Wednesday, May 10, 2006
Hackers remain steps ahead of watchdogs even as industry groups have succeeded in shutting down online criminal operations. Self-policing actions on the part of industry are a step in the right direction, but consumer awareness and education represent the best path to security against hackers, who invariably rely on their victims’ lack of vigilance.
Most malware, spyware, and viruses can ruin a computer and steal the owner’s valuable identifying information. Easy for the trained person to spot, these threats benefit from a civilian computing culture of ignorance and carelessness.
On March 8 TechWeb reported industry self-policing activities that thwarted hackers’ activities. According to the article, U.S.-based RSA Security collaborated with Panda Software, a company based in Spain, to shut down a number of Web sites that were selling readymade Trojan horse–style viruses custom-made for identity theft and other unscrupulous activities.
Typically, consumers only invite malicious code onto their computers if nobody has taught them what to watch for. While a number of companies may be well-equipped to ferret out and thwart hackers at the source, the best route for us all to take, economically speaking, is the education of end users. Policing efforts, no matter how aggressive, will always remain steps behind cybercrooks, whose tactics continually evolve.
Also on March 8, an article in the Channel Register, a publication based in the UK, described the success phishers have had with “smart redirection,” which helps phishers, who typically run multiple sites related to one spoof, to keep track of their sites’ availability. When the victim clicks on a malicious link, smart redirection figures out which of a phisher’s sites have evaded shutdown and points the doomed browsers only in the direction of sites that remain live.
Phishing tactics continue to grow in sophistication. But the fact remains that a phishing e-mail, the requisite precursor to the phisher’s criminal activity, is telltale. No reputable banking or other financial institution requests sensitive information from its customers via e-mail. Any consumer can learn to spot and avoid the facades the veil malicious code.