Investor's Business Daily, June 20th, 2007
When a telecommunications equipment supplier fired an employee two years ago for stealing product information, it wasn't the act alone that proved worrisome -- it was how it occurred.
To carry out the theft, the employee used instant messaging, an increasingly popular way of zipping short notes among computers and mobile devices.
The thief wasn't alone. Instant messaging is emerging as a new and preferred mode of Internet crime, computer security experts say.
Instant messaging services took off a few years ago as a faster version of e-mail. It wasn't long before computer hackers jumped on the new platform to distribute viruses and other software that would cripple PCs.
Yesterday's mischief maker now has an even darker side, says Don Montgomery, vice president of marketing for Akonix Systems, a maker of security software.
"Two years ago, 99% of the instant messaging attacks were hackers seeing what havoc they could cause," he said. "But now attempts to actually receive something valuable like confidential information is emerging and growing very rapidly."
Last year, 12% of consumers who reported Internet fraud incidents to the Internet Crime Control Center said they were contacted at some point by scam artists using instant messaging services.
How much fraud is being conducted on instant messaging services still isn't clear.
That's because the IC3 study only began asking about instant messaging last year, says Rodney Huff, research assistant for IC3. The joint venture is run by the FBI and the nonprofit National White Collar Crime Center.
But there's little doubt that instant messaging is becoming a sore spot for companies.
Nobody knows better than Fortinet, a security software maker.
"Attacks on our systems are up 400% year over year," said Richard Stiennon, Fortinet's chief marketing officer. "It started out small -- 20 a month in March 2006 -- and now we are seeing 105 a month."
Akonix says threats to its customers on instant messaging systems are up 73% in May vs. a year ago.
The attacks are also becoming more nefarious.
Common examples are come-on messages that serve only to infect your computer with a virus to commit online theft, says Stiennon. In one common ploy, cyber criminals will entice victims with a message containing a Web-site link to pornography or something equally intriguing.
By clicking them, users expose their systems to software that can take over the system for denial of service attacks or spewing spam.
Crooks are also getting more comfortable with using instant messaging for schemes once relegated to e-mail, Huff says.
"Perpetrators use instant messaging to establish relationships with the people they intend to defraud," he said. "After several contacts, perpetrators gain the trust of victims before requesting money or other favors."
Most Internet con artists first approach victims in chat rooms and through e-mail. A victim then provides an instant messaging address in an attempt to get closer to their new "friend," says Huff.
"Instant messaging is used to establish a firmer relationship -- it's a step along the way to the commission of a crime," he said.
So far, analysts say, most Internet messaging scams are work-related. Employees smuggling some company information on the last day on the job is common.
The federal government requires health care and finance companies to monitor their e-mail communications to protect the privacy of patient records and guard against insider trading. Most companies have their own e-mail systems, which are easily monitored.
Monitoring instant messaging is also required. But it's harder to check. That's because many companies let employees use free, outside instant messaging services offered by Yahoo YHOO, Microsoft MSFT and Time Warner's TWX AOL.
In many cases these instant messaging services aren't as closely monitored as in-house e-mail services, says Paul Kocher, president of Cryptography Research, a security services company.
"The filtering tools designed for e-mail typically don't work on all of the instant messaging protocols," he said. "It's a somewhat leakier ship."
Even so, use of instant messaging services continues to rise.
By end of 2006 the number of active consumer instant messaging accounts worldwide topped 400 million vs. 200 at the close of 2003, says market tracker IDC.
Companies allow employees to use instant messaging services because many customers prefer their speed over e-mail.
There's also another good reason, says Akonix's Montgomery: they're free.
The fast growth of instant messaging will likely boost the number of online scams and information theft cases in the future, Stiennon says.
"It's never going to get better, it's only going to get worse," he said. "There will always be enough naive victims to continue to fuel this for a long time."
