<http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2005/02/14/BUG3NB9UTL1.DTL&type=printable> www.sfgate.com Return to regular view Fighting Net crime with code Surge in phishing e-mails to take spotlight at cryptography conference - Carrie Kirby, Chronicle Staff Writer Monday, February 14, 2005 Every year, a bunch of cryptographers throw a big party, business mixer and study session in the Bay Area. In their effort to make the world love the science of code making and breaking as much as they do, they invoke dramatic historical uses of cryptography: the etchings of the ancient Maya, the Navajo code talkers of World War II. This time, the RSA Conference, opening today at Moscone Center in San Francisco, has crime as its theme. The 11,000 attendees will hear the tale of how federal agent Elizebeth Smith Friedman brought down a major ring of rum runners by cracking their sophisticated codes. The timing couldn't be more apt. More people than ever are not just shopping but conducting their finances online, with 45 percent of Americans paying bills over the Internet in 2004, according to research group Gartner. That's a 70 percent increase from 2003, a shift that is making the Internet more attractive than ever to criminals. "Crime on the Internet is probably the fastest-growing business there," said Ken Silva, vice president of networking and information security at VeriSign, the Mountain View company that secures Web sites and Internet transactions. Phishing e-mails -- those little fraudulent notes asking you to "confirm" your bank account number, credit card number, ATM password or locker combination -- have been growing by 38 percent a month on average, according to the industry's Anti-Phishing Working Group. Gartner warns that phishing will erode the growth of e-commerce if nothing is done. The folks gathering at the Moscone Center this week are the ones who do battle with all that, using -- you guessed it -- cryptography. They're software developers, marketers, academics, business leaders -- including conference speakers Bill Gates of Microsoft, John Chambers of Cisco, Symantec's John Thompson and VeriSign's Stratton Sclavos -- and a few current and former government officials, such as Amit Yoran, who resigned in October after one year as the nation's top cyber security official. Because phishing has shown the downside of using just a user name and password to access an online bank account, a panel featuring Yoran and other experts will look at safer ways for consumers to identify themselves on the Internet. Another panel will address businesses' fear that adding more security could make e-commerce and e-banking sites too cumbersome for consumers to use. Another topic will be whether software companies should be held liable when bugs in their products allow theft to happen and whether the government should regulate software safety as the Federal Aviation Administration regulates airline safety. Because most hackers and viruses get into computers through holes in Microsoft's nearly ubiquitous Windows software, Microsoft is always central in such discussions. But that is not a favorite topic for Microsoft leaders, and the preview blurb for Gates' speech, scheduled for Tuesday morning, makes no mention of that controversy. Instead, Gates is to discuss "his perspective on the state of security today, the importance of continued innovation, and advances in Microsoft's platform, products and technologies designed to better protect customers." The conference is run by Bedford, Mass., cryptography company RSA Security, which also has an office in San Mateo. E-mail Carrie Kirby at ckirby@sfchronicle.com. Page E - 2 URL: http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2005/02/14/BUG... )2005 San Francisco Chronicle | Feedback | FAQ -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'