There was no Melissa virus in 2007, no LoveBug, no computer worm that brought corporate America to its knees for an afternoon. In fact, many experts suspect the days of that kind of cyber-havoc are over.

Today, cyber atttacks are more stealthy -- and much more successful. If 2007 offers any hints of what's to come, technology users will face a much wider spectrum of attacks next year. Their identities will be stolen, their computers will be hijacked, and probably, their handheld gadgets will be targeted like never before. Social networks will be a prime target for criminals, and cyber-spying may very well come of age.

Below you'll find a list of things tech users should worry about next year. But first, a quick recap of this year's techno-crime.

Massive data leaks grabbed the biggest headlines in 2007. In January came news that retailer TJ Maxx had suffered a serious hacker attack, and word eventually trickled out that nearly 50 million credit and debit cards were put at risk by that incident. Toward the end of the year, the British government had to admit it lost data on nearly half its population. And in between, the amount of data lost on U.S. residents eclipsed 215 million records, according to the Privacy Rights Clearinghouse. Sometime in 2008, I can safely predict, a piece of data will be reported lost for every single U.S. citizen, an astonishing number.

More astonishing? Not much will be done about it.

But while data leaks might be troubling, there's another technology headache that caused far more damage last year -- the attack of the (ro)bot armies.

This was a devastating year for many home computer users, and most people probably don't even know it. Vint Cerf, a founding father of the Internet, said in January that perhaps one-quarter of all PCs were infected with a computer virus, or "bot," that gives a hacker total control of their machine. There is some dispute about the total number of infected machines, but there's little disagreement that tens of millions of users are infected -- meaning at least one computer on your block right now is doing the bidding of a criminal.

Meanwhile, millions of consumers fell for phishing e-mails. Gartner's Avivah Litan released a study in December suggesting that U.S. consumers continue to fall for fake e-mail at alarming rates, losing $3 billion in the process.

How could cybercrime be committed on such a massive scale? Millions of infected computers, billions of dollars? Simple: the real story this year is the increased professionalism of cybercrooks. In fact, an entire new industry has formed around phishing and viruses, says Symantec researcher Vincent Weafer – cybercrime customer support.

Russian hackers are now writing software that automates many attacks. A program named "Mpack" lets malicious programmers create viruses that infect home computers with a few mouse clicks. Software called "Rockfish" automates creation of phishing campaigns. Both sell for hundreds of dollars, and even come with support contracts. And both, Weafer says, allow hackers to profit off cybercrime without ever having to get their fingers dirty with actual theft.

"The top three automation tools accounted for about 40 percent of all phishing e-mails in 2007," Weafer said.

So if 2007 was the year of the automated theft, the 'bot armies and more phish than an aquarium, what does 2008 have in store? Here are some predictions for high-tech crime and other tech troubles in the New Year.

NEXT YEAR
1) More targeted phish
Criminals are refining their attacks in other ways. They've learned that the more personal a fake e-mail is, the more likely a consumer will fall for it. You probably won't answer an e-mail from a credit union where you don't have an account. But if the e-mail is addressed to you, indicates your home town, and comes from your bank, you just might fall for it. Also, studies have shown men are much more likely to fall for e-mail trickery that comes from women. Expect much trickier phish next year.

2) Social networking attacks
Criminals have been probing MySpace and Facebook for a while now, looking for ways to take advantage of the huge audiences these sites command. So far, both firms have contained such attacks, in part because their closed networks are hard to inject with malicious code -- and attacks are easy to stop once they happens. But as third-party tools and applications become more popular, Facebook and MySpace attacks will become much easier.
Still, even if there is no noteworthy "Facebook virus," criminals already make extensive use of social networking sites, says Weafer. Using tools borrowed from marketing gurus, computer criminals are now building extensive databases with potential victim profiles (for use in targeted phishing attacks, for example). Social networks are the perfect place to do such research, and once again, automated tools have been developed for just that purpose. Software "scrapes" social networking sites, depositing tidbits into a database for use in later social engineering tricks, Weafer said.

3) Cell phone attacks
For years, experts (doomsayers?) have predicted a cell phone virus would eventually be created that would rampage through the world of mobile handsets. It hasn't happened, largely because cell-phone software and hardware vary so much; uniform PCs were always a much easier target.

But with the continued adoption of smartphones, which use software that works much like traditional PC software, most experts think it's only a matter of time before cell phones suffer a full-fledged attack.

"All devices hooked up to the network will become equal opportunity targets very soon," warns David Smith, vice president of research firm Technology Futures Inc.

