Security Fix

Cyber Crime Hits the Big Time in 2006

By Brian Krebs Staff Writer
Friday, December 22, 2006; 9:51 AM

Call it the "year of computing dangerously."

Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products.

Few Internet security watchers believe 2007 will be any brighter for the millions of fraud-weary consumers already struggling to stay abreast of new computer security threats and avoiding clever scams when banking, shopping or just surfing online.

One of the best measures of the rise in cyber crime this year is spam. More than 90 percent of all e-mail sent online in October was unsolicited junk mail messages, according to Postini, a San Carlos, Calif.-based e-mail security firm. The volume of spam shot up 60 percent in the past two months alone as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases.

As a result, network administrators are not only having to deal with considerably more junk mail, but the image-laden messages also require roughly three times more storage space and Internet bandwidth for companies to process than text-based e-mail, said Daniel Druker, Postini's vice president of marketing.

"We're getting an unprecedented amount of calls from people whose e-mail systems are melting down under this onslaught," Druker said.

Spam volumes are often viewed as a barometer for the relative security of the Internet community at large, in part because most spam is relayed via "bots," a term used to describe home computers that online criminals have compromised surreptitiously with a computer virus or worm. The more compromised computers that the bad guys control and link together in networks, or "botnets," the greater volume of spam they can blast onto the Intenet.

At any given time, there are between three and four million bots active on the Internet, according to Gadi Evron, a botnet expert who managed Internet security for the Israeli government before joining Beyond Security, an Israeli firm that consults with companies on security. And that estimate only counts spam bots. Evron said there are millions of other bots that are typically used to launch "distributed denial-of-service" attacks -- online shakedowns wherein attackers overwhelm Web sites with useless data if the targets refuse to pay protection money.

"Botnets have become the moving force behind organized crime online, with a low-risk, high-profit calculation," Evron said. He estimated that organized criminals would earn about $2 billion this year through phishing scams, which involve the use of spam and fake Web sites to trick computer users into disclosing financial and other personal data. Criminals also seed bots with programs that can record and steal usernames and passwords from compromised computers.


Another interesting measure of the growth of online crime is data showing that criminal groups have shifted their activities from nights and weekends to weekday attacks, suggesting that online crime is evolving into a full-time profession for many.

Cuptertino, Calif.-based Internet security provider Symantec Corp. found that the incidence of phishing scams dropped significantly on Sundays and Mondays in the United States. Symantec found similar trends when it examined the pattern of new virus variants being compiled and released by attackers.

"The bulk of the fraud attacks we're seeing now are coming in Monday through Friday, in the 9-5 U.S.-workday timeframe," said Vincent Weafer, director of security response at Symantec. "We now have groups of attackers who are motivated by profit and willing to spend the time and effort to learn how to conduct these attacks on a regular basis. For a great many online criminals these days, this is their day job: They're working full time now."

CONTINUED     1        >

© 2006 The Washington Post Company