Theft through code will be biggest threat, warns report
The next time a computer virus or other malicious code sweeps the planet, it may prove to be much more damaging than the annoying Love Bug or some of its successors.
A Gartner Group report predicts that by the end of next year a 'mass victimisation' of thousands of Internet users will take place, where the object is not vandalism, but theft.
Analysts who wrote the study said the nature of malicious code had been changing gradually since 1998, from creating obvious and bothersome viruses to being a stealthy security threat.
They said the biggest problem would come from identity theft as more and better code was developed to read or steal personal information. At the same time, the use of passwords for electronic authentication and signatures was on the rise.
'These two trends in combination provide criminals, who already possess motive, with both means and opportunity, and will likely lead to a series of attacks in which legitimate identification is used by unauthorised persons to impersonate the real owner for criminal purposes,' the report said.
'The technologies required to initiate such attacks are simple and widely available, and in some cases have already been deployed for ostensibly benign purposes by commercial applications.'
Gartner singled out Netscape's SmartDownload as an example. The analysts said early versions of SmartDownload tracked what users were downloading and reported the information to Netscape.
'SmartDownload monitored inbound and outbound Internet traffic to a user's machine. It would be no more difficult to silently scan a user's hard drive for passwords, account numbers, and other information that could be used to initiate commercial transactions,' the report said.
Legislation has been introduced in the United States to ban companies from using programs that secretly gather information, but the technology is already available to criminals.
According to the US Federal Bureau of Investigation, identity theft is the fastest-growing white-collar crime in the US. An estimated 500,000 identities were being stolen in the US each year.
Cyber-risk insurer the Beazley Syndicate at Lloyd's of London recently said theft over the Net and extortion from hackers were among the biggest risks to firms.
In a report on identity theft, the Software and Industry Information Association estimated a technically savvy criminal could make US$50,000 a month through small-scale online theft.
Gartner predicted that if or when a mass theft did take place, the thief would probably get away with the crime, given the difficulty law enforcement agencies had dealing with the multi-jurisdictional nature of the Internet.
Gartner said the main reason mass thefts had not occurred more often was booming demand for skilled programmers in the technology industry. But analysts said a global recession could push talented technologists in countries such as Nigeria and in the former Soviet Union towards crime.
The report said that until now most virus writers were more interested in obtaining notoriety than financial gain.
Gartner recommended people protect themselves by watching for unexplained transactions, using a credit card with a low spending limit exclusively for online purchases and avoiding 'online wallets', one-click buying or account aggregation services that store personal credit information on an Internet-connected server.
The group also recommend disabling active content functions (ActiveX and Java) and Microsoft peer-to-peer networking on Internet-connected computers.
In the future, Gartner believes several key technologies will help protect the consumer. Credit card company Visa plans to enable all point-of-sale terminals with smart card readers by 2004. Once these become more widely accepted, analysts expect smart card readers to be included as a standard feature with new PCs.
Biometrics, which allow a user to physically interface with his security system using fingerprints or iris recognition, will take longer and face more challenges.