• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Port Info

• Ships in Ports
  
  

Archives

• Yesterday
• Datewise
• Resources

Group Sites

• The Hindu
• Business Line
• The Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K. Raghavan

What's new about computer crime, you might ask. But criminals are increasingly targeting individual desktops - such as yours and mine.

IN its semi-annual report for the first half of 2005, Symantec, the internationally reputed vendor of security-related products, including anti-virus packages, claims that there is a significant rise in the exposure of confidential information, especially in respect of credit card and regular banking transactions.

This is at a time when the volume of online shopping and Internet banking activities is set to reach new heights. Incidentally, of the top 50 malicious code samples reported to Symantec, nearly three-fourths compromised confidential information.

Some other statistics thrown up by the report are staggering. For instance, Phishing attacks have gone up to about 5.70 million per day against just 2.95 million in the previous reviews. The Symantec Brightmail AntiSpam filter now blocks more than 40 million Phishing intrusions per week, twice as many averaged until January this year. A 680 per cent spurt in Denial of Service (DoS) attacks has also been registered.

During the review period, Symantec also identified more than 1,800 vulnerabilities, a majority of which were moderate or high in severity. If these figures will not scare and discipline a computer user — individual or organisation — what else will?

I know many of my readers could be asking the question: What is new about the Symantec report that we do not already know?

What is distinctive about the fresh Symantec analysis is its assessment that hackers are now targeting individual desktops, marking a shift from the earlier focus on "enterprise perimeters." This is of grave concern to machines that millions of us have at our homes. Few of these have even basic firewall protection. Some of us do not even update our anti-virus software, a matter of extreme anxiety, since Symantec claims to have detected more than 10,000 new Win32 virus and worm variants.

To add credibility to the report, here are some insights on how the corporation goes about compiling it. Symantec has more than 24,000 sensors that monitor network activities in 18 countries. Complementing this array of sensors are two million decoy accounts that generate e-mail messages from about 20 countries. A scrutiny of this traffic gives a fair idea globally of ongoing spam and Phishing activities.

That Symantec is not being fanciful or is talking into thin air and contrary to specific ground realities will be clear from some recent incidents. The one that has attracted international attention is how Paris Hilton, the Reality Show celebrity, was victimised by a Massachusetts teenager earlier this year. The cyber attack started in March 2004 and went on for more than a year. The culprit gained access to Hilton's mobile phone and transferred information (such as her `racy' pictures and names of contacts that included media and sports personalities) to the Web, where it was posted, much to her embarrassment. During investigation, the youth admitted also to violating the sites of an ISP, a data broker and a major telephone provider. In the case of the ISP, he installed a rogue programme on an employee's computer and stole valuable proprietary information.

More audacious was his launching of a DoS attack on the telephone company, all because it refused to reactivate a telephone that he had obtained and used fraudulently! Is he therefore not a reckless and dangerous individual who has to be disciplined? The teenager was recently sentenced to spend 11 months in a juvenile facility. He will also be supervised for two years after release.

Another recent case is that of a New Jersey lad of 17, of Indian origin, who was hired by a sports goods dealer, to initiate a DoS attack on a competitor's Web site. The mechanics of the accused (Jasmine Singh) was simple. He used a network of machines severely infected with an unnamed computer virus and flooded the targeted Web site with data from the former. The victim reportedly suffered a loss of about $1.5 million. Singh was sentenced to spend five years in a youth detention centre and pay a compensation of $35,000. Is it not alarming, that if you are not technically savvy but still want to settle scores electronically with an adversary, you can actually hire somebody who has the knowledge and skill to inflict damage across cyberspace? You will agree that the thin line of distinction between conventional and cyber crime is fast vanishing.

The two cases - both from the US - confirm that our knowledgeable youth, unless fruitfully occupied, will become a menace to society. They have at their command modern technology, a double-edged weapon in the hands of unscrupulous elements. While society will have to tackle this problem of taming youth who have gone astray, the police have their work cut out, as was in evidence recently in Brazil, when they arrested 85 persons across seven states for hacking online banking systems. The loss to banks was $33 million. More than 400 officers were placed on `Operation Pegasus', which yielded rich dividends. This then is the awesome dimension of cyber crime as it has evolved over the past few decades.

Ironically, as I complete this column, a leaked e-mail is very much in the news. The sender was Greg Chappell and the recipient, Ranbir Singh Mahendra, the BCCI President. At this point of time, neither has been directly accused of the leak, although there are umpteen conjectures. Was the mail then intercepted by vested interests, if it had not been deliberately shared with the media by those close to either of the two dignitaries? This may seem fanciful. Knowing as I do the politics that governs the sport, I will not be surprised if some worthy of the Board says, at the end of it all, that this was a case of someone inimical to the BCCI having hacked its President's computer.

A mischievous thought. In view of the fact that cricket is a religion in our country, and any hurt to it is likely to inflame passions, is there not a case for a full-fledged cyber security probe?

Picture by Bijoy Ghosh

The writer is a former CBI Director who is currently Adviser to Tata Consultancy Services Ltd.

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Sharing the secret

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line