Data Show Hackers And Virus Writers Took Some Time Off In December

by Donna Howell, © 2002 Investor's Business Daily

Monday, 14th January 2002 - Did hackers and virus writers take off for the holidays? Some attack trackers saw an absence of malice last month. Others trace a lull to Sept. 11. But 2002 isn't likely to stay calm.

Data released Friday show that overall, security incidents are more than doubling yearly. Last year, 52,658 incident reports came in to the CERT Coordination Center at Carnegie Mellon University in Pittsburgh. That's almost 2 1/2 times the incidents of 2000. This is the third year in a row the number more than doubled. Yet some sense that all things considered, December bucked a trend. Of recent years, "this is the least busy December," said Bill Wall, chief security engineer at Harris Corp. in Melbourne, Fla. Wall has tracked computer attacks and viruses for decades. He says hacking and virus activity often spikes during and just after the December holidays, plus in summer. That's when student hackers "have time on their hands or can get university computers." Last month, Wall saw the fewest hacking attempts since perhaps the early 1990s. "As I look at port scanning (hackers' probing for entry points) on our Web sites and others," he said, "people just aren't rattling the doors." Nor, others say, are viruses and worms running quite so rampant.

"There's a definite lull from Sept. 11, except the week after," said Alan Paller, research director at the SANS Institute, a Bethesda, Md., computer security think tank. The Nimda worm hit the week of Sept. 17. It caused $635 million in losses, says research firm Computer Economics Inc. "We haven't had a substantial one like that in months," said Paller. "It feels quieter." Data kept by British security firm mi2g Ltd show Web site defacement also dropped in September. Some hackers may have simply been "too busy following events" to launch attacks, said Chief Executive D.K. Matai. Also, a new U.S. anti-terror law may have deterred them. "It pretty much equated hacking to terrorism, and that equated to a lull," said Matai. Yet during 2001, defacements rose fourfold to nearly 30,400.

Was there really a lull in viruses? It depends on one's point of view. There may have been no big new threats after Nimda to bother researchers. But computer users found that the Nimda worm didn't go away. It made December 10 times worse than June in virus incidence.

Online scans by anti-virus firm Trend Micro Inc. found 862,000 machines infected with Nimda in December, down from 1.7 million in September. Taken in total, 2001 was no security picnic. "We did see more activity," said Chad Dougherty, a CERT Internet security analyst. "Both the Code Red and Nimda worms were particularly large." They're the first that "involved hundreds of thousands of machines," Dougherty said. "These are new levels of scope for one particular piece of malicious code," he said. "Even outside the worm incidents, we still saw an increase" in security problems. Don't expect a lull this year, either.

"There's nothing to indicate to us this level of activity won't at least remain constant, if not increase," said Dougherty. "Awareness of computer security issues is pretty much still coming around."

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy