2004 was good and bad for IT security

Experts agree: 2004 was the best of times, and the worst of times for those concerned about IT security. It was a year with high-profile arrests of virus authors, and the explosion of online crimes, from cyberextortion to identity theft, a year in which ISPs (Internet service providers) won millions in damages from spammers, and spam messages increased by 40 percent.

In hindsight, 2004 may be looked back upon as the year that a long tradition of hobbyist hackers and flashy, but harmless, viruses gave way to shadowy, professional online crime syndicates. The professionals were armed with virulent new threats designed to separate Internet users from their cash, according to interviews with leading security experts.

With that in mind, here’s a look at some of the most important technology security stories and trends of the last year:

Phishing for phun and profit

Online identity theft through sophisticated attacks known as “phishing scams” were the run-away security story of 2004, due to the explosive growth in such attacks.

Phishing scams are online crimes that use spam to direct Internet users to Web sites controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information, often under the guise of updating account information, which is then captured by the thieves.

E-mail security vendor MessageLabs Ltd. blocked an insignificant trickle of 279 such scams in September 2003. By September 2004, that trickle swelled to a flood of more than 2 million messages, according to a statement from the company. In all, MessageLabs said it blocked 18 million phishing e-mail messages in 2004.

The Anti-Phishing Working Group watched the number of reports of phishing Web sites increase by an average of 28 percent each month between July and November. The average phishing Web site operated for six days before being shut down, according to Peter Cassidy, secretary general of the group.

“Phishing has really exploded, it’s been one of the biggest problems we’ve had,” said Mikko Hyppönen of Finnish antivirus company F-Secure Corp.

Achilles, get your gun

Not since the days of Ancient Greece have Trojans been as much a part of popular conversation as they were in 2004, when an explosion in Trojan horse programs turned countless Internet-connected computers into tools for malicious hackers and international online crime organizations.

Carried on the back of e-mail and Internet worms, an eye-popping parade of back door Trojans marched onto vulnerable computers since January.

One typical example is the ubiquitous RBot, a Trojan program that spreads using a number of methods. The program can collect system information, download and execute files, launch a denial-of-service (DOS) attack, and even remotely control a connected webcam.

RBot-A, the first version of the worm-like Trojan, was identified in March 2004. The latest, RBot RN was identified on Dec. 13, according to U.K. antivirus company Sophos PLC. In just nine months, there were 480 different versions of the Trojan.

Trojan horse and backdoor programs are not new, but the rapid growth in their use in 2004 was a product of cooperation between virus writers, online criminals and spammers, said Jesse Villa, technical product manager at Frontbridge Technologies Inc.

Trojans have been silent actors in a number of high-profile crimes, including the theft in September 2003, of source code for the “Half Life 2” video game. A Trojan horse program named Banker-AJ infected computers and waited until users visited online banking sites, at which point the program logged user keystrokes and captured account information, said Gregg Mastoras, senior security analyst at Sophos.

More Trojans have also led to an increase in the number of “botnets,” distributed networks of compromised machines that act as “zombies” in spam campaigns or DDOS (distributed DOS) attacks.

“At the end of last year we knew of about 2,000 botnets. Towards the end of this year, we’re looking at about 300,000,” Villa said.

Those networks range from 100 infected PCs to networks of thousands of zombie computers, which are rented out to aspiring spammers or for targeted DOS attacks used in online extortion rackets, Villa said.

“Bots have largely gone ignored,” said Hyppönen. “You don’t see alerts on bots, however they have probably been a bigger problem (than viruses).”

Police and patches

But the news wasn’t all bad. While online crimes skyrocketed in 2004, there were also a number of high-profile arrests of those involved in cybercrimes.

In May, German authorities arrested 18-year-old Sven Jaschan, who admitted to creating and releasing the Netsky and Sasser Internet worms, and a 21-year-old German man who admitted to creating the Agobot and Phatbot Trojans.

There were other victories as well, including the June arrest of those believed to be behind the 2003 “Half-Life 2” source code theft and a September arrest of a man believed to be connected to the theft of source code belonging to Cisco Systems Inc. In October, the U.S. Department of Justice arrested 19 people in connection to an online “carding” ring that traded information about stolen identity and credit card information online.

In 2005, some combination of tougher law enforcement and tighter security is the best way to stem the tide of malicious and criminal behavior online, experts agree.

To stop identity theft, banks, e-commerce companies and consumers need to look hard at strong user authentication technology, said Sophos’ Mastoras.

“In the (European Union), banks are already moving away from static passwords. I think that will be a trend that will happen in the U.S. as well,” he said.

E-mail sender authentication technologies such as Domain Keys from Yahoo and Sender ID from Microsoft need to be broadly adopted — a move that would make life tougher for those behind phishing scams, which often use forged e-mail sender addresses to trick unsuspecting e-mail recipients, said Mastoras.

ISPs also have to begin sharing what they know about Internet attacks and compromised computers on their networks, Villa said.

“This is a long term problem and we have to work together to combat it,” he said.