The latest distributed denial-of-service attempt was broken up last week in Denmark, where hackers took control of at least 50 zombie servers and were preparing an assault on that country's systems. Authorities arrested a 17-year-old suspected of being connected to the attempt, which was broken up by the Danish section of the Computer Emergency Response Team, according to a report in the Danish newspaper Ingeniøren.
It's only one of an alarming number of news reports last week that demonstrate that the fight for online security and privacy has woefully regressed in every area except oneâ€"awareness. Other bad news from last week:
- Creditcards.com was hacked, and 55,000 card numbers were held hostage for US$100,000. When the extortion attempt failed, the hacker posted the card numbers on the Web. The company has since put up a Web site where merchants and customers can check for fraudulent transactions.
- At the University of Washington Medical Center, thousands of medical records for heart patients, which included names and Social Security numbers, were accessed. Officials first denied, then confirmed the hack.
- Experts from @stake warned that America Online's AOL Instant Messenger is harboring serious security flaws.
More significant, most experts concur that things will only get worse next year.
"The scariest part to me is there's not enough qualified security talent out there," said a security administrator at a major Midwestern mortgage bank. "That's why we're losing ground. I built my infrastructure and many of the programs methodically. But I regularly do security audits, and it's getting to the point they can't even address our security because they don't understand it."
The situation is worse than most people think, said Chris Rouland, director of Internet Security Systems's X-Force security advisory team, in Atlanta. "There are a high level of DDoS agents out there right now, on the order of tens of thousands of servers in zombie configuration," said Rouland, who also said he sees at least one data hostage situation per month. "I've had high-level talks with the government. I can tell you there's concern."
Indeed, the FBI has been vocal on the data security front, taking efforts to warn corporations, universities and consumers of higher levels of hack attempts and virus launches around the holidays.
Hackers thrive this time of year because they can prey on the large number of e-mail greeting attachmentsâ€"usually accompanied by higher levels of seasonal trust and goodwillâ€"to launch viruses and because of the high level of online shopping.
