Microsoft: Web 2.0's 'Kobe Bryant' moment coming

Privacy may soon become a much bigger deal to the Web 2.0 world.

That's because Web 2.0's ability to mash up components from different Web sites into one customized user experience can also lead to a disconnect between the privacy users expect and what they actually receive, according to Jonathan Pincus, general manager of strategy development with Microsoft's Online Services Group. "In the Web 2.0 world, one of the really interesting changes is privacy becomes as important an issue as security," he said in a recent interview.

"Because there's so much more information out there and the lines of sharing it get so much blurrier," he added, "people usually assume there are a lot more privacy guarantees then there actually are."

Pincus predicted that this misplaced sense of privacy may ultimately be exposed in the most prominent of public policy forums: the tabloid press. "At some point soon there's going to be some kind of major court case or high-profile divorce in which some kind of information from a social-networking site gets used as a key piece of evidence," he said. "Sort of like what happened with Kobe Bryant and the phone records being available. People were kind of surprised, 'Oh they can get at the phone information?' Stuff like that gives people a very different viewpoint on privacy."

In 2004, a judge granted Bryant's lawyers access to text message records of a woman who had accused the Los Angeles Lakers basketball star of rape. The charges against Bryant were later dropped.

Microsoft has been trying to promote itself as a leader in the online privacy space in recent months. On Tuesday, the company released data showing that attackers are increasingly targeting personal information.

In the first six months of 2007, Microsoft counted 31.6 million phishing scams, a jump of 150 percent from the six months prior. The company's Security Intelligence Report also tracked a 500 percent increase in Trojan downloaders, which are malicious programs used to install other malware on victim's systems.

"As the security of the operating system improves, we are seeing cybercriminals becoming more sophisticated, diverse, and targeted in their methods of stealing personal information," Microsoft said in a statement on the report. "Personal information is the currency of crime, and malicious attackers are targeting it to make their cyberattacks and other scams more authentic, credible, and successful, and to make a profit."

However, one security researcher said that phishers may now be moving beyond ID theft and looking to even more lucrative areas, such as pump-and-dump stock scams. In these scams, criminals flood inboxes with e-mails promoting penny stocks and then sell shares when the stock price rises.

"Everything I've read and seen suggests that these attacks may be successful in stealing information but that it is difficult for the attackers to turn that information into revenue," said Brandon Enright, a network security analyst at the University of California, San Diego, in an e-mail interview on Tuesday. "The [Microsoft] study didn't cover pump and dump at all. I suspect if it had, they would have pump-and-dump scams growing much more rapidly than 150 percent over the previous 6 to 12 months."

Two of the most organized online criminal groups -- the creators of the Rustock and Storm malware -- have turned to pump-and-dump scams, he added. "They could execute basically any attack they wanted. They chose pump and dump. That says a lot about how lucrative the various attacks are."