When the Super Highway became commercialized, its use was intended for the free and legitimate exchange of information and instantaneous communication. It was a fairly innocent medium, awkward to some, but still innocent and safe. However, nowadays, staying safe online has become a never-ending battle - for children as well as adults. Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to our personal security and our privacy. Our money, our computer, our family, and our business are all at risk.
For example, researchers have found that most web browsers handle pop-up windows in a manner that makes them vulnerable to a simple phishing technique that allows fake content to look genuine. Even fully patched, standard versions of globally used browsers including Internet Explorer, Firefox, Opera, Konqueror, and Safari--used by trusted sites such as banks--allow malicious sites to insert their own content into any pop-up window, as long as the target name of the window is known.
Over the past year, experts warned of new attacks that not only circumvent DomainKeys but, adding insult to injury, even exploit the fledgling e-mail signing technology for their nefarious ends.
As eWEEK's Dennis Fisher reported, the technology once regarded by many in the security community as one of the best hopes for preventing e-mail address forgery is now being used to make bogus messages appear legitimate, thus undercutting confidence in the system. "It proves that people will get to the point where they can't trust e-mail from anywhere," one security expert, who requested anonymity, told Mr. Fisher.
But things seemed darker yet before a ring of cybercriminals was recently broken up by Russian authorities. These cybercriminals used keylogging software that they had planted in email messages and had hidden in websites to draw over $1.1 million from personal bank accounts in France.
Their goal was to infect the inner workings of computers in much the same way that mischief-making virus writers do. The twist here is that the keylogging programs exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer. This is a more invasive approach than phishing, which relies on deception rather than infection, tricking people into giving their information to a fake website.
The keylogging programs are often hidden inside ordinary software downloads, email attachments, or files shared over peer-to-peer networks. Because they can be embedded in webpages, they take advantage of browser features that allow programs to run automatically.
The hidden keylogging programs infect the computers of unsuspecting users. This puts the keylogging programs in the category of malicious programs known as Trojan horses, or just Trojans. These Trojans are very selective because they monitor the web access the victims make, and start recording information only when the user enters the sites of interest to the fraudster.
The growing threat of spyware. Beyond the phishing epidemic, spyware was on track to replace mass-mailing worms as the biggest security threat in the coming year. This technology, which uses covert techniques to install itself on computers and track user activity, is dangerous because malicious code can be executed on infected systems.
As eWEEK.com's Ryan Naraine reported, spyware, also known as adware, has become the preferred way to deliver malicious Trojans, which can relay information to other computers or Web locations, thus putting user passwords, log-in details, credit card numbers and other personal information at risk.
Notwithstanding financial chief security officers' complaints, the Feds spent a good deal of the past year studying cyber-crime, pondering and passing legislation to thwart it, and even handing down the first-ever felony conviction of a spammer. The spammer, Jeremy Jaynes, received a sentence of nine years in prison when a jury in AOL's home county convicted him and his sister.
What Lies Ahead: In the coming years, internet users will not only have to be more vigilant, but will also have to demand more from vendors vis-à-vis secure products, as well as will have to go through legislative wording with a fine-toothed comb.
To protect ourselves, our approach to internet use will have to change to stay ahead of the cybercriminals. But we cannot do it alone, as exemplified by Mr. Greg Garcia, the Assistant Secretary for cyber-security and telecommunications at the U.S. Department of Homeland Security, when he said that he and his team are already hard at work creating policies that aim to better protect critical infrastructure.
Although the United States government is better suited than ever to defend the nation's computing and communications networks, federal watchdogs will need private industry to lend a hand to keep attackers at bay, according to the first-ever federal cyber-security czar.
The cyber-security chief went on to say that his initial priorities revolve around work to breed cooperation between federal agencies to develop common security policies for defending networks and to help the private sector strengthen national preparedness and incident-response plans. Garcia said his most important role will be to serve as a focal point in the U.S. government to drive national security policies across both the public and private sectors.
On a personal level, there is more that we as individuals will have to do in order to keep the internet and the personal computers in their homes and businesses safe. We need to change our thinking and actions when it comes to computer security, especially when going online. But we cannot do it alone; we need an internet security team of experts making sure that we, our family, and your computers at home and place of business remain safe and secure.
The best protection we can have in today's rapidly changing world of cyber-attacks is to have expert support for all our internet security needs that will provide technical support without any hassles and without charging you extra fees. It will become even more critical than it is today as time goes on. We will need to find our own personal team of experts to rely on. If we ever have a security problem, we will want to have a trusted expert we can call for professional help, without any hassles and extra costs!
Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Our money, your computer, your family, and your business are all at risk.
These cybercriminals leave you with three choices:
1. Do nothing and hope their attacks, risks, and threats don't occur on your computer.
2. Do research and get training to protect yourself, your family, and your business.
3. Get professional help to lockdown your system from all their attacks, risks, and threats.
Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!
© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator
Resources Box:
Etienne A. Gibbs, Independent Internet Security Advocate and Educator, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection (including free lifetime technical support and $25,000 identity theft insurance and recovery) against spyware, viruses, malware, hackers, and other pc-disabling cybercrimes. For more information, visit http://www.SayNotoHackersandSpyware.com/
