• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K. Raghavan

Symantec's report highlights the threats netizens need to guard against in cyberspace.

Symantec, the leading infrastructure software company based in Cupertino (California), has again brought to our attention the variety of threats that impede the Net. In its report for the second half of 2006, released very recently, Symantec warns us of prowlers in cyberspace who want to steal data and create a targeted malicious code for that purpose.

Needless to say theft of information is mostly for financial gains, as in the case of breaking into an online banking system. Almost totally gone are the days when we were confronted solely by some reckless youth wanting to scoff at anyone who claimed that his information security system was invulnerable and hacked that system for some fun and frolic. Just as cricket - especially after the Woolmer episode - has ceased to be a game of gentlemen that gave pleasure to our aesthetic sensibilities, the Internet is no longer a mere medium for acquiring knowledge and sharing information. Sadly, it has become also a means with the help of which to commit unadulterated crime.

On the same analogy as cricket, it is no longer only gentlemen who have access to the Net. A large number with a shady reputation also get into cyber space for downright dishonest purposes. As I reported a fortnight ago, the Internet was recently used in India by a highly educated Kolkata-based engineer to peddle drugs.

Online clinics

There now comes news from the US that a lady doctor of New York City has been found guilty of blindly signing prescriptions for steroids, human growth hormone and other controlled substances that had been filled in by others before she affixed her signature. A network of online clinics used these prescriptions for securing and distributing these items mainly to football and baseball players across the US desperately trying to improve on their performance in the field. One particular pharmacy in Florida is being specially investigated by law enforcement agencies for acting as a clearing house for 50 or more Web sites and clinics.

Rising numbers

Symantec tells us that there were nearly 6 million bot-infected computers (viz., computers that have been hijacked for the purpose of stealing information or sending spam) in the world during the second half of last year.

This reflected an increase of nearly 30 per cent over the previous half. These were controlled by nearly 4,700 servers (which Symantec interestingly calls underground economy servers) in the hands of the so-called "bot-herders". With such mind-boggling numbers, one can imagine how much crime for profit can be committed in cyber space! It is not surprising therefore that ID-related data is available for a price in the market. According to a Symantec official, a stolen US bank account number or Social Security number can be bought for $20. Unauthorised access to online banking could cost you a lot more!

Reviewing the top 50 malicious codes that came to notice, the survey finds the Trojan (45 per cent) the most popular device. Intruders seem to prefer the Trojan to the hitherto popular mechanics of mass-mailing worms. At the same time, unknown threats are growing, as evident from the rise in zero-day vulnerabilities. There were 12 of this kind, as against just one in the previous half-year. The more than 50 per cent increase in thefts or loss otherwise of computer or data storage medium, such as a USB memory key, adds a significant dimension to the whole security scenario.

High degree of Coordination

The Symantec review has detected a high level of coordination in cyber attacks. Many of the recent intrusions now combine spam, malicious code and online fraud. Nearly 60 per cent of all e-mail traffic during the second half of 2006 was to carry spam. 30 per cent of this related to the financial services industry. Phishing attacks, once considered novel, are now launched with absolute ease. Averaging 900 per day, these have become a menace, especially during major holidays when victims relax their vigil.

The threat to cyber space described by the Symantec survey may appear exaggerated and unjustifiably gloomy. Such an impression is, however, unjustified. This is because the company's mechanics to collect data are extensive and well thought out. The threat assessment is based on data collected from 40,000 sensors deployed in more than 180 countries. Also available to Symantec is data furnished by 4,000 vendors. To add to the survey's credibility, another source are the two million decoy accounts that are an enormous storehouse of information.

Oracle vs SAP

Some of my readers may be under the wrong impression that cyber crime is mostly a transaction between individuals, where there is a defined aggressor and an identifiable victim. Occasionally, there are also organisations that are locked in combat when one party accuses another of downright espionage and theft of data.

A major battle is going on currently in the US, with Oracle going to town with allegations of data theft against German application maker SAP.

In its lawsuit filed on March 27, Oracle specifically levelled the charge that "SAP employees had used the log-in IDs of multiple customers, combined with phony user log-in information, to gain access to Oracle's system under false pretexts." The complaint went to the extent of saying that SAP had compiled "an illegal library of Oracle's copyrighted software code and other materials." The Oracle suit refers to various provisions of the Computer Fraud and Abuse Act, besides an assortment of espionage laws and regulations against unfair competition.

If and when a trial begins, there are likely to be interesting moments from the point of view of cyber crime itself. It will be a kind of learning process for many of who know only a little of corporate espionage through cyber space.

Instance of ingenuity

I would like end with a snippet on the US law enforcement ingenuity. `YouTube' is an interesting Web site where you can post any video that can tickle anyone with its unusual humour.

If I am right, the site, which has become hugely popular, was meant solely for entertainment.

An American policeman thought otherwise. When Patrolman Brian Johnson of Franklin (Massachusetts) studied a clipping from a security camera recording at Home Depot (a large store that sells everything you need to build a house) that showed two suspect customers using a stolen credit card, he had a brainwave. Not being able to identify the culprits, he posted the clipping on YouTube and sought help from visitors to the site. Simultaneously, he e-mailed the picture to nearly 300 individuals and organisations. The response was tremendous, although, ultimately, it was some hard traditional police work that helped to trace the offenders.

Nevertheless, it opened up a new avenue of investigation that had tremendous potential.

The only problem is that enthusiastic visitors to YouTube are liable to make mistakes in identity, and innocents like you and yours truly could sometimes be hauled up if ever we bore even a remote resemblance to the wanted persons!

(The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.)

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Call of the village

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line