Certification - January 2009 - (Page 27) “It’s important that people remember they’re not only defending against the person who’s out there on the other side of the ocean, but it could be the person under the same roof,” Kaiser said. “There are a lot of cases of people who are in domestic violence relationships, where [their partners] have put spyware on their computers to track their online behaviors.” As for outsider offenses, a frequent method of attack involves tracking keystrokes, said Virgil Gligor, codirector of CyLab and professor of electrical and computer engineering at Carnegie Mellon University. This occurs when a user visits a malicious Web site that secretly downloads keystroke-tracking software onto his or her computer. When that user logs in to his or her bank account, this tool records that information and returns it to the cybercriminal. “This is a very potent attack that has been launched in the last two or three years,” Gligor said. “The FBI and Secret Service, with the help of banks, have been tracking and investigating such attacks.” Gligor said he believes the adoption of a new Internet architecture is the long-term solution to the Internet’s security flaws. But it will take time to implement, he said, and in the meantime, security professionals will have to continue to patch whatever holes they find. “The problem is that the more we look, the more we find,” Gligor said. There is a camp that argues that the immense popularity of the Internet is due to its insecure nature and that the lack of bureaucratic features is what made it catch on like wildfire. “To have accountability, you have to have registries of systems and users,” Gligor said. “Clearly, the spread of the Internet if such structures were imposed would have been a lot slower. On the other hand, some people consider this to be a fallacious argument because we as a community could have anticipated that, if we don’t build in security from the start, it would be very difficult to retrofit [it] afterwards.” essentially the same thing as going into a crowded room and shouting across what your information is,” said Todd Feinman, CEO of security and privacy technologies firm Identity Finder. Just think about what’s on your blog, your Facebook page or your Flickr site. “The Internet has become about biography,” Kaiser said. “It’s kind of amazing how much information is out there about people.” A survey by Javelin Strategy & Research found that 8.4 million Americans were victims of identity theft in 2006. The average fraud amount per victim was $5,869, and the average resolution time for resolving it was 40 hours. Understandably, the impact of identity theft can be devastating. “I’ve heard of cases where people have taken out mortgages for houses in someone else’s name,” Kaiser said. “More common [is when] people attempt to access existing resources like a bank account. “[But] the impact of those things is long-lasting. Once your credit’s been breached and your information is out there in these criminal networks, it requires an enormous amount of vigilance to clear it.” Unfortunately, catching and prosecuting identity thieves and cybercriminals is even more difficult. In the aforementioned TJX case from 2005, which Feinman said highlighted one of the biggest identity theft rings to date, the main perpetrators weren’t caught until mid-2008. “Most identity thieves will never be caught unless they’re really going on a limb and ordering products online that are delivered to their home,” Feinman said. “The U.S. jurisdiction only goes so far, [and] a lot of times these people will go to countries where there are no extradition laws. Fred Cate, a distinguished professor at the Indiana University School of Law and director of the Center for Applied Cybersecurity Research, said the development of phishing often is traced back to the early days of America Online (AOL), when the company charged for access by the hour. At that time, phishers would try to steal customers’ account numbers. But today the game has changed. Between Jan. 1, 2008, and June 30, 2008, there were at least 47,324 phishing attacks, according to the Anti-Phishing Working Group’s Global Phishing Survey. Further, phishing now targets bank-account holders and customers of online payment services. IT CUlTURE continued on page 33 The Rise of Phishing Is Your Identity safe? Once upon a time, identity thieves would search through garbage looking for discarded mail or other documents containing an individual’s personal information. Some still resort to this tactic, but an Internet connection gives many the ability to steal more information faster. “People don’t realize when you e-mail someone a credit card number to buy something or instant message a friend [your] Social Security number, that’s January 2009 CERTIFICATION MAGAZINE 27 http://www.identityfinder.com/ http://www.cylab.cmu.edu/ http://www.javelinstrategy.com/ http://cacr.iu.edu/ http://cacr.iu.edu/ http://www.antiphishing.org/r
Table of Contents Feed for the Digital Edition of Certification - January 2009 Certification - January 2009 Editor's Letter Contents Data Stream Virtual Village Tech Careers Dear Techie Academic Connection Troubleshooting What We Like Look Ahead The New Convergence Formula Cybersecurity: Are You Safe? Interface Lead Applications Developer: The IT Ambassador Inside Certification Ad Index Endtag Certification - January 2009 Certification - January 2009 - (Page Intro) Certification - January 2009 - Certification - January 2009 (Page Cover1) Certification - January 2009 - Certification - January 2009 (Page Cover2) Certification - January 2009 - Editor's Letter (Page 3) Certification - January 2009 - Contents (Page 4) Certification - January 2009 - Contents (Page 5) Certification - January 2009 - Data Stream (Page 6) Certification - January 2009 - Data Stream (Page 7) Certification - January 2009 - Virtual Village (Page 8) Certification - January 2009 - Virtual Village (Page 9) Certification - January 2009 - Tech Careers (Page 10) Certification - January 2009 - Tech Careers (Page 11) Certification - January 2009 - Dear Techie (Page 12) Certification - January 2009 - Dear Techie (Page 13) Certification - January 2009 - Academic Connection (Page 14) Certification - January 2009 - Academic Connection (Page 15) Certification - January 2009 - Troubleshooting (Page 16) Certification - January 2009 - Troubleshooting (Page 17) Certification - January 2009 - What We Like (Page 18) Certification - January 2009 - What We Like (Page 19) Certification - January 2009 - Look Ahead (Page 20) Certification - January 2009 - Look Ahead (Page 21) Certification - January 2009 - The New Convergence Formula (Page 22) Certification - January 2009 - The New Convergence Formula (Page 23) Certification - January 2009 - The New Convergence Formula (Page 24) Certification - January 2009 - The New Convergence Formula (Page 25) Certification - January 2009 - Cybersecurity: Are You Safe? (Page 26) Certification - January 2009 - Cybersecurity: Are You Safe? (Page 27) Certification - January 2009 - Interface (Page 28) Certification - January 2009 - Interface (Page 29) Certification - January 2009 - Lead Applications Developer: The IT Ambassador (Page 30) Certification - January 2009 - Lead Applications Developer: The IT Ambassador (Page 31) Certification - January 2009 - Lead Applications Developer: The IT Ambassador (Page 32) Certification - January 2009 - Lead Applications Developer: The IT Ambassador (Page 33) Certification - January 2009 - Inside Certification (Page 34) Certification - January 2009 - Inside Certification (Page 35) Certification - January 2009 - Inside Certification (Page 36) Certification - January 2009 - Ad Index (Page 37) Certification - January 2009 - Endtag (Page 38)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.