Identity theft on the rise
SECURITY EXPERTS WARN that many of the threats that faced computer users last year will continue or escalate this year, offering users no respite from what’s been described as a deluge. Chief among security threats is “identity theft” – where criminal elements use access to personal information, often accessible online or on a user’s PC, to impersonate people and commit fraud.
Though not a new phenomenon, the scale and inventiveness of attacks are on the rise. Despite that, as well as a long history of computers being attacked and information being lost due to viruses and other malicious software – dubbed “malware” – users are still not adequately protecting their systems.
Les Stevens, South African analyst at US-based research house Gartner, says while people do install anti-virus and other security software when they first buy their PC, they tend to not update it, making it less effective over time.
Stevens says while most of SA’s banks offer free anti-virus software to their clients, the take-up has been low, indicating that people aren’t taking security seriously.
Uwe Martin, technology specialist at security vendor CA, says the anti-virus systems people were using just a few years ago are inadequate to protect them from current threats. “Rather than software that simply protects against infection – as classic anti-virus software does – users now need more sophisticated services that take much of the decision making regarding what’s risky content out of the hands of the user and put an automated system in charge.”
Martin says the sheer number of sites makes it impossible for humans to discern between safe and dangerous ones, while software is capable of sorting the good from the bad. So malware authors are now focused on activities that can be used for commercial gain. To achieve that, they use technology called “bots”. “The objective of attacks is to gain access to sensitive information of both a personal and corporate nature,” Martin says.
Some of the information gathered about individuals may be credit card or banking information. In the corporate sector the focus is likely to be on sensitive company information that can be sold to competing organisations, giving them a competitive advantage.
The concept of identity theft is gaining increasing prominence internationally. With high profile personalities, such as TV presenter Jeremy Clarkson, falling foul of fraudulent activity – albeit a direct result of Clarkson publishing his banking details in a national newspaper and daring people to extract money from his account – the public perception of risk is gaining prominence.
Stevens says while identity theft in SA is much more likely to occur at your local restaurant when your credit card is being used, the need to protect yourself online is nonetheless pressing.
Part of the risk that both Stevens and Martin highlight is the amount of personal information that Internet users post on social networking sites, such as Facebook. Martin says that information can be used as part of a broader identity theft strategy, and people should exercise caution when deciding what information is made available in the public realm.
The one area of concern among security experts is that the recent loss of large amounts of personal information – such as two CDs containing child benefit information in Britain being lost – could expose many more people than before.
Stevens says while that information may not be used to target individuals, it could be restructured to form the basis of a mass mailing list that could be sold.
What is a bot?
A BOT IS A SMALL piece of software installed without your knowledge on your computer to make its facilities available to the person/people who created the software.
While viruses previously were designed to do as much damage as possible, bot creators aim to avoid detection. This software collects personal information about the PC’s owner and infects other computers with the software. Once there are enough PCs infected with the software, it creates a super computer that can be used to launch an attack on targets that would be able to resist lesser attacks.
That could be used to gain access to secure networks to steal confidential corporate information or simply disrupt the company’s operations.
Finweek
Loading ...