Experts: Cyber-crime bigger threat than cyber-terror
By Michael Coren
(CNN) -- As David Perry left a cyber-security conference in Luxembourg in 2004, an airport terminal handling international flights was in chaos.
A network worm known as Sasser was scorching the world's computer systems and had knocked out the airport's reservation desk, stranding delegates in the terminal.
In a fable for the information age, conference attendees, among them some of the world's foremost computer security experts, flipped open their laptops and reopened the terminal in a matter of minutes.
The paradox of the Internet -- a worldwide computer network designed by visionaries and scientists succumbing to spam and other malicious code written by teenagers -- riles computer security experts.
"We actually have people abandoning using their computers because it's just too much trouble," said Perry, global director of education for international computer security company Trend Micro.
"If that's the case, if it's too much trouble to use the system, then certain changes need to be made."
Following the September 11 attacks, fears that terrorists would open a new front in cyberspace spurred Congress to appropriate billions of dollars to improve the security of the nation's electronic infrastructure. The government accelerated a process already under way to defend the most critical systems from attack -- sometimes physically disengaging them from the outside world, computer experts say.
In contrast, commercial and private computer networks are increasingly vulnerable.
Fundamental reforms are under way to secure the Internet, not necessarily from terrorist attack but from disruptive programs and e-mails that are crippling the system. A new generation of hardware, built directly into the Internet's backbone itself, can stop viruses and malicious software in its tracks.
"The terror we're facing is the terror of spam, the terror of spyware, the terror of network worms, but nothing associated with a nation-state," Perry said.
"Although I am sure terrorists and secret agents use computers and computer hacking tools for purposes of espionage and sabotage, I don't think cyber-terrorism is quite the threat that we imagine it's going to be."
Although the threat of cyber-terrorism exists, the greatest risk to Internet communication, commerce and security is from cyber-crime motivated by profit, Perry said.
The Software Engineering Institute, a federally funded research center at Carnegie Mellon University in Pittsburgh, Pennsylvania, reports that electronic assaults are growing more sophisticated -- and lucrative.
Attacks have evolved from cracking passwords into vast coordinated attacks from thousands of hijacked computers for blackmail and theft.
"Attacks against Internet-connected systems have become so commonplace that reports of the number of incidents provide little information [about] the scope and impact of attacks," reported the institute's CERT Coordination Center last year.
The center stopped tracking such incidents in 2004 after the number rose from 3,734 in 1998 to 137,529 in 2003. CERT stands for Computer Emergency Readiness Team.
Yet those figures account for only the attacks that are reported.
"Many companies still seem unwilling to report e-crime for fear of damaging their reputation," Larry Johnson, special agent with the Criminal Investigative Division of the U.S. Secret Service, was quoted as saying in the report.
"The technology and resources are there to effectively fight this. We just need to work smarter to do this," Johnson said.
Seventy percent of organizations surveyed by CSO magazine, a publication for security executives, reported at least one crime or attack during 2003.
Respondents estimated the damage at about $666 million, the magazine said. Forty-three percent of the organizations reported they had more intrusions in 2003 than during the previous year.
'Like testing doorknobs'
"There are so many machines connected to the Internet, you will see ... attempts to sweep a whole range of Internet addresses looking for hosts that have weaknesses," said John Curran, chief technology officer of ServerVault, a firm offering secure computer services. "It's like testing doorknobs."
Most programs are not inherently destructive. They are just poorly written code designed to spread without erasing data or crashing computers. But their voracious infection rate overwhelms computer networks.
Today's computer plagues spread virtually instantaneously.
In 2003, the fastest computer worm in history -- the Sapphire Worm, or Slammer -- broke out.
Within 10 minutes of the first infection, Slammer had reached 90 percent of the world's vulnerable hosts, doubling in size every 8.5 seconds, according to computer scientists at CAIDA, the Cooperative Association for Internet Data Analysis, and other research groups.
It caused network failures, canceled airline flights, interrupted elections, and crashed ATMs. And it could have been much worse.
"It is important to realize that if the worm had carried a malicious payload, had attacked a more widespread vulnerability, or had targeted a more popular service, the effects would likely have been far more severe," the researchers reported.
"There is no conceivable way for system administrators to respond to threats of this speed."
So, security experts are designing automated defenses.
The anti-virus software, routinely updated by companies' programmers, is being replaced by dedicated hardware that regularly scans networks for hostile programs and unusual traffic patterns signaling an attack.
Internet service providers, the main conduits for Internet traffic, are cooperating with customers to detect and prevent the spread of network worms.
"The threats out there are all manageable," Curran said. "We don't have a silver bullet against any of them, but there is nothing that can't be overcome with good practices."