The Inside Job: Domestic Spyware

Has your organization been compromised by spyware?  You may want to read on before answering.  According to a recent study conducted by Websense Inc., a leading provider of anti-spyware software, 92% of all IT administrators involved believed their networks where infected with some type of spyware.  Only 6% of the IT staff believed they were responsible for downloading spyware into the network.  Incidents such as this have contributed to a large problem as so many people do not know enough about spyware to help prevent the infection.  Regardless of how it is being distributed, spyware has become such a concern that even the U.S. Congress has taken note. 

Why it is a Problem

Spyware programs have been viewed as intrusive as many internet users are not pleased with having their surfing habits documented.  The fact that several web sites deploying these programs are questionable makes things even worse.  What began as a simple adware program has often been discovered to be malicious software that harbors viruses, hacks into and steals personal data, propagates spam, or hijacks a web browser.  This type of program can easily capture a victim's credit card or PIN number when making purchases or banking online.  When this sensitive data is collected by an adware database it becomes a repository well suited for financial fraud and identity theft. 

Good Spyware?        

Not all spyware is used maliciously, as evidenced in the instance with domestic spyware.  This type of program is usually installed by a parent, teacher or company who want to monitor the internet activity of other users.  IT administrators may want to check up on members of their staff while parents may be suspicious of whom their children are chatting with online.  Domestic spyware is viewed as useful in these instances though it still can be abused by malicious individuals. 

Like many tools used by hackers, spyware programs are readily available and can be easily installed without a user's knowledge or consent.  Law enforcement agents have been known to use domestic spyware to monitor suspected illegal activity, while criminals have used it to thieve data from government agencies and large corporations. 

The SPY BLOCK Act

In November of 2005, the Senate Commerce Committee approved the SPY BLOCK Act.   The legislation was actually a substitute amendment to the original bill introduced by Senator Conrad Burns in February of 2004.  As amended, the legislation specifically addresses computer hijacking, loss of control over a computer, adware that doesn't reveal it's complete operation, and the collecting of personal data.  It prohibits the collecting of personal data when the process of collection is not "clearly and conspicuously disclosed" or advertised as part of the program's intent.  If personal information such as bank account or Social Security numbers is to be collected, a consent regime and notice is required.  Additionally, the user must be able to manually uninstall any software that collects personal data. 

The SPY BLOCK Act also strengthens enforcement by giving authority to the FTC and state attorney generals to enforce these provisions.    

This bill has since been moved into full Senate for complete consideration.  Many critics feel that is will be less effective than the CAN SPAM Act of 2003 as exploits by malicious individuals become more advanced.     

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.