The Inside Job: Domestic Spyware

Has your organization been compromised by spyware?  You may want to read on before answering.  According to a recent study conducted by Websense Inc., a leading provider of anti-spyware software, 92% of all IT administrators involved believed their networks where infected with some type of spyware.  Only 6% of the IT staff believed they were responsible for downloading spyware into the network.  Incidents such as this have contributed to a large problem as so many people do not know enough about spyware to help prevent the infection.  Regardless of how it is being distributed, spyware has become such a concern that even the U.S. Congress has taken note. 

Why it is a Problem

Spyware programs have been viewed as intrusive as many internet users are not pleased with having their surfing habits documented.  The fact that several web sites deploying these programs are questionable makes things even worse.  What began as a simple adware program has often been discovered to be malicious software that harbors viruses, hacks into and steals personal data, propagates spam, or hijacks a web browser.  This type of program can easily capture a victim's credit card or PIN number when making purchases or banking online.  When this sensitive data is collected by an adware database it becomes a repository well suited for financial fraud and identity theft. 

Good Spyware?        

Not all spyware is used maliciously, as evidenced in the instance with domestic spyware.  This type of program is usually installed by a parent, teacher or company who want to monitor the internet activity of other users.  IT administrators may want to check up on members of their staff while parents may be suspicious of whom their children are chatting with online.  Domestic spyware is viewed as useful in these instances though it still can be abused by malicious individuals. 

Like many tools used by hackers, spyware programs are readily available and can be easily installed without a user's knowledge or consent.  Law enforcement agents have been known to use domestic spyware to monitor suspected illegal activity, while criminals have used it to thieve data from government agencies and large corporations. 

The SPY BLOCK Act

In November of 2005, the Senate Commerce Committee approved the SPY BLOCK Act.   The legislation was actually a substitute amendment to the original bill introduced by Senator Conrad Burns in February of 2004.  As amended, the legislation specifically addresses computer hijacking, loss of control over a computer, adware that doesn't reveal it's complete operation, and the collecting of personal data.  It prohibits the collecting of personal data when the process of collection is not "clearly and conspicuously disclosed" or advertised as part of the program's intent.  If personal information such as bank account or Social Security numbers is to be collected, a consent regime and notice is required.  Additionally, the user must be able to manually uninstall any software that collects personal data. 

The SPY BLOCK Act also strengthens enforcement by giving authority to the FTC and state attorney generals to enforce these provisions.    

This bill has since been moved into full Senate for complete consideration.  Many critics feel that is will be less effective than the CAN SPAM Act of 2003 as exploits by malicious individuals become more advanced.     

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

A computer crash can occur at anytime and on any computer.

By backing up your files--personal documents, financial records, and digital pictures--you can ensure that you will never loose your precious and irreplaceable information.

There are many ways one can back up a computer: special equipment or online programs, which are becoming increasingly popular, can help you to create a sort of 'insurance policy' for the protection of all of your computer-based data.