By LANCE GAY
Scripps Howard News Service
September 26, 2005
"People are somewhat aware of this, but they don't understand the danger," said Ron Teixeira, executive director of the National Cyber Security Alliance, the nonprofit group sponsoring the "Stay Safe Online" campaign to educate computer users.
"It's critical that we reach the average consumers, who do not know about computers," he said. Among those participating in the campaign are the Department of Homeland Security, the Federal Trade Commission, 10 universities and security experts with private industry.
Consumers Union, the organization that publishes Consumer Reports, estimates there's a 1-in-3 chance this year that computer users at home will have their identity stolen or their computer damaged from the proliferation of malicious programs - known as "bots" and other terms - that Internet surfers pick up either by opening e-mail or visiting Internet sites.
Consumer Reports estimates that consumers will spend $9 billion this year to repair computers damaged by viruses and spyware, and about 8 percent of new computer purchases in 2003 and 2004 were made to replace systems damaged by attacks.
Jeff Blyskal, a senior editor at Consumer Reports, said he was surprised by the amount of financial losses and the increase in criminal activity on the Web.
"Criminals are going to try to get your stuff whether it's in a vault or under the mattress, or in your personal computer," he said. He recommends that people stop putting personal information on computers used to surf the Internet, and use removable drives to store credit-card and bank information or tax returns.
David Cole, director of security for the computer security concern Symantec, said there's been a sharp spike in attacks on computers this year, and he expects there will be a lot of financial losses as a result. Cole is warning that small businesses and individual users are particularly vulnerable.
"They're out there to steal," Cole said. "It's part and parcel of a financial motive."
Stealing information is a prosecutable crime, but Cole said the bandits are exploiting both the versatility of Internet technology and weaknesses in the law by operating across borders from areas like Russia and the Philippines, where domestic enforcement is lax.
"This is not a small group of people," he said, noting there are thousands of networks sending illicit bots.
He said the shift toward criminal activity and stealing information is noticeable. "There's not widespread recognition this has taken place," he said. "The impression is this is just a lot of hackers doing this. Clearly, this is not the case."
In a semi-annual report on Internet threats, Symantec said its engineers have found that more than 10,000 active bandit network computers are operating each day - a 140 percent increase over the company's last survey. About 74 percent of the malicious codes the company examined were written to steal confidential information from the computers they infect.
Technology experts say computer engineers haven't helped consumers who aren't tech-savvy by coining new words to describe the threats as "bots," "viruses," "trojans," "worms" or "malware."
Teixeira said that's just confusing people, and they are all basically the same and involve unwanted computer code inserted into a computer without the user's knowledge.
But unlike computer viruses written by teenagers to destroy someone's computer, the newer generation of small computer programs isn't designed to cause damage. Instead, these programs insert themselves in a computer and report back to a host computer what they find going on there.
Some computer programs can record the keyboard strokes people make when they log on with their passwords to their private bank accounts or make credit-card payments. This can provide the bandits access to bank accounts so they can transfer money or make other transactions.
Other malicious programs can take snapshots of files, like IRS returns stored on a computer, or personal stock account records. One version implants a seed program that remains dormant for a while to avoid detection, and then periodically downloads new capabilities over open Internet lines, or opens back doors into computer systems so someone can see all the files the infected computer contains.
Teixeira said that next month's campaign is attempting to avoid technical jargon, and will stress the importance of computer users turning on firewall software that comes with new computers, or installing software that can detect and eliminate malicious codes.
"It's up to consumers to take precautions," he said.
On the Net:
Distributed by Scripps Howard News Service, http://www.shns.com
Publish A Letter on SitNews Read Letters/Opinions
Submit A Letter to the Editor