Internet users witnessed yet another wave of spam, worms, viruses and other online attacks in 2004, and experts predict the online world will grow even more dangerous in 2005.
U.S. and international authorities tried to keep up with the online crime wave in the past year, arresting or convicting at least 11 virus writers and rounding up hundreds of people accused of computer crimes from credit card fraud to outright identity theft.
Still, most fraudsters, hackers and spammers managed to stay one step ahead of the law. "I liken the problem of online crime to the '20s and '30s, when law enforcement was still trying to figure out who all the gangsters were. They'd have a few arrests here and there but mostly the mafia types were just running circles around them," said Marcus Sachs, a former White House cyber-security adviser who now directs the SANS Internet Storm Center, which monitors hacker trends.
The first six months of 2004 witnessed a 400-percent increase in new Internet worm variants compared to the same period last year, according to Cupertino, Calif.-based online security firm Symantec Corp. Hackers released multiple waves of worms with names like "Mydoom," "Netsky" and "Bagle," sometimes putting out dozens of versions designed to sneak past software designed to protect computers from infection. There were 48 versions of the Bagle worm as of Oct. 29, the rough equivalent of a new edition every week. There are at least 15 copies of Mydoom and more than 28 of Netsky circulating online.
One of the most severe dangers to Internet users in 2004 was "phishing," a kind of fraud in which thieves design Web sites that pretend to represent real companies like Citibank or PayPal. They send cleverly disguised e-mail messages often telling people that their accounts will be suspended unless they submit information such as their credit card and bank routing numbers by clicking on a link provided in the message. That information often winds up being used by international hacker networks, and many people's credit subsequently has been damaged or ruined.
According to the Anti-Phishing Working Group, there were 1,422 kinds of phishing attacks in June 2004 alone, an eight-fold increase from 176 attacks in January. Many of those attacks use the names of trusted retailers and major e-commerce Web sites to trick recipients, but some experts predicted that as those companies get wiser, the scammers will target smaller, more naive businesses.
"Phishers are poking around for soft targets," said Ken Schneider, chief architect for network security at Symantec.
The higher prominence of online crime in 2004 came as Congress passed legislation to protect Internet users and punish identity thieves.
The Identity Theft Penalty Enhancement Act, signed into law by President Bush in July, prescribes stiff prison terms for those who use identity theft to commit other crimes. The Fair Credit Reporting Act, which took effect Dec. 1, requires the three major credit reporting agencies to provide each consumer with a free copy of his or her report once every year. Law enforcement officials and the Federal Trade Commission hope that the free reports will spur people to take more interest in their credit histories, one of the best ways to thwart identity theft. Chief executives of public companies will have to certify with the Securities and Exchange Commission that they have taken steps to keep their information secure from hackers and viruses after a portion of the Sarbanes-Oxley Act went into effect in November.
The states also were busy fighting online crime. A California law that requires companies to alert customers when a hacker break-in compromises consumer data was criticized as toothless when it went into effect last year because few companies sent out notices. But the law forced at least a dozen companies, including Wells Fargo, Ingram Micro and GMAC, earlier this year to warn consumers that their personal information may have been compromised by hackers or identity thieves.