Quoted Text

FBI: New Internet Threat Growing

Monday, March 24, 2008 8:29 AM
By: Ronald Kessler       

Criminals who seize control of tens of thousands of home and office computers through what are known as "botnets" are a dramatically growing threat, Shawn Henry, deputy assistant director of the FBI’s Cyber Division, tells Newsmax.

Even hospitals and police departments may be at risk from the threat.

Since last spring, the FBI has arrested 11 individuals who allegedly infected and commandeered 1 million personal computers and turned them into robots that did their bidding, Henry says.

While the FBI has been making inroads, the number of such cyber crimes grows alarmingly each year, costing tens of billions of dollars. Consumers need to take preventive measures to minimize the danger to their computers.

Besides technical precautions like using antivirus programs, spyware protection programs, and firewall programs and keeping them updated, Henry advises computer users to think of the Internet as they would a dangerous neighborhood where their personal safety may be threatened.

“If you’re walking in a neighborhood that’s a high crime neighborhood, you have to be aware of your surroundings,” Henry says. “You don’t walk looking at your shoes and walk straight ahead. You’re aware of what’s going on. You’re looking ahead, you’re looking to your side, you hear somebody who’s walking behind you and you’re going to turn your head.”

It’s the same with the Internet.

“If you receive a communication from somebody you don’t expect to hear from, and it’s got an unusual attachment, you probably shouldn’t open it, even if it’s been scanned,” Henry says. “You’ve just got to be more aware than you would be normally.”

A botnet — short for robot network — allows a criminal to seize control of any number of computers by introducing malicious programs like spyware, viruses, worms, or trojan horses into each computer through its Internet connection.

With a single command, the master of the computer network can have each of the slave computers contact a particular computer network, bringing it down because of the sheer demand on its ports. That can cause a company to lose millions of dollars in business. If the target is a police department or hospital, shutting down its computer system can jeopardize public safety or health.

In addition, slave computers can be used to compromise still more computers for the botnet or to engage in phishing schemes, inducing people to give up their personal information in response to phony emails supposedly sent by banks.

“The bad guys who control such networks have harvested hundreds or thousands or tens of thousands of pieces of information,” Henry says. “That includes people’s user names and passwords for their brokerage accounts, people’s pin numbers for their bank accounts, and people’s tax records.”

To harvest information, a cyber criminal might send a million spam emails.

“If one half of one percent of the people respond, they’ve got some good numbers to work with,” Henry says.

Once a computer is compromised, a criminal can retrieve any information from that computer. A computer user may have no clue that his computer has been compromised. Or the victim may notice slower response times or a cursor that is erratic.

Beginning last spring, the FBI decided to cluster announcements of key indictments of alleged botnet operators to create more publicity. The crackdown was called Bot Roast I and II.

“We wanted to have a deterrent effect on people who are using botnets to let them know that regardless of where they reside in the world, we’re looking for them, because we’re coordinating very closely with foreign law enforcement,” Henry says. “Also, it was important to us to raise the public’s awareness about the dangers of botnets. It’s important for computer users to understand that they’ve got to take certain measures in their home. They are the first line of defense.”

Besides installing up-to-date spyware and antivirus programs, “Having a firewall in place that assesses the traffic going in and out of a computer automatically is important,” Henry says.

Henry advises computer users to choose passwords that have upper case and lower case letters as well as numbers. Using symbols in a password is also a good idea if allowed.

Passwords should be changed periodically. While ideally a different password should be used for each account, computer users need to be realistic. Writing down all the passwords and keeping them in one place obviously is not a good idea, Henry points out.

“What we’ve seen via the Internet is groups of people who are collaborating online to commit crimes,” Henry says. “They never know their co-conspirators’ true names. They don’t know where they live, but they all have a skill. In the virtual world, it’s done virtually, collaborating online without anyone actually knowing each other.”

If determined enough, sophisticated criminals can penetrate any computer, Henry says.

“But taking the right precautions makes it more difficult,” Henry says. “And the higher you can raise the bar, the better off you are as a consumer.”