The same report says that 8% of all email contains a “blended threat”: links to malicious websites which try to take over your computer, for example.

“No one’s telling how much of our money is being stolen through the Internet because no one wants us to lose confidence in the system. The banks are making so much money out of it, they prefer to wear the costs or push them down to the customer. In the meantime, everyone has a story and global criminals are stalking our accounts, our phones and our PCs.”

The moral is, as always, don’t rush to have the “latest and greatest” software. Wait until it’s been exposed to the real worlkd for a while and the more serious bugs are ironed out.

“In this day and age I don’t think any organisation should be surprised when someone hacks in. It’s just a sad state of the industry today, the threats are always changing,” says Sydney Opera House director of information systems Claire Swaffield.

“The lesson for us is organisations of any size can be targeted by hackers and we need to have a really high level of vigilance… this is just a part of the reality of operating in an online space,” she says.

The lesson for your business is that you can’t ignore these issues. Even if you think “My business doesn’t have any secret data”—which is usually wrong anyway—if you have a website then that website is delivering material to other people’s computers. It’s your responsibility to ensure that isn’t something nasty.

Jersey Joe is a family-run business in New Jersey which sells sports apparel online. Last year they were hit by an Internet attack which disrupted their business for days, costing them hundreds of thousands of dollars in lost sales.

The culprit turned out to be 18-year-old Jason Arabo, who ran a competing sports jersey business from his home. He wanted to disrupt his competitors, so he got a friend of a friend, 17-year-old high school student Jasmine Singh, to deploy a “bot network”—a network of hacked computers which he could control—to launch an attack on Jersey Joe and another online shirt company, Distant Replays in Atlanta.

Singh was paid three pairs of sneakers and a watch.

Investigators have found “bot networks for hire” in the hacker underground for as little as $500.

Arabo was caught after an FBI sting, and was sentenced to 30 months jail. However most online attacks are never investigated and prosecutions are rare.

Lessons for small business

• If you’re doing business online, be prepared to respond to attacks to minimise the damage. At the very least, set up clear lines of communication so you can escalate problems to your Internet providers quickly.
• Make sure your own computers are properly protected so they don’t become part of an attacker’s bot network. Use anti-virus and other defensive software, and train your staff so they don’t install malicious software by accident. Review these defences regularly.

Further reading

• Stalking the Internet, an army on the rise from the International Herald Tribune has the full Jersey Joe story.
• Attack of the Bots from Wired magazine: “The latest threat to the Net: autonomous software programs that combine forces to perpetrate mayhem, fraud, and espionage on a global scale. How one company fought the new Internet mafia—and lost.” A lengthy article, but well worth reading.