Dec. 28, 2007 at 9:00 AM ET
There was no Melissa virus in 2007, no LoveBug, no computer worm that brought corporate America to its knees for an afternoon. In fact, many experts suspect the days of that kind of cyber-havoc are over.
Today, cyber atttacks are more stealthy -- and much more successful. If 2007 offers any hints of what’s to come, technology users will face a much wider spectrum of attacks next year. Their identities will be stolen, their computers will be hijacked, and probably, their handheld gadgets will be targeted like never before. Social networks will be a prime target for criminals, and cyber-spying may very well come of age.
Below you'll find a list of things tech users should worry about next year. But first, a quick recap of this year's techno-crime.
Massive data leaks grabbed the biggest headlines in 2007. In January came news that retailer TJ Maxx had suffered a serious hacker attack, and word eventually trickled out that nearly 50 million credit and debit cards were put at risk by that incident. Toward the end of the year, the British government had to admit it lost data on nearly half its population. And in between, the amount of data lost on U.S. residents eclipsed 215 million records, according to the Privacy Rights Clearinghouse. Sometime in 2008, I can safely predict, a piece of data will be reported lost for every single U.S. citizen, an astonishing number.
More astonishing? Not much will be done about it.
But while data leaks might be troubling, there’s another technology headache that caused far more damage last year -- the attack of the (ro)bot armies.
This was a devastating year for many home computer users, and most people probably don't even know it. Vint Cerf, a founding father of the Internet, said in January that perhaps one-quarter of all PCs were infected with a computer virus, or "bot," that gives a hacker total control of their machine. There is some dispute about the total number of infected machines, but there’s little disagreement that tens of millions of users are infected -- meaning at least one computer on your block right now is doing the bidding of a criminal.
Meanwhile, millions of consumers fell for phishing e-mails. Gartner's Avivah Litan released a study in December suggesting that U.S. consumers continue to fall for fake e-mail at alarming rates, losing $3 billion in the process.
How could cybercrime be committed on such a massive scale? Millions of infected computers, billions of dollars? Simple: the real story this year is the increased professionalism of cybercrooks. In fact, an entire new industry has formed around phishing and viruses, says Symantec researcher Vincent Weafer – cybercrime customer support.
Russian hackers are now writing software that automates many attacks. A program named “Mpack” lets malicious programmers create viruses that infect home computers with a few mouse clicks. Software called “Rockfish” automates creation of phishing campaigns. Both sell for hundreds of dollars, and even come with support contracts. And both, Weafer says, allow hackers to profit off cybercrime without ever having to get their fingers dirty with actual theft.
"The top three automation tools accounted for about 40 percent of all phishing e-mails in 2007," Weafer said.
So if 2007 was the year of the automated theft, the ‘bot armies and more phish than an aquarium, what does 2008 have in store? Here are some predictions for high-tech crime and other tech troubles in the New Year.
1) More targeted phish
Criminals are refining their attacks in other ways. They've learned that the more personal a fake e-mail is, the more likely a consumer will fall for it. You probably won't answer an e-mail from a credit union where you don't have an account. But if the e-mail is addressed to you, indicates your home town, and comes from your bank, you just might fall for it. Also, studies have shown men are much more likely to fall for e-mail trickery that comes from women. Expect much trickier phish next year.
2) Social networking attacks
Criminals have been probing MySpace and Facebook for a while now, looking for ways to take advantage of the huge audiences these sites command. So far, both firms have contained such attacks, in part because their closed networks are hard to inject with malicious code -- and attacks are easy to stop once they happens. But as third-party tools and applications become more popular, Facebook and MySpace attacks will become much easier.
Still, even if there is no noteworthy “Facebook virus,” criminals already make extensive use of social networking sites, says Weafer. Using tools borrowed from marketing gurus, computer criminals are now building extensive databases with potential victim profiles (for use in targeted phishing attacks, for example). Social networks are the perfect place to do such research, and once again, automated tools have been developed for just that purpose. Software “scrapes” social networking sites, depositing tidbits into a database for use in later social engineering tricks, Weafer said.
3) Cell phone attacks
For years, experts (doomsayers?) have predicted a cell phone virus would eventually be created that would rampage through the world of mobile handsets. It hasn't happened, largely because cell-phone software and hardware vary so much; uniform PCs were always a much easier target.
But with the continued adoption of smartphones, which use software that works much like traditional PC software, most experts think it's only a matter of time before cell phones suffer a full-fledged attack.
"All devices hooked up to the network will become equal opportunity targets very soon," warns David Smith, vice president of research firm Technology Futures Inc.
4) Nation-state attacks
You might have missed this story because it didn't involve the U.S. government, but a remarkable thing happened earlier this month, according to the Times of London. The secretive MI5 agency sent warning letters to 300 banks saying they should be on the lookout for Chinese hackers. Cyberspies had already attacked Rolls Royce and Royal Dutch Shell, the newspaper said.
British officials never confirmed the report, but earlier in the year had issued more general warnings about cyberattacks.
It certainly wasn't the only reported incident of cyberwar last year. In the most notable event, Estonian officials in May blamed the Russian government for disabling its Web sites after a political scuffle between the two nations.
As with any such accusations, it's nearly impossible to confirm who was behind these attacks. But Smith, thinks the long-promised Cyber Cold War may finally be emerging.
"(Next year) will see a continuance of such attacks by China on Western governments and industry," he said in his annual list of technology predictions. "More penetrations of government agencies and labs will be uncovered and publicized."
Dramatic attacks on infrastructure are not likely; rather, these attacks will be more subtle and focused on information-gathering, he said. "They are basically data mining, or spying."
5) More interruptions, more lost sleep
Lost in all the discussion about child predators online is the much more widespread problem parents face: sleepless kids who stay up all night IM'ing friends and posting pictures instead of doing homework. Teachers report more sleepy students than ever, and with the addiction that is social networking, the problem will only get worse. So will its adult version, the CrackBerry addiction. Basex Inc. recently estimated that endless interruptions from our gadgets costs the U.S. economy $650 million last year. That estimate is a bit goofy, but I'm sure we’ve all had a conversation with someone who’s distracted by e-mail or texting. How can we put a price tag on the fact that we're all starved for undivided attention? As e-mail phones become ubiquitous, the problem of divided attention will only increase.
6) More bots
Finally, just because we've already talked extensively about the problem of bots doesn't mean it can’t get any worse. In fact, it will. Virus writers are so good at their craft now that they can take control of a home computer, use it to commit crimes or send out spam and never be detected. As long as consumers are unaware that they are accomplices to a crime, they won't do anything to stop it. Despite a few high-profile arrests and a concerted effort by the FBI to stop the problem (the “Bot Roast”), criminals will control more computers than ever next year.
What do you think will happen next year? Share your thoughts below.