In a new investigative report, the Senate Permanent Subcommittee on Investigations said hackers in some cases are infecting computers using software or programming commands hidden inside online advertisements. It suggested tougher U.S. regulations or new laws that could punish the ad networks in addition to prosecuting the hackers.
The subcommittee highlighted a December 2013 incident in which an Internet user visited a mainstream website and had all of her personal information stolen via an ad on Yahoo's network. Even worse: She didn't have to click on it to deliver a virus that gobbled up her information. And as many as 2 million others may have been exposed to the attack.
The online advertising industry has grown complicated "to such an extent that each party can conceivably claim it is not responsible when malware is delivered to a user's computer through an advertisement," the Senate report said.
The panel said it found no evidence that Google or Yahoo's ad networks are more vulnerable to malware attacks than other major ones. It said the industry as a whole remains vulnerable to such forms of attack.
Several bills in Congress aimed at strengthening Internet privacy and security have stalled, and there currently is no federal data-privacy law for Internet companies. One measure, the 2011 Commercial Privacy Bill of Rights Act, would have allowed the Federal Trade Commission to require security measures for sites that collect personal information.
Follow Jack Gillum on Twitter at http://twitter.com/jackgillum