It’s big enough that the U.S. House of Representatives voted unanimously to stiffen jail sentences for those who use secret surveillance programs to steal credit card numbers or commit other crimes.
Under the bill, known as the Internet Spyware (I-SPY) Prevention Act of 2004, those found guilty of using spyware to commit other crimes would face up to five years in prison on top of their original sentences. Those who use spyware to steal personal information with the intent of misusing it, or use spyware to compromise a computer's defenses, could face up to two years behind bars.
The bill would also apply to those who perpetrate so-called “phishing” attacks -- official-looking email messages that aim to trick people into disclosing their bank-account numbers or other personal information.
In addition, the I-SPY bill allocates $10 million to the Department of Justice to combat spyware and phishing scams.
Two days before the I-SPY vote, House lawmakers approved a separate bill that establishes multimillion-dollar fines for spyware perpetrators. (Some observers predict that the two bills will be combined with a spyware bill that is currently working its way through the Senate.)
A pervasive problem
Antivirus products allow users to protect themselves from a variety of potential software and Internet threats. These include malicious code such as viruses and Trojans, as well as expanded threats, which include spyware, adware, and dialers. While definitions of spyware vary, it’s generally agreed that these programs have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware: passwords, log-in details, account numbers, personal information, individual files or other personal documents. Spyware may also gather and distribute information related to the user’s computer, applications running on the computer, Internet browser usage, or other computing habits.
Many popular file-sharing programs come bundled with spyware. In fact, spyware is embedded in hundreds of programs -- including games, utilities, and media players – that can be downloaded for free from the Internet. Spyware is also how many file-sharing vendors make money while not charging for their products. With these programs, it has been said, you pay with your privacy instead of with money.
For that reason, the Federal Trade Commission has repeatedly warned consumers as well as businesses about the trade-offs involved in shareware. In an alert issued last year, the FTC was unambiguous: “Before you use any file-sharing program, you may want to buy software that can prevent the downloading of spyware or help detect it on your hard drive.”
Just this month the FTC announced it had asked a U.S. District Court in New Hampshire to shut down a spyware operation that hijacks computers, secretly changes their settings, barrages them with pop-up ads, and installs adware and other software programs that spy on consumers' Web surfing. The FTC alleges the spyware operation – a network of sites operated by former “spam king” Sanford Wallace -- violates federal law and asks the court to bar the practices permanently.
How pervasive is spyware? Internet service provider Earthlink announced earlier this month that a scan of 3 million computer systems over nine months found 83 million instances of spyware. Researcher Gartner Inc. has estimated that more than 20 million people have installed adware applications (adware is a type of spyware that reports back on a user’s activities in order to serve up targeted advertising), and this covers only a portion of the spyware that is out there.
A dangerous evolution
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.