Just like many people are oblivious to the world around them while they’re driving a car, most people don’t have a clue regarding the savage battle that rages across the Internet as they merrily open dangerous email attachments, click on malicious website links and download virus-laden screensavers. Just like Joe SixPack thinks that he’s a free man as long as he can still buy beer and watch football on TV, most folks think that all is well with the Internet as long as they can still get their precious email from Grandma.
The panel discussion “Internet Wars 2007,” which took place at this year’s Defcon computer security conference in Las Vegas, probably would have been a total freak-out for most Internet users. While I was not particularly shocked or surprised by what I heard, the discussion did serve to reinforce what I’ve known for quite some time: without some form of Godly intervention, the evils that are assaulting Internet users around the world are not going away any time soon.
Featuring top security experts from around the world, including members of the U.S. Treasury Departments System Intrusion and Network Attach Response Team and the FBIs Cyber Division, the discussion covered a lot of ground. Cybercrime, the Mafia and information warfare were topics that piqued great interest.
The biggest problem pointed out by the experts is that private and government security organizations simply cannot stay ahead of the massive onslaught of new Internet attacks that are launched every day. Law enforcement agencies suffer from a severe lack of funding and resources, due mainly to an uninformed Congress that does not consider Internet crime and terrorism to be a serious threat. As such, attack response times are slow or even non-existent, leaving businesses and the general public to fend for themselves. It’s a bit like trying to fight a grizzly bear with a flyswatter.
Private security companies are experiencing the same problems. Antivirus companies such as Symantec/Norton and McAfee simply cannot keep up with the daily load of new viruses. Attack methods used by the bad guys have shifted from general-purpose “break everything” approaches to much more targeted and specific techniques. Have you noticed an increase in spam/scam emails landing in your inbox that directly reference your name, email address or company name? Internet criminals aren’t stupid. In fact, they’re getting smarter, fooling and scamming more people every day.
This dangerous state of affairs was demonstrated quite clearly earlier this week, with reports that 1.6 million records belonging to several hundred thousand people were stolen from job-hunting service Monster.com. This allowed scammers to conduct a highly organized and targeted attack, virus-infecting the computers of over 46,000 people who clicked on links contained in credible-looking emails that appeared to come from Monster.com. Planted on the infected computers are two programs, one designed to harvest online banking credentials, and the other program designed to encrypt files on the victim’s computer (such as, everything in the My Documents folder) and hold them hostage until the victim pays a ransom fee.
During the “Internet Wars 2007” discussion, U.S. Treasury Department official Andrew Fried stated that Internet crime is going get much worse, and that it will be at least five years before the tide turns in favor of the good guys. That is, if the tide turns at all.