for their trade secrets and financial data. Even now, Purdy said, some malevolent program may be worming its way into any company's computer system to lurk there and gather information.
"We have to raise the bar (about security). This is the challenge," Purdy said. Publicly traded companies are already required by law to have cyber security systems, and private companies need to improve their security procedures as well, Purdy said.
Larry Johnson, special agent in charge of the Secret Service's criminal investigative division, warned that recent Internet attacks are showing increasing professionalism and going after large amounts money, like information on the 401K retirement accounts Americans hold.
"That's not surprising because that's where people have most of their money," Johnson said.
The criminals use programs that insert themselves into people's computers, then search for sensitive financial data or do other tasks like recording keystrokes as computer users log on to their personal accounts. The programs then automatically send what they find back to their mother computers over the Internet, where criminals retrieve the information and use it to close out bank or stock accounts.
Johnson said the Secret Service has 20 online undercover investigations under way and urged computer users to take more care that their private information is protected.
"Prevention is first and foremost. Once the cow is out of the barn, it's too late," noting it often takes individuals more than a year to straighten out their bank accounts and credit ratings after their identity is stolen. Although the Secret Service is best known publicly for guarding the president, the agency's other responsibilities involve investigating financial and credit card crimes.
Art Wong, director of security response for Symantec, a security software concern, said traditional hacking and attacks using worms and viruses are declining, but secretive attacks on computers using malevolent programs, known as malware, are increasing. These programs worm their way into computers either when surfers visit certain Web sites, open their e-mail, or download games or other software.
"They are trying to slip under the radar. They do not want to be detected," Wong said. "I think this is more insidious than we've seen in the past."
He said most of the attacks are originating in the United States, Canada, Korea, China and Germany, and he cited one message offering to sell a malware program exploiting vulnerabilities in commonly used operating software for $1,000.
Wong said many companies could protect themselves simply by following industry "best practices" and ensure their computer systems are protected against intrusions.
He said that over the next year, he expects to see more attacks from organized criminal enterprises, who are becoming more specialized.
"People think they are safer than in the past. But today the environment is more dangerous than ever," Wong said.
Betsy Broder, an assistant director at the Federal Trade Commission, said it's clear from recent thefts of identities of tens of thousands of people from data banks that criminals are moving to more sophisticated ways of stealing people's money.
"Instead of dumpster-diving for people's identity, they're trying to get the honey pot of data," she said.
Distributed to subscribers by Scripps Howard News Service.
Publish A Letter on SitNews Read Letters/Opinions
Submit A Letter to the Editor