Security and Crime News
Cyber-crime and punishment: Nefarious characters roam the wild, wild Web
NORRISTOWN - January 12, 2005 - The Internet gives millions of people faster access to more information than at any time in human history. A few mouse clicks enables online users to buy a best-selling book, bid on baseball memorabilia or book a flight to Bora Bora.
The global system of linked computer networks has revolutionized the way people communicate with friends and family and the way they work, shop and play. According to America Online, some portion of its online subscriber membership - which totals 35 million - sent a staggering 1.5 billion instant messages Monday.
"The Internet is a pretty dirty place," he said. "If you hook up a personal computer to a modem, you have about 20 minutes before something infects it." Once the province of engineers and the technically savvy, today millions depend on Internet connections to send e-mail, pay their bills, bid in online auctions or download files of nude models.
As of July 2004, there were 201.6 million Internet users in the United States, according to Nielsen Ratings service, about 69 percent of the U.S. population. But security experts warn Internet users that cyber-bad guys - hackers, crackers and con artists - are lurking in the virtual shadows to find a "back door" into unsuspecting users' computer systems.
A hacker using network "sniffer" software can spy on network traffic that might include someone's computer user name, password and Internet protocol, or IP, number that would give the hacker access to computer systems and possibly financial information.
Most instant messages are not encrypted, which makes it easy for sniffers to eavesdrop on conversations. Spyware, software that gathers information about online users as they navigate the World Wide Web, is often bundled into software and downloaded unwittingly by Internet users.
Other cyber-saboteurs deface Web sites. Someone sabotaged the U.S. Department of Justice's page by writing "United States Department of Injustice" and inserting a swastika.
Other cyber-criminals engage in "spoofing" by creating phony look-alike Web sites that appear to be a well-known company's actual homepage. Their scam aims to fool people into disclosing confidential information that can then be used illegally. To make a spoofed site appear legitimate, the scammers typically recreate a site's familiar graphical interface and logo.
Most online e-commerce sites use encryption to prevent criminals from capturing and deciphering consumer credit-card account information. Once someone's personal information is stolen, the identity thief can go on a spending spree and ruin the victim's credit rating.
A padlock icon that appears in the lower right corner of an Internet vendor's Web pages lets users know their sales transaction will be encrypted and thus secure. However, criminal hackers have been known to fake the padlock icons as well and steal consumers' credit-card account information.
Unsolicited e-mail, or "spam," is the Internet equivalent of "junk mail" and every bit as irritating. Often, online subscribers open their mail to find dozens of spam e-mails crowding out their e-mail directories' legitimate messages.
Typically "spammers," the bane of all online subscribers, try to bait users into falling for "get rich quick" schemes or other scams.
Even technically unsophisticated hackers, called "script-kiddies," can wreak havoc with computer networks by running automated programs they've downloaded from the Internet. Often these hackers are teenagers. "If you can operate a mouse, you can launch an attack," Hawk said. He likened the World Wide Web to the lawless Western territories of America's 19th-century past. "The 'www' stands for the wild, wild West," he said. "They haven't yet put a corral around it."
Not surprisingly, the auction site's meteoric rise has attracted scam artists. In 2003, Internet auction fraud topped the list of complaints reported to the FBI's Internet Crime Complaint Center (IC3).
"The message was from the thief," he said. After contacting PayPal, the Ridley Township resident concluded som eone had snatched his PayPal personal identification number. "Once they have the password, they can do anything to transfer funds," he said.
The Lower Gwynedd man bid $2,301.99 on the train set, but a late bid was submitted for about $2,500, Laver recalled. However neither bid reached the seller's reserve amount of $3,000 - a threshold value acceptable for a sale - so the seller closed the bidding.
This independent haggling by sellers and prospective buyers following auctions is commonplace, Laver said. "There's a lot of deal making outside of the bidding," he said. "Buy you take a risk if you deal outside of eBay." The offline negotiating strategy also saves the seller from having to pay a 4-percent fee to the auction company. But the man Laver believed was the seller was actually an imposter. However, Laver wasn't suspicious yet.
But when the con man called Laver repeatedly on the telephone to ask if he had wired the funds, he began to get suspicious.
"So I held off a day," he said. Eventually, Laver contacted the original seller through e-mail and figured out the solicitations were a hoax. Laver admitted he nearly fell for the scam. Now he's wiser and has set a limit on his PayPal account.
In 2003, eBay saw a rise in "phishing" scams that involved con artists sending e-mails purportedly from the auction company threatening to suspend customers unless they updated credit-card information. Online service providers and vendors advise customers not to give anyone a personal password or PIN under any circumstances.
Shaking consumer confidence
"We get complaints in the hundreds," Special Agent Chris Wilk said. "But we very rarely get involved." Instead, the federal law-enforcement agency focuses its substantial resources on corporations that have monetary losses of $200,000 or more.
Though FBI Special Agent Norm Sanders admitted consumer fraud is a significant problem for consumers, he said purchasing merchandise with a credit card online is no more risky than a cardholder buying from a retail store in the King of Prussia mall.
"In the department stores, a credit card (authorization) goes through the same customer database as it does online," Sanders said. "If somebody does hack that database, they'll get your information anyway."
© J. R. Roberts, Security Strategies