Let’s face it! For the average unsuspecting user, the Internet can be as perilous as a back alley in Baghdad. Creators of the Internet never anticipated it would become a place where danger lurks. In the beginning, it was the province of collegial users in academia and the Department of Defense. In the mid-1990s, however, following the invention of the World Wide Web, the Internet was thrown open to consumers around the globe. They embraced it excitedly, first as a fad, then as a convenience. It is now virtually a necessity.
The Internet has revolutionized advertising, the delivery of news, and personal messaging and will communications, supplanting direct mail and letter writing. We use it to do our information gathering and our buying of everything from groceries to antiques. It is on the brink of changing how we pay our bills and how we do our banking—once a foolproof method of protecting it from cheats and scammers is developed.
But, like everything else of value in this world, the Internet quickly attracted the attention of clever criminals. Yes, we said criminals. Before long, the trusting and gullible who innocently flocked to the Internet like sheep waiting to be sheared, found themselves shorn of everything ranging from their names and identities to the entire contents of their bank accounts.
The Internet’s Hidden Hazards
The Internet today is a libertarian’s dream—and an unsuspecting user’s nightmare. Anything goes, and because of the ability of computer software technology to morph quickly to match countermeasures, there is little that can be done about it. Most computer users are living in a fool’s paradise, unaware that their formerly friendly computerized world has been usurped by a criminal conspiracy.
Viruses can now take control of home computers to circulate vast numbers of e-mails and swindle unsuspecting recipients. Because the e-mails were sent unwittingly by persons unaware that their machines had been infected, it is almost impossible to trace their originators, many of whom are in Eastern Europe, Ukraine and Russia, virtually beyond the reach of international law enforcement.
Internet criminals inhabit a shadowy cyberspace underworld—a tight milieu of linked criminal sites and networks. Here they deal in data-mining software that can detect card numbers, and scanners that can pluck credit card or debit card numbers and PIN numbers from vulnerable ATMs. On these sites they trade stolen credit card and bank account numbers. Here they buy and sell the tools with which to forge credit cards and create viruses and other malicious software (called “malware”) with which to infect computers.
To these thieves, each “live” name and credit card number can be worth from $14 to $18—but that only makes up a small part of the income from illicit computer enterprise. Last year, identity theft alone defrauded consumers and businesses out of more than $49 billion. Computer users are still being victimized in scams utilizing spurious “phishing” e-mails seeking information about their bank accounts or credit cards, often under the impression that they are responding to a legitimate inquiry. Despite better consumer education about computer crime, the chances of a person becoming a victim today are still about one in four.
A crude but nonetheless credible parallel would be to compare use of the Internet with personal sexual activity. Thus, if you abstain from sex and remain “chaste” (i.e., use your computer only as a word processor to type traditional letters or a book manuscript), you will have nothing to worry about from computer infections. But venture on the Internet, today the technological equivalent of promiscuous behavior, and you risk acquiring a number of unanticipated complaints that will bring dire consequences with them.
Spam—Not User Friendly
Spam, the Internet equivalent of junk mail, has become objectionable, not only because of its volume, its annoying advertising and its often pornographic content but because it may carry unwanted viruses and spyware. Your Internet service provider will attempt to intercept and filter out spam, but its efforts may or may not be effective. Add-on programs are available, some at no cost. Clever thieves often outwit filters by disguising telltale words in their messages that reveal them as spam or by creating websites that incorporate names of legitimate companies. Banks, credit card will companies and even the F.B.I. have found their names being used in this way. If in doubt, telephone the company or agency in question.
The first recorded use of spam was in 1978, when the now defunct Digital Equipment Corporation hit on the idea of using the network of government and academic computers called Arpanet (Advanced Research Project Network) to send e-mail messages about their new DECSystem-20 family of computer systems. Remarkably, from a limited mailing over what was then the first operational packet switching network and ancestor of the global Internet, the company sold twenty systems at a million dollars apiece.
With this, computer spam was born—named after the original tinned meat product first will go produced by the Hormel Corporation during the Second World War. Spam’s recent growth has been astronomical. In 2001, it accounted for only five percent of the traffic on the Internet. By 2004, that figure had grown to more than seventy percent. Today, it has risen above an astonishing ninety percent. This translates into more than a hundred billion unsolicited messages clogging the system every day, many of them sent with criminal intent.
If you receive unwanted spam, there are two actions you should not take: One is to order any product or service being offered. The other is to try to remove your name from the sender’s list by clicking on a link provided for that purpose or by communicating directly with the sender. Doing so merely confirms for the sender that you are a hot prospect and that yours is a viable e-mail address, making your address salable to other spammers. If your computer is not swamped with spam already, it will soon be deluged with a daily barrage impossible to control.
