Cybercrime Worries Americans, With Good Reason

Americans who use the Internet are most fearful of Social Security and credit card numbers being stolen by criminals, according to a survey by Harris Interactive, while Gartner Group research found their concerns quite befitting.

The Harris Interactive survey was commissioned by Web security software firm Sanctum Inc. It found that Americans believe the Internet is the place where their personal information is most vulnerable (41 percent), followed by dishonest phone order agents, which run a distant second (19 percent).

More than 40 percent of the 2,951 U.S. respondents were most concerned about Social Security numbers falling into the wrong hands, followed by credit card information at 29 percent. The results remained essentially the same across most educational and income levels, although those with a high school degree or less and those whose household income was $35,000 or lower were the least likely to trust the Internet.

A survey by the Pew Internet Project found that Americans are deeply worried about criminal activity on the Internet. Eighty-seven percent say they are concerned about credit card theft online; 82 percent are concerned about how organized terrorists can wreak havoc with Internet tools; 80 percent fear that the Internet can be used to commit wide scale fraud; 78 percent fear hackers getting access to government computer networks; 76 percent fear hackers getting access to business networks; and 70 percent are anxious about criminals or pranksters sending out computer viruses that alter or wipe out personal computer files.

Americans’ fears about Internet-based crime are more than paranoia, according to a study by Gartner Group. Gartner predicts at least one incident of economic mass victimization of thousands of Internet users will occur by the end of 2002. Gartner expects the perpetrator of this world-scale, Internet-based theft to remain undetected due to lack of adequate preparation by international law enforcement officials.

“Converging technology trends are creating economies of scale that enable a new class of cybercrimes aimed at mass victimization,” said Richard Hunter, Gartner Research Fellow. “Using mundane, readily available technologies that have already been deployed by both legitimate and illegitimate businesses, cybercriminals can now surreptitiously steal millions of dollars, a few dollars at a time, from millions of individuals simultaneously. Moreover, they are very likely to get away with the crime.”

The economic value represented by cybercrimes will increase by two to three orders of magnitude, by 1,000 to 10,000 percent, through 2004, Gartner found. This massive cost will result from the combination of inadequate cyber law enforcement, increasing opportunities for cyber-criminal activities, and increasing awareness of those opportunities among criminals at all levels.

Gartner’s study also found that law enforcement funding will likely remain inadequate to police cyberspace through 2004, noting that the annual U.S. budget for funding cybercrime-related training, investigation and enforcement is unlikely to exceed 1 percent of the overall Federal law enforcement budget. Internationally, Gartner found that attitudes toward cyber law enforcement vary widely and are inconsistent from country to country, further complicating attempts by police to enforce the laws that do exist.

One factor that increases the likelihood of mass victimization attacks is the presence of skilled technologists in regions with depressed economies, who may find it difficult or impossible to gain lucrative legal employment. Skilled technology workers from Eastern Europe were behind recent attacks against both Microsoft and a number of commercial enterprises in the United States.

“This new generation of perpetrator won’t be firing off warning shots,” Hunter said. “In the event that a mass Internet victimization scenario strikes, none of us — not even the vendors of antivirus software, or those of us who regularly perform upgrades to our antivirus software — will be able to detect malicious code or a virus absent such overt signals. All computer users on a network must take precautions against intruders gaining a foothold.”

Gartner suggests that consumers should protect themselves by installing a person firewall on computers with Internet access; take precautions to monitor all financial transactions frequently; disable any active content functionality in your browser (such as ActiveX and Java); disable peer-to-peer networking in any Internet-connected machine; and use a credit card with a low credit limit exclusively for use for Web purchases.

Related reading