In cyberspace, a dark alliance
For years, they worked in shadowy corners of the electronic world. Spammers tried to get around filters and other network defenses to plant their junk e-mail. Virus writers exploited computers to take them over. Now, they're starting to work together.Skip to next paragraph
Subscribe Today to the Monitor
Their emerging alliance is straining already embattled spam and virus defenses. For users, it means the Internet has grown more risky.
"They're learning from each other," says John Pironti, a security consultant at Unisys, the multinational information technology company. "The collaboration has begun."
Internet security experts are fighting back in the ongoing arms race of attack and defend. But right now the criminals are on the offensive. "We're way behind," says Stefan Savage, a computer science professor at the University of California at San Diego. Since 2001, he says, there have been "incredible advances in sophistication on the part of the bad guys. And yet what we do to defend is pretty much what we did five years ago."
Statistics seem to back him up. Today, not only is 63 percent of all e-mail spam, but 1 in 12 e-mail messages contains a virus, says MessageLabs, an e-mail security firm. That's a dramatic change from 20 years ago, when computer viruses spread slowly within limited networks or as floppy disks that had to be manually moved between machines. Today, the Internet zips these programs around the world at light speed.
Viruses can now enter computers as programs attached to e-mails sent by spammers. Once embedded in a machine, the viruses return the favor. By secretly taking control of computers, the viruses can create networks of "bots," programs that turn computers into "zombies." These computers are then employed by spammers to send out floods of anonymous spam messages.
These spams often include "phishing" scams - e-mails that appear to be from a bank or credit-card company but are really trying to steal account passwords or other financial information. Phishing has victimized some 1.8 million consumers and cost banks and credit-card issuers nearly $1.2 billion in the past year, estimates Symantec, a maker of computer-security software in Cupertino, Calif.
In the first half of 2003, the average number of bot networks monitored per day by Symantec was 2,000. By the first half of 2004, the number mushroomed to 30,000. Each bot network can contain thousands of infected computers.
Motivations have changed too. Early virusmakers wanted to show off. Today, criminals target individuals and businesses to try to make easy money. "We've definitely seen the motivation shift," says Brian Czarny, vice president of marketing at MessageLabs. His company first started noticing spammers and virusmakers working together back in the spring of 2003, he says. "Since then, it's grown exponentially."
Setting up in an Internet cafe anywhere in the world, these pirates can hit and run in a matter of hours. "They get somebody's identity, clear out their bank account, and then take off," Mr. Czarny says.
Other criminals hunt for personal data or a company's intellectual property for the purposes of extortion. "They send tidbits back to the organization and say, 'Look, I have your stuff,' " says Mr. Pironti, and then threaten to post the material on the Internet if their demands aren't met. In one recent example a British man was arrested last month in connection with stealing source code from Cisco Systems.
Big companies already spend a lot of time and money on state-of-the-art computer security. But in a new twist, criminals are sneaking in by attacking the less formidable defenses of smaller vendors who are linked into corporate computer networks. "That's one of our biggest challenges right now," Pironti says.