Internet use is still growing fast, but so is Internet-based fraud, according to security vendor VeriSign Inc., which examined data from its own infrastructure services between August 2002 and August 2003.. . .
Internet use is still growing fast, but so is Internet-based fraud, according to security vendor VeriSign Inc., which examined data from its own infrastructure services between August 2002 and August 2003.

According to VeriSign's study "Internet Security Intelligence Briefing," released yesterday, 6.2% of e-commerce transactions carried out in the U.S. were attempts at fraud. More than half the fraud attempts were made by entities outside the U.S., VeriSign said.

Also, the number of security incidents almost doubled between May and August this year, VeriSign said.

Standard security attacks and fraud are closely linked, the company said. "Analysis ... showed extremely high correlation (47%) between sources of fraud and sources of security attacks," the study said. "Attackers who gain control of Internet host machines are using these compromised hosts for both security attacks and fraudulent e-commerce transactions."

Other findings from the study include the following:

  • Total DNS queries, such as those aimed at finding Web sites and e-mail addresses, grew by 51.4% between August 2002 and August 2003.

  • E-mail-related DNS queries rose by 245% over the same period, partly because of the surge in spam and mass-mailing viruses such as Bugbear.

  • The average number of Internet transactions per online merchant site has grown 17% in the past year.

  • SSL has become the de facto e-commerce security standard at more than 400,000 sites, with growth of 6% in certificates issued over the past year.

  • Security incidents per device rose 99% this year between May and August, with the Blaster worm contributing most of the increase in August.

  • The trend in viruses and worms is toward more sophisticated, potent and coordinated attacks along the lines of Blaster, Nachi and Sobig.F, which was the first virus to direct itself at the Internet's root servers.

Security incidents were principally generated in the U.S. (81%), but the percentage of fraud attempts made from the U.S. was much lower (48%). One reason for the difference is the weak policing of the Internet outside the U.S., according to VeriSign.

"International criminals can essentially commit fraud with impunity, given that jurisdiction issues make policing international fraud near impossible," the report said.

Following the U.S. in the fraud stakes was the U.K. (5.25%), while in third place was Nigeria (4.81%), where the 419, or advance-fee, fraud epidemic rages unchecked.


All of article

The link for this article located at ComputerWorld is no longer available.