According to an online site that monitors brand abuse, people spend an estimated $4 billion a year on pharmaceuticals offered on spam e-mails. Many of the drugs turn out to be counterfeit, stolen or beyond their expiration date. “If it’s in your e-mail in-box, it’s probably not from a legitimate company,” says Jon Praed of the Internet Law Group. Praed also thinks an estimated $4 billion in spending for online pharmaceuticals is on the low side.
Viruses and Spyware
Infections of computers with viruses and spyware are now common and on the increase. Well-intentioned friends or relatives may unwittingly send or forward virus-infected messages to you. As with spam, antivirus programs are also available with varying degrees of effectiveness, including some that are free should your budget be tight. Other programs, bundled as “suites,” are also available to combat unwanted spam and advertising in addition to viruses. These may offer the money-saving advantage of being installable on up to as many as three computers in the same household at no extra charge.
A virus is a tiny software program that exploits inherent weaknesses in networks or computer operating systems like Windows, and burrows into a computer’s hard drive. To avoid having your computer become infected with a virus, the best advice is not to open any e-mail message that has not been screened first by your antivirus program and shown to be virus-free.
Among the newer hazards facing computer users on the Internet are so-called “botnets,” which have been responsible for the tenfold increase in spam over the past three years. As many as 14 percent of U.S. computers may be infected with “bots.” The word is compounded from the” bot” of robot and “net” of networks. Simply stated, a botnet will literally hijack your computer without your knowledge by depositing malware on it and make it part of a rogue network of hijacked PCs (called zombies or slaves). Your computer then becomes another component in a computer network behind which criminals can lurk and from which they can send spam or infect other computers. Because these e-mails originate in the computers of persons unaware their computers are infected, the criminals are almost impossible to trace.
As much as 80 percent of the spam now being sent on the Internet originates from zombie computers without the knowledge of their owners. Such messages routinely carry viruses designed to avoid traditional filters. Once a virus enters your computer, it will search for your address book and send copies of itself to every e-mail address it finds listed in it.
The F.B.I. has identified more than a million computers in the U.S. that it found had become botnet captives, and has been notifying their owners. Rootkits are another kind of malware distributed by spammers and used to hide other malware on your computer, which may actually alter your operating system and conceal what it is doing. Other malware may take advantage of weaknesses in applications such as iTunes, QuickTime, Flash and WinZip. Spyware and its handmaiden software, called adware, not only can record the sites you visit. In the ultimate example of an intrusive penetration, some sophisticated software can actually record each keystroke you make. Other malware types can cause annoying pop-up ads to appear on your computer screen.
Attempts to control the avalanche of spam have been singularly unsuccessful. In 2003, Congress enacted the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act that requires persons who send advertising matter by e-mail to offer recipients the opportunity to decline future messages. A year after the legislation was passed only seven percent of spam conformed to the requirements of the law. Last year that number was less than one percent. It turned out to be toothless legislation. For all practical purposes, no one is paying heed to this law intended to reduce the amount of unwanted spam.
As if the foregoing hazards were not enough, there’s one more chink in computer users’ armor. If, instead of a wired system linking your computer to your Internet service provider, you use a wireless router, your system will offer still another entry point for surreptitious access by an unfriendly computer. To prevent this from happening, modifications to router software can be made by any person knowledgeable about computers or by a competent computer professional. In the meantime, turning off your computer when not in use can lessen the chance that malware from a remote computer can be placed on your wireless system.
A frequent question is, “Should I identify myself by using my own name on the Internet?” The answer is an emphatic no. There’s a famous quotation to the effect that “Who steals my purse steals trash, but he that filches from me my good name robs me of that which not enriches him and makes me poor indeed.” The sentiment, of course, is from Shakespeare. Alas, it is no longer entirely accurate. Today’s technology has made stealing the good name of another easy and highly profitable. And, as many are discovering to their sorrow, identity theft enriches the thieves that lurk on the Internet while still making victims poor indeed.
In today’s perilous Internet world, no merit or honor accrues to those who reveal their identities. Your name should only be disclosed to someone who has a legitimate reason for needing to know it. The previous article in this three-part series enumerated a surprisingly long list of instances from everyday life in which anonymity plays a role. Again using the analogy of personal sexual behavior, one risk of being promiscuous is that you might acquire a reputation around town. The chief danger in freely revealing your name on the Internet is that it is the first step in the theft of something even more valuable than your reputation—your very identity.
This is the principal reason why the use of a screen name, nickname or moniker has become a common practice on the Internet. Billyjo, 23skidoo or erehwon mean nothing to a would-be thief. But give that same thief your true name by displaying it unnecessarily on the Internet, and you have given a thief something tangible that can be compared with the extensive lists of purloined personal data already in the hands of Internet thieves. Without your knowledge your shearing will have begun.
