Organized crime is a growing threat to information security, making computing in 2005 increasingly dangerous, particularly for online businesses, security experts say.

Rosaleen Citron, CEO of information technology (IT) security provider WhiteHat Inc., says that online businesses are being targeted by "the Internet underworld" which launches an attack by as many as 10,000 zombie machines that it has acquired over the last two years. The hijacked computers hammer away at a website, preventing actual users from accessing the site. An untraceable extortion note then follows, demanding money to stop the attack, along with instructions on how to deliver the funds.

Burlington-based Citron has seen these types of attacks climb from two or three in the early part of 2004 to two or three a month by year's end. "Although maybe people are just starting to own up to it," she said in an interview.

Dean Turner, Calgary-based executive editor of the Symantec Internet Security Threat Report, agrees that there are more people looking for a way to profit from their criminal activity. "We're seeing a shift in motivation from hacking for fame to hacking for fortune," he says. "Hackers are looking for a way to line their pockets rather than digitally scribe 'Kilroy was here'.

Rosaleen Citron, CEO of IT security provider WhiteHat, discussing just one of the threats facing Internet users.

"You can expect to see increasingly sophisticated attempts at trying to get people to part with their money," Turner said in an interview.

In 2004, security breach attempts increased to several hundred a day, Citron says. "Cyber criminals are out on the Internet using automated means of looking for addresses they can get into."

WhiteHat, which has its headquarters in Burlington, as well as offices in Montreal and Williamsville, N.Y., provides businesses throughout North America with security services, education, and commercially available and open-source products. Its busiest service is assessing companies' vulnerabilities to cyber crime.

Symantec provides a broad wide range of information-security software and services for enterprises, as well as the Norton brand of consumer security products. Its Canadian headquarters is in Toronto, with offices in Montreal, Ottawa, Calgary and Vancouver.

There will be more sophisticated and dangerous cyber threats in 2005 than in 2004, Citron says. She adds there will be more viruses that include a Trojan horse, dropping a program that may sit dormant for several months and then suddenly attack a hard drive or start sending data to an unknown source. Citron also worries about the abundance of Trojans that do not attack their host computers but use them to launch denial-of-service attacks.

Adware (advertising software installed without the user's knowledge that causes ads to pop open) and spyware (software that sends information about web-surfing habits to its website) represented the top threats in 2004, according to intrusion- prevention solution provider McAfee Inc. The company's antivirus and vulnerability emergency response team detected more viruses in the first six months of 2004 than in the previous two years combined, fuelled by virus writers competing to inflict the most damage.

The latest edition of the biannual Symantec Internet Report says that during the first six months of 2004, the number of monitored "bots" escalated to more than 30,000 computers from less than 2,000. Bots, short for robots, are software programs that take over a computer and by imitating human computing activity, turn it into a zombie host as part of a network for malicious uses such as denial-of-service attacks on e-commerce websites.

In 2004, Canada accounted for five per cent of the worldwide bot network, ranking us fourth in the world, Symantec's Turner says. The three top bot network countries will be revealed in Symantec's March report.

Vancouver was the top city in Canada for bot network-compromised systems with 17 per cent of the country's total bot network population, Turner says. Toronto has 13 per cent, Calgary 11 per cent, Edmonton eight per cent and Montreal seven per cent.

Using deceitful e-mails and fake websites to fool recipients into divulging personal financial information also is expected to become more frequent and sophisticated. Known as phishing, these attacks jumped by 28 per cent per month from July through November 2004, according to the international Anti-Phishing Working Group, which reported the results on the Symantec website.

Citron equates phishing attacks to a front-door knock because people open willingly. "They are told that somebody has touched their credit card and they want to verify that there isn't any issue.

"Spam, malware and Trojans are your back door," she says. "These come at you from every direction. Even a mid-sized or small business has to make sure they have their antispam, antivirus, personal firewalls if possible. If they've got people on the road, make sure all that is on their notebooks.

"The tools should overlap," Citron says. "It's like having a lock on your front door, an alarm system and a guard dog to protect you."

Turner also expects adware, spyware and phishing are going to continue to be at the forefront in 2005 with more attacks targeted at the desktop or applications such as web browsers. "They are so sophisticated that you could be cruising a website and think it is perfectly legitimate, but you've downloaded a piece of malicious code on your desktop," he says.

Cellphones and wireless devices with operating systems to receive e-mail and surf the Internet will become a much larger target for attack as they become widely accepted, says Jack Sebbag, McAfee's Canadian vice-president and general manager.

Cellphone viruses have already struck Europe and Asia where cellphone usage is greater than in North America, he says. "One virus in Asia caused infected phones to dial the equivalent of our 911 service repeatedly. It caused the 911 service to shut down, clean it up and start up again. In Europe, an annoying worm caused affected phones to freeze," Sebbag says.

Information security is a profitable business for companies offering tools to combat cyber crime. Symantec Corp., for example, announced record revenue and earnings in January. The company, based in Cupertino, Calif., posted $695 million US in revenue for its fiscal third quarter ended Dec. 31, 2004, a 41-per-cent increase over the same quarter in 2003. Earnings per share were 22 cents, a 38-per-cent increase from the year-ago quarter.

Sebbag says McAfee's largest growth area is proactive technology such as that used in its IntruShield network management and Entercept hosted intrusion- prevention products that detect and block anomalies such as those that a worm would create in information coming over a company's data network.

Husky Energy Inc. uses McAfee antivirus, intrusion prevention and firewall products to proactively protect its users from the transfer of malicious threats and quickly identify non-compliant machines. The Calgary-based company says McAfee's VirusScan Enterprise and ePolicy Orchestrator eliminated daily infections by viruses or malicious code and during three months saved one person-month - as well as the costs of any outbreak.

Citron says an antispam, antivirus service costs about $4 or $5 a month per user. "The cost to rebuild your server and fix up every one of those desktops that have been infected is 10 times more than what they would pay for a service like that and they would keep working," she adds.

Some estimates of the costs of security breaches run into the billions. One way to determine the return on investment of information security is to consider the cost of downtime.

Speed is another cyber crime issue. Symantec estimates it now takes about 5.8 days between the release acknowledging an operating system vulnerability and a program designed to exploit that vulnerability. That's not enough time to receive and test software patches, Turner warns.

As a result, companies need to implement existing security technology across all tiers to protect critical application data and devices. Providers of security products are doing their best to stay ahead of the curve, and some industry watchers suggest the lack of a major crippling virus outbreak for many months indicates success.

However, the next wave of viruses is expected to be more dangerous. And fast.

"If a virus hits Helsinki at 6 a.m. their time, it's going to be ready to go on your machine as soon as you set foot in your office early morning in your time zone," Citron says. "Viruses spread so fast that an eight-hour delay between Helsinki and our East Coast means the viruses are locked and ready to launch when Canadians start their work day."

Citron recommends antivirus products that push down the updates so they are kept current. "In the last month, over 50 viruses, including malware drops, Trojans, viruses and worms, have been launched that have actually affected systems. The antivirus companies are on top of this," she says.

"The threat continues to evolve," warns Sebbag. "Don't get complacent."

FACT BOX Top Canadian cities for bot network-compromised systems, with percentage of Canada's total bot network population:

* Vancouver 17%

* Toronto 13%

* Calgary 11%

* Edmonton 8%

* Montreal 7%

Top source countries for Internet security attacks for the first six months of 2004:

* U.S.

* China

* Canada

* Australia

Source: Symantec Internet Security Threat Report

Web watch: www.whitehatinc.com
www.mcafee.com
www.symantec.ca

(Susan Maclean can be reached at s.maclean@businessedge.ca)