Experts agree: 2004 was the best of times and the worst of times for IT security. It was a year with high-profile arrests of virus authors and the explosion of online crimes, from cyber-extortion to identity theft; a year in which ISPs won millions in damages from spammers, and spam messages increased by 40 percent.
In hindsight, 2004 may be looked back upon as the year that a long tradition of hobbyist hackers and flashy, but harmless, viruses gave way to shadowy, professional online crime syndicates. The professionals were armed with virulent new threats designed to separate Internet users from their cash.
With that in mind, here's a look at some of the most important technology security stories and trends of the last year:
Phishing for phun and profit
Online identity theft through sophisticated attacks known as "phishing scams" were the runaway security story of 2004, due to the explosive growth in such attacks.
Phishing scams are online crimes that use spam to direct Internet users to websites controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information, often under the guise of updating account information, which is then captured by the thieves.
E-mail security vendor MessageLabs blocked just 279 such scams in September 2003. By September 2004, that trickle swelled to a flood of more than two million messages. In all, it blocked 18 million phishing e-mail messages in 2004.
The Anti-Phishing Working Group watched the number of reports of phishing websites increase by an average of 28 percent every month between July and November. The average site operated for six days before being shut down.
Achilles, get your gun
Not since the days of Ancient Greece have Trojans been as much a part of popular conversation as they were in 2004, when an explosion in Trojan horse programs turned countless Internet-connected computers into tools for malicious hackers and international online crime organisations.
Carried on the back of e-mail and Internet worms, an eye-popping parade of back-door Trojans marched onto vulnerable computers since January. One typical example is the ubiquitous RBot, a Trojan program that spreads using a number of methods. The program can collect system information, download and execute files, launch a denial-of-service (DOS) attack, and even remotely control a connected webcam.
RBot-A, the first version of the worm-like Trojan, was identified in March 2004. The latest, RBot RN, appeared just last week. In just nine months, there have been 480 different versions of the Trojan.
Trojan horse and backdoor programs are not new, but the rapid growth in their use in 2004 was a product of cooperation between virus writers, online criminals and spammers, said Jesse Villa, technical product manager at Frontbridge.
Trojans have been silent actors in a number of high-profile crimes, including the theft in September 2003, of source code for the Half Life 2 video game. A Trojan horse program named Banker-AJ infected computers and waited until users visited online banking sites, at which point the program logged user keystrokes and captured account information, said Gregg Mastoras, senior security analyst at Sophos.
More Trojans have also led to an increase in the number of "botnets", distributed networks of compromised machines that act as "zombies" in spam campaigns or DDoS attacks. "At the end of last year we knew of about 2,000 botnets. Towards the end of this year, we're looking at about 300,000," Villa said.
Police and patches
But the news wasn't all bad. While online crimes skyrocketed in 2004, there were also a number of high-profile arrests of those involved in cybercrimes.
In May, German authorities arrested 18-year-old Sven Jaschan, who admitted to creating and releasing the Netsky and Sasser Internet worms, and a 21-year-old German man who admitted to creating the Agobot and Phatbot Trojans.
There were other victories as well, including the June arrest of those believed to be behind the 2003 Half-Life 2 source code theft and a September arrest of a man believed to be connected to the theft of source code belonging to Cisco. In October, the US Department of Justice arrested 19 people in connection to an online "carding" ring that traded information about stolen identity and credit card information online.
In 2005, some combination of tougher law enforcement and tighter security is the best way to stem the tide of malicious and criminal behavior online, experts agree. To stop identity theft, banks, e-commerce companies and consumers need to look hard at strong user authentication technology, said Sophos' Mastoras. "In the EU, banks are already moving away from static passwords. I think that will be a trend that will happen in the US as well," he said.
E-mail sender authentication technologies such as Domain Keys from Yahoo and Sender ID from Microsoft need to be broadly adopted - a move that would make life tougher for those behind phishing scams, which often use forged e-mail sender addresses to trick unsuspecting e-mail recipients, said Mastoras.
ISPs also have to begin sharing what they know about Internet attacks and compromised computers on their networks, Villa said. "This is a long term problem and we have to work together to combat it," he said.