September 26, 2005
Monday

Government and technology experts are embarking on a nationwide campaign next month to warn Americans of the dangers of bandits lurking on the information highway and determined to rob you of your identity or financial information.

Tips to avoid becoming ID-theft victim By LANCE GAY Scripps Howard News Service Ten million Americans fall victim to identity theft each year, and gangs of bandits are devising new ways to steal information from your computer. It's up to you to protect yourself. Here's what experts recommend: - Keep your operating system upgraded. With Windows, allow the system to upgrade patches automatically when you are online. The patches are closing holes in the system the bandits are using. - If you have a new computer, it comes with firewall software installed. You really don't need to know how it works, just make sure it is turned on. - If you are asked for your personal information - your name, e-mail address, home address or phone number - make sure you know how it is going to be used. - Don't open unsolicited e-mail or attachments in e-mails from people you don't know. If the e-mail message includes an Internet link, do not click on it. If you do click on it, it may direct you to a Web site that looks reputable but is a bandit mimicking a legitimate business. If your Internet provider offers to screen out spam e-mail, make sure you turn on that function. - Don't respond to solicitations for your personal or financial information. Banks and credit-card companies do not send e-mails telling you that your account has been compromised. If the e-mail comes from a company you do business with, don't respond to the e-mail but call the company on the telephone. - Be careful who you deal with online. Legitimate businesses will have an address and phone number listed on the Internet where you can contact them. - Forward suspicious e-mails to spam(at)uce.gov and to the companies involved. - Free music, games and software may have a hidden cost. Do you know everything that's in that program you are downloading? - Install anti-spyware and anti-virus software and keep it current. But note that, in tests, Consumer Reports found no software that caught all variants. - Use a complicated password with at least eight characters, including numbers, and change the password every three months. - Copy all your important files to a removable disc. - If you are a victim, go to www.ftc.gov for advice on dealing with identity theft. - Protect your children online. Keep the computer in a central and open location, and supervise what they are doing on the Internet, especially in chat rooms. Contact Lance Gay at GayL(at)SHNS.com. Distributed by Scripps Howard News Service, http://www.shns.com

"People are somewhat aware of this, but they don't understand the danger," said Ron Teixeira, executive director of the National Cyber Security Alliance, the nonprofit group sponsoring the "Stay Safe Online" campaign to educate computer users.

"It's critical that we reach the average consumers, who do not know about computers," he said. Among those participating in the campaign are the Department of Homeland Security, the Federal Trade Commission, 10 universities and security experts with private industry.

Consumers Union, the organization that publishes Consumer Reports, estimates there's a 1-in-3 chance this year that computer users at home will have their identity stolen or their computer damaged from the proliferation of malicious programs - known as "bots" and other terms - that Internet surfers pick up either by opening e-mail or visiting Internet sites.

Consumer Reports estimates that consumers will spend $9 billion this year to repair computers damaged by viruses and spyware, and about 8 percent of new computer purchases in 2003 and 2004 were made to replace systems damaged by attacks.

Jeff Blyskal, a senior editor at Consumer Reports, said he was surprised by the amount of financial losses and the increase in criminal activity on the Web.

"Criminals are going to try to get your stuff whether it's in a vault or under the mattress, or in your personal computer," he said. He recommends that people stop putting personal information on computers used to surf the Internet, and use removable drives to store credit-card and bank information or tax returns.

David Cole, director of security for the computer security concern Symantec, said there's been a sharp spike in attacks on computers this year, and he expects there will be a lot of financial losses as a result. Cole is warning that small businesses and individual users are particularly vulnerable.

"They're out there to steal," Cole said. "It's part and parcel of a financial motive."

Stealing information is a prosecutable crime, but Cole said the bandits are exploiting both the versatility of Internet technology and weaknesses in the law by operating across borders from areas like Russia and the Philippines, where domestic enforcement is lax.

"This is not a small group of people," he said, noting there are thousands of networks sending illicit bots.

He said the shift toward criminal activity and stealing information is noticeable. "There's not widespread recognition this has taken place," he said. "The impression is this is just a lot of hackers doing this. Clearly, this is not the case."

In a semi-annual report on Internet threats, Symantec said its engineers have found that more than 10,000 active bandit network computers are operating each day - a 140 percent increase over the company's last survey. About 74 percent of the malicious codes the company examined were written to steal confidential information from the computers they infect.

Technology experts say computer engineers haven't helped consumers who aren't tech-savvy by coining new words to describe the threats as "bots," "viruses," "trojans," "worms" or "malware."

Teixeira said that's just confusing people, and they are all basically the same and involve unwanted computer code inserted into a computer without the user's knowledge.

But unlike computer viruses written by teenagers to destroy someone's computer, the newer generation of small computer programs isn't designed to cause damage. Instead, these programs insert themselves in a computer and report back to a host computer what they find going on there.

Some computer programs can record the keyboard strokes people make when they log on with their passwords to their private bank accounts or make credit-card payments. This can provide the bandits access to bank accounts so they can transfer money or make other transactions.

Other malicious programs can take snapshots of files, like IRS returns stored on a computer, or personal stock account records. One version implants a seed program that remains dormant for a while to avoid detection, and then periodically downloads new capabilities over open Internet lines, or opens back doors into computer systems so someone can see all the files the infected computer contains.

Teixeira said that next month's campaign is attempting to avoid technical jargon, and will stress the importance of computer users turning on firewall software that comes with new computers, or installing software that can detect and eliminate malicious codes.

"It's up to consumers to take precautions," he said.

On the Net:

www.staysafeonline.org

SitNews
Stories In The News
Ketchikan, Alaska