The Risks in Social Networking
Parents whose children have access to the computer in a single-computer household on which personal data and financial records are stored would be wise to provide a separate computer for children’s use so that such records are not at risk. Moreover, whenever a child has access to a computer, it is important to remember that millions of minors now link to popular social networks like MySpace and Facebook, where they post intimate information and describe their personal interests, hobbies and inner thoughts. Parents would be well advised to have a frank discussion with their children about the need to safeguard personal information and the special danger posed by online sexual predators.
Parents who watch a new MSNBC show, a sting operation titled, “To Catch a Predator,” may already be familiar with the techniques of criminals who prey on the young. Predominantly male, they range in age from 18 to 60, and come from all walks of life. Most are surprisingly respectable. The pattern is always the same: On one of the several social networks targeted at children they engage young people in conversation. The person at the other end of the line is often a male or female police officer impersonating a 13-year old.
As the online chatting continues, the predator invariably steers the conversation to sex. Before long he will be including sexually explicit photos of himself. The next stage is the suggestion of a rendezvous, with assurances to the young “victim” that the predator will bring condoms with him to the chosen location (usually a public park or a residence rented by the TV show and equipped with surveillance cameras). Once they are arrested, perpetrators become meek and submissive, assuring officers that they never intended to “do anything,” that this was their first misstep.
In many cases, this statement is a lie. There are about 600,000 registered sex offenders in the United States. No one knows just how many others have yet to come to the attention of authorities. More than 80 million people have registered a MySpace page, which Rupert Murdoch’s News Corporation bought for $580 million last year. Earlier this year, MySpace, now the largest social networking site, revealed that more than 29,000 convicted sex offenders in the United States had created personal profiles on it.
Attorneys general in several states immediately demanded the names of those living in their states. “The exploding epidemic of sex offender profiles on MySpace—29,000 and counting—screams for action,” said Connecticut’s attorney general, Richard Blumenthal. According to North Carolina’s attorney general, Roy Cooper, MySpace handed over more than 7,000 names in his state and closed their accounts, effectively denying them access to the site. MySpace said it was pleased it had identified and removed the profiles of the offenders, while critics called for new laws to make such sites safer for children.
In North Carolina, Attorney General Cooper demanded a state law that would require children to obtain parental permission before creating profiles on sites such as MySpace, and require the site to check parents’ identity. Such a law would mean “fewer children at risk,” Mr. Cooper added, “because there will be fewer children on those web sites.” Under current rules, users must be over the age of 14 to register with MySpace, but there is no way in which the age of registrants can be verified.
“Protect yourself at all times”
These are the words of advice referees give boxers before the start of every boxing match. Keeping your guard up is equally good advice for every computer user on the Internet. Here are some of the precautions you can take:
Activate all security devices available on your computer’s operating system, such as a firewall and spam blocker.
Purchase software to protect your computer against spam, viruses and spyware. In the last six months some 850,000 computer users replaced their computers because of spyware infections. Be careful about using public computers in hotels, airports and libraries for personal business. Exercise caution about inserting in your computer any disks you maybe sent, even those from friends or relatives.
Exercise care in what you download from the Internet to your computer. If you have been deluged with spam, get a new Internet address and change your password. Abandon your old address—but be sure to notify those from whom you wish to continue receiving e-mail. Your old address will not disappear, so you’ll have to visit it occasionally for important messages you may have received in the meantime.
Avoid using your name or giving out any personal information about yourself—passwords, user names, bank PIN numbers, Social Security number, date of birth, and credit- or debit-card numbers—except when absolutely necessary and then only to protected sites you know you can trust. Every scrap of personal data you divulge makes you more likely to become a victim.
Lest readers think Crotonblog has exaggerated the hazards of the Internet, consider the latest scam being circulated. Called the 419 death threat spam, an e-mail message purportedly from a so-called “hit man” says he has been hired to assassinate the recipient. A typical message text reads, “I have been hired to kill you. I don’t know why they want you dead, but you are now being watched. Do not report this to the police or you will be killed immediately.” It goes on to suggest that the hitman can be bought off, and describes the mechanism to accomplish this. Authorities do not know how many gullible Internet users have been frightened enough to respond to such loathsome threats by furnishing credit card numbers or sending money. No wonder a Luddite movement dedicated to the abolition of computers has begun.
Finally, Crotonblog has said it before, and we’ll say it again: It is the height of irresponsibility for any Internet site not engaged in a legitimate Internet commercial transaction to require users to identify themselves with their true names in order to communicate with the site or to make a comment about other posted material. As we said at the outset, for the average unsuspecting user the Internet can be as perilous as a back alley in Baghdad. Enter it at your own risk—but you are being foolhardy if you do so wearing your name prominently displayed like some glad-handing greeter at a convention.
Editor’s note: Next week in Part Three we explore specific examples of the dangers awaiting those who choose to abandon the cloak of anonymity.