2004: Good and Bad for Security
Experts agree: 2004 was the best of times and the worst of times for those concerned about security. It was a year with high-profile arrests of virus authors, and the explosion of online crimes, from cyber-extortion to identity theft, a year in which ISPs won millions in damages from spammers, and spam messages increased by 40 percent.
In hindsight, 2004 may be looked back upon as the year that a long tradition of hobbyist hackers and flashy, but harmless, viruses gave way to shadowy, professional online crime syndicates. The professionals were armed with virulent new threats designed to separate Internet users from their cash, according to interviews with leading security experts.
With that in mind, here's a look at some of the most important technology security stories and trends of the last year:
Phishing: For Phun and Profit
Online identity theft through phishing scams was the run-away security story of 2004, due to the explosive growth in such attacks.
Phishing scams are online crimes that use spam to direct Internet users to Web sites controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information, often under the guise of updating account information, which is then captured by the thieves.
E-mail security vendor MessageLabs blocked an insignificant trickle of 279 such scams in September 2003. By September 2004, that trickle swelled to a flood of more than 2 million messages, according to a statement from the company. In all, MessageLabs says it blocked 18 million phishing e-mail messages in 2004.
The Anti-Phishing Working Group watched the number of reported phishing Web sites increase by an average of 28 percent each month between July and November. The average phishing Web site operated for six days before being shut down, according to Peter Cassidy, secretary general of the group.
"Phishing has really exploded, it's been one of the biggest problems we've had," says Mikko Hypp
Achilles, Get Your Gun
Not since the days of Ancient Greece have Trojans been as much a part of popular conversation as they were in 2004, when an explosion in Trojan horse programs turned countless Internet-connected computers into tools for malicious hackers and international online crime organizations.
Carried on the back of e-mail and Internet worms, an eye-popping parade of back door Trojans marched onto vulnerable computers since January.
One typical example is the ubiquitous RBot, a Trojan program that spreads using a number of methods. The program can collect system information, download and execute files, launch a denial-of-service (DOS) attack, and even remotely control a connected Web cam.
RBot-A, the first version of the worm-like Trojan, was identified in March 2004. The latest, RBot RN was identified on December 13, according to U.K. antivirus company Sophos. In just nine months, there were 480 different versions of the Trojan.
Trojan horse and backdoor programs are not new, but the rapid growth in their use in 2004 was a product of cooperation between virus writers, online criminals and spammers, says Jesse Villa, technical product manager at Frontbridge Technologies.
Trojans have been silent actors in a number of high-profile crimes, including the theft in 2003 of source code for the "Half-Life 2" video game. A Trojan horse program named Banker-AJ infected computers and waited until users visited online banking sites, at which point the program logged user keystrokes and captured account information, says Gregg Mastoras, senior security analyst at Sophos.
More Trojans have also led to an increase in the number of "botnets," distributed networks of compromised machines that act as "zombies" in spam campaigns or DDOS (distributed DOS) attacks.
"At the end of last year we knew of about 2000 botnets. Towards the end of this year, we're looking at about 300,000," Villa says.
Those networks range from 100 infected PCs to networks of thousands of zombie computers, which are rented out to aspiring spammers or for targeted DOS attacks used in online extortion rackets, Villa says.
"Bots have largely gone ignored," says Hypp
Police and Patches
But the news wasn't all bad. While online crimes skyrocketed in 2004, there were also a number of high-profile arrests of those involved in cybercrimes.
In May, German authorities arrested 18-year-old Sven Jaschan, who admitted to creating and releasing the Netsky and Sasser Internet worms, and a 21-year-old German man who admitted to creating the Agobot and Phatbot Trojans.
There were other victories as well, including the June arrest of those believed to be behind the 2003 "Half-Life 2" source code theft and a September arrest of a man believed to be connected to the theft of source code belonging to Cisco Systems. In October, the U.S. Department of Justice arrested 19 people in connection to an online "carding" ring that traded information about stolen identity and credit card information online.
In 2005, some combination of tougher law enforcement and tighter security is the best way to stem the tide of malicious and criminal behavior online, experts agree.
To stop identity theft, banks, e-commerce companies and consumers need to look hard at strong user authentication technology, says Sophos' Mastoras.
"In the [European Union], banks are already moving away from static passwords. I think that will be a trend that will happen in the U.S. as well," he says.
E-mail sender authentication technologies such as Domain Keys from Yahoo and Sender ID from Microsoft need to be broadly adopted--a move that would make life tougher for those behind phishing scams, which often use forged e-mail sender addresses to trick unsuspecting e-mail recipients, says Mastoras.
ISPs also have to begin sharing what they know about Internet attacks and compromised computers on their networks, Villa says.
"This is a long term problem and we have to work together to combat it," he says.