By Sarah Lacy Netizens often like to compare the settlement of the Internet with that of the American West. The explorers charted new territory, observes product developer Chad Harrington of Zone Labs, a San Francisco-based Web security company, recently acquired by Check Point Software Technologies (CHKP). Then came pioneers eking out enough to survive, followed by later settlers who set up stores, businesses, and other commerce. But once there was wealth to exploit -- and little in the way of law enforcement -- lawlessness spread.
Fast-forward to today's Net. A new Internet "threat report" from Web security leader Symantec (SYMC) suggests the Wild West of the Web is getting wilder still. Unlike the hackers of the Internet's early days, increasingly sophisticated coders are stealing consumer financial information to sell to spammers or blackmailing companies with threats that unless a bribe is paid, the thieves will overwhelm legitimate Web sites with so-called denial-of-service attacks, the Sept. 20 report warns.
"NOT SLOPPY." Like legitimate e-commerce, security attacks are becoming big business in cyberspace, as the robbers become better and slicker. "Because there's money at the end of the rainbow, the software [for cyber-attacks] is becoming increasingly professional," says Alfred Huger, senior director for engineering at Symantec's security response division. "This is not sloppy workmanship."
Mass attacks by hackers trying to purloin entire databases of consumer info have been declining, Symantec says. But that's little comfort to individuals who've become victims of what some are calling an explosion in targeted identity theft online. Market research firm Gartner surveyed 5,000 online consumers last March. Its findings: 30% of respondents had identities stolen online. Ninety percent of those cases were in the last year, and 70% occurred since September, 2003.
Nowadays, financial information is most likely to be stolen during online shopping. In the second half of 2003, only 4% of hacker attacks were launched at e-commerce sites. In the first half of this year, 16% were targeted at e-commerce, making it the single most assaulted industry, according to Symantec. Such growth could have chilling repercussions for online retailers as the holiday shopping season approaches.
"BOT NETWORKS." Already, John Pescatore, vice-president for Internet security at Gartner, sees a "flattening" in e-commerce because of consumer concerns about theft of financial and credit-card information. "In our survey, we found that people are no longer sure about online bill payment. Those who've been hit are less likely to accept new things," Pescatore says.
Extortion is on the rise, too, according to Pescatore. Rather than reporting it, many companies are complying with threats that their Web sites will get shut down if they don't send money to the bad guys. Typically in denial-of-service attacks, hackers co-opt legions of individual computers with always-on DSL or cable-modem connections and then marshall these "bot networks" (short for robot) to get them all to log onto an e-commerce site simultaneously, overloading the system.
Such bot network attacks were up substantially over the first half of the year, according to Symantec, from 2,000 per day to more than 30,000 daily by June, reaching a peak one day of 75,000 infections.
NO RAIN, NO PROBLEM. Although hackers are getting more sophisticated, the bulk of these attacks are preventable -- often with free software downloads, security companies say. But it's like a leaky roof in dry weather, Pescatore says -- most people don't realize they have a problem until it rains.
As financial gains for such attacks continue, consumers should take precautions such as shopping at reputable, mainstream sites with state-of-the-art security. They can only hope Harrington's Wild West analogy is an apt one. Eventually, America's frontier territories were tamed -- thanks to the law. Lacy is a reporter for BusinessWeek Online in Silicon Valley