What Are You Worth On The Black Market?
Ever wondered how much your online identity is worth to a cyber criminal? A new tool from Symantec Corp. will perform the calculation for you.
The Norton Online Risk Calculator, unveiled within a microsite to coincide with the launch of Norton 2010, calculates your net worth on the black market by asking a few questions about your personal Internet use.
It takes a few minutes to answer the questions, after which you get three results: how much your online assets are worth, how much your online identity would sell for on the black market, and your risk of becoming a victim of identity theft.
The main point isn’t to promote software or instill fear, but to spread awareness on cyber crime, said Marian Merritt, Internet security advocate for Symantec.
IT pros can use the consumer-oriented tool to educate employees in their office, as well as advocate Internet security to their family and friends. “IT is in that unique position of bridging both worlds,” said Merritt.
It’s unlikely the average consumer would read an Internet Security Threat Report, she added, but a simply illustrated example might get the same point across. “It’s shocking how little value criminals place on your credit card,” she said.
IT pros themselves might also benefit from a refresher on cyber crime. “Sometimes those who think they know the most can be even more at risk than others who admit they don’t know much and therefore are very cautious,” said Merritt.
Even those who consider themselves experts in IT tend to take shortcuts when it comes to online security because they think they aren’t at risk, their information isn’t really that valuable or they don’t realize how much work it takes to recover a stolen identity, she explained.
IT pros might be familiar with concepts of the underground criminal economy and may even know a self-proclaimed hacker or two, but they may not realize the extent to which cyber crime has grown over the past several years, she said.
Cyber crime is now larger than the international drug trade, Merritt pointed out. Nearly 10 million people have reported identity theft in the U.S. over the last 12 months and one in four households have already been victimized, she said.
Not only is the rate of growth surprising, but how easy it is for criminals with no technical skills to convert themselves into cyber criminal businesses overnight, she said. Build-your-own botnet kits and spam engine systems trade on the black market for about $500, Merritt pointed out.
Cyber crime is well reported in the IT space, but the message doesn’t often reach the general public, according to Merritt. “You turn on the news and they are talking about capturing drug dealers going across the border, but they rarely show a hacker in handcuffs,” she said.
Michael Calce, who did make popular news headlines back in 2000 for a series of DDoS attacks that brought down major Web sites including Yahoo, eBay and Amazon, is one exception. His 56-charge conviction gained further notoriety due to the fact that he was only 15 years old at the time.
The former hacker is now making an effort to rebuild his reputation as a “white hat” and spreading the message on cyber crime and Internet security. The Internet is broken, threats are exploding and IT community needs to join forces to fix it, warned Calce at the IT360 conference last April.
In a post-conference interview, Calce summed up his main message for those who were unable to attend the event. “We’re trying to get a message across that we need to do something about this. Government agencies need to step in, us — the white hat community — need to step up our game because this is a very serious issue that is starting to explode,” he said.
One of the main problems, according to Calce, is that the Internet was never intended to become a commercial tool. “We have to rebuild certain protocols and basically get a new concept of how the Internet should be with computer security in mind. There’s a serious lack of fundamental securities when it comes to the Internet,” he said.
Calce’s message also addressed consumers. Individual Internet users are increasingly becoming targets, he pointed out. “It’s people putting their lives online that is starting to make the difference … when you put that into perspective, that everybody’s life is now online, you can see that they’re becoming targets, whereas ten years ago this wasn’t really the case,” he said.
The best practice for the non-techie is to constantly update software and do some reading, according to Calce. “People are always on Google anyways — type up Internet security, see what you can figure out. It can definitely be beneficial to your future because the way technology is headed, sooner or later, everybody is going to need to know the fundamentals of security,” he said.
Calce suggested average Internet users look at security as a whole. “You may be attempted by hackers, you may be logged by your ISP, you may be this, you may be that … there’s so many factors to factor in. The fact is, you have to expect the worst-case scenario,” he said.
Mistakes Internet users continue to make include forgetting to renew their security software subscriptions, not keeping operating system patches up to date and failing to use the latest version of their Internet browser, Merritt pointed out.
Users may also believe they have a comprehensive Internet security package, when in fact, all they are using is anti-virus software without firewall and intrusion protection, said Merritt. Children are easy targets and further increase the risk, especially through their use of peer-to-peer networks.
But even users who do everything right can find their personal information compromised. The biggest security hole problems that lead to this generalized risk for consumers are massive data breaches that occur at institutions like banks, universities, major retailers and credit card institutions, said Merritt.
The best protection against this further threat is to sign up for a credit card monitoring service and regularly review your credit report, Merritt suggested. Institutions may or may not be required to notify consumers about a breach, she pointed out.
Symantec is introducing real-time, reputation-based security technologies in its latest lineup of Norton consumer products. The new protection model, available in Norton Internet Security 2010 and Norton AntiVirus 2010, is called Quorum.
The addition of Quorum allows Norton to detect 80 per cent of the threats within that one per cent that previously remained undetected, according to Lana Knop, principle product manager for Symantec. The new Norton packages, available online and through retailers in the U.S. on Sept. 9, are coming to Canadian retail locations by the end of September.
One in five users who go online will become a victim of some form of cyber crime, she pointed out. Knop put it into perspective by comparing the rates to street crime.
“Every four and a half minutes, a crime is committed on the streets of Los Angeles. Every three minutes, a crime is committed on the streets of Washington, D.C. In New York, a crime is committed every two minutes … every three seconds, a crime is committed on the net,” she said.
Control Computer Crimes News provides a complete view of the information security world, we empower our readers to gain all the relevant information they need to safeguard their organizations, homes and meet business goals. CCCNews provides IT security professionals a forum where they can learn from their peers’ experiences, analysts’ findings, and vendors’ knowledge to gain from others’ expertise.
CCCNews has 3 distinguished publications: The CCCNews Newsletter - published 3 times a week since June 2005. Total number of issues 700+, subscribed by 85000+ constituents. Visit http://groups.google.com/group/control-computer-crimes to view past issues. CCCNews Magazine - started in June 2009 for all Information Security related issues including news, analysis, events, education, security tips, and much more. The first issue was downloaded by over 102000 people in first week. Finally, there is the CCCNews Website (CCCNews.in) is a comprehensive website/portal for IT Security related topics.