The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
35°F
Current Conditions
Mist
View complete weather report

Color Scheme

Subscribe now

Hackers are finding more targets

Elise Ackerman San Jose Mercury News

SAN JOSE, Calif. – It was the year when cybercriminals targeted everything from MySpace to Wikipedia, and even a Web site maintained by a Kentucky Boy Scout troop wasn’t safe for casual browsing.

Computer security experts said 2006 was also the year that hacking stopped being a hobby and became a lucrative profession practiced by an underground of computer developers and software sellers.

Like true business people, bad guys not only broadened their reach by attacking popular social networking sites, they also diversified their product line by launching attacks through popular software applications like PowerPoint and Adobe Reader and expanded their activities overseas.

Software makers who try to stop online crooks say they are bracing for a new level of nastiness in 2007, including malicious Web sites that are booby-trapped with software that automatically loads itself onto machines of users who just visit a site.

“Hackers realize they have a limited time before their attacks are blocked, so they are opening up their arsenal and trying everything possible,” said Yuval Ben-Itzhak, chief technology officer of Finjan Software, an Internet security company headquartered in San Jose.

Alex Eckelberry, president of Sunbelt Software, predicts attackers will target Windows Vista, Microsoft’s new operating system. “The problem is Microsoft has thrown down the gauntlet and said, ‘We have a secure operating system,’ ” he said. Eckelberry, whose company is developing software for Vista, said his developers have already found bugs – an indication that the software could be vulnerable.

Microsoft has already acknowledged one Vista flaw. Meanwhile, the criminal underground has begun peddling information about Vista’s vulnerabilities – one of the many ways that unscrupulous programmers have found to profit from their expertise.

Other scams include combining a traditional pump-and-dump stock scam with the takeover of online brokerage accounts and renting out vast networks of zombie computers, known as botnets, to other digital desperados.

Last month, a German court sentenced two men to serve three to four years in jail for infecting more than 100,000 personal computers with trojan software that forced the machines to make long-distance phone calls. Prosecutors believe the men made more than $15.8 million from the premium-rate dialing.

“The first viruses were nothing but mischief,” said David Moll, chief executive of Webroot Software. “Now that there is money to be made, it has changed the game entirely.”

“Cybercriminals are now more creative, organized and business savvy,” according to a recent report from Websense, a San Diego computer-security company.

“True ‘companies’ have emerged, producing and selling toolkits and developing business-partner programs that enable less-technical, ‘traditional’ criminals to steal data and make money – lots of it.”

It used to be that the biggest cyberthreats came from e-mails infected with pernicious worms and viruses. No longer.

According to Ben-Itzhak of Finjan Software, the Web itself is spreading infections, thanks to tens of thousands of sites carrying code that is designed to let an outsider steal information from someone’s computer. Some of the code is designed so that it automatically downloads itself the minute a user accesses a Web page. Other sites prompt a user to accept what seems to be legitimate software but is actually a malicious program.