4) Nation-state attacks
You might have missed this story because it didn't involve the U.S. government, but a remarkable thing happened earlier this month, according to the Times of London. The secretive MI5 agency sent warning letters to 300 banks saying they should be on the lookout for Chinese hackers. Cyberspies had already attacked Rolls Royce and Royal Dutch Shell, the newspaper said.

British officials never confirmed the report, but earlier in the year had issued more general warnings about cyberattacks.

It certainly wasn't the only reported incident of cyberwar last year. In the most notable event, Estonian officials in May blamed the Russian government for disabling its Web sites after a political scuffle between the two nations.

As with any such accusations, it's nearly impossible to confirm who was behind these attacks. But Smith, thinks the long-promised Cyber Cold War may finally be emerging.

"(Next year) will see a continuance of such attacks by China on Western governments and industry," he said in his annual list of technology predictions. "More penetrations of government agencies and labs will be uncovered and publicized."

Dramatic attacks on infrastructure are not likely; rather, these attacks will be more subtle and focused on information-gathering, he said. "They are basically data mining, or spying."

5) More interruptions, more lost sleep
Lost in all the discussion about child predators online is the much more widespread problem parents face: sleepless kids who stay up all night IM'ing friends and posting pictures instead of doing homework. Teachers report more sleepy students than ever, and with the addiction that is social networking, the problem will only get worse. So will its adult version, the CrackBerry addiction. Basex Inc. recently estimated that endless interruptions from our gadgets costs the U.S. economy $650 million last year. That estimate is a bit goofy, but I'm sure we've all had a conversation with someone who's distracted by e-mail or texting. How can we put a price tag on the fact that we're all starved for undivided attention? As e-mail phones become ubiquitous, the problem of divided attention will only increase.

6) More bots
Finally, just because we've already talked extensively about the problem of bots doesn't mean it can't get any worse. In fact, it will. Virus writers are so good at their craft now that they can take control of a home computer, use it to commit crimes or send out spam and never be detected. As long as consumers are unaware that they are accomplices to a crime, they won't do anything to stop it. Despite a few high-profile arrests and a concerted effort by the FBI to stop the problem (the "Bot Roast"), criminals will control more computers than ever next year.

What do you think will happen next year? Share your thoughts below.

An employee who works for the company that processes Disney Movie Club transactions was caught trying to sell customer credit card information, Disney told its customers this week. The story echoes an incident revealed by Fidelity National Information Services earlier this month.

The employee was nabbed in an "undercover sting operation" run by a federal law enforcement agency, according to a letter sent July 6 by the Disney Movie Club to its members.

The employee did not work for Disney, but rather for Alta Resources Inc., which processes transactions and fulfills orders for the Disney Movie Club, the letter said. The employee has been dismissed and the Secret Service is continuing to investigate, according to Disney.

Like traditional music clubs, members of the Disney club sign up to receive one Disney movie each month at a discounted rate, which they can accept or return. It's not clear how many customers received the notice from Disney. Eric Maehara, a Disney spokesman, said the firm was asked not to reveal additional details about the incident, including the number of stolen card numbers. The Disney Movie Club has 1 million members, but not all had their data stolen, he said. In some cases, the stolen data included telephone numbers and e-mail addresses.

A spokesman for Alta Resources did not immediately return phone calls.

Bill Elrick of Utah was one club member who received the notice.

"My first thought was, 'oh crap, not again.' I was also a victim of the TJ Maxx incident," Elrick said. "I just got done closing my account and opening a new one. ... Now I have to do that again."

Elrick is now waiting for another replacement debit card to arrive in the mail from his bank.

"This is a hassle," he said. "I am extremely irritated."

Elrick also said he was aggravated because his data was shared with Alta Resources, a company he'd never heard of.

"I don't remember giving Disney permission to share my information with anyone," he said.

Disney says it has informed the major card associations about the incident, but that it believes consumers have little to fear. The thief apparently bungled the job, and didn't steal all the data necessary to commit most frauds.

"We have been assured that the card security code (e.g. the CVV or CVC code) for your credit card was not included," the Disney letter said.

A wider trend
Still, the incident highlights a problem companies face that gets much less attention than cases of mysterious hackers breaking into company databases from across the Internet -- the inside job. Earlier this month, Fidelity announced that 2.3 million customer records were stolen from the company by an employee of an outside contractor and sold to marketing companies.

"Although the hacker story always gets better media play, the insider threat is more dangerous," said Larry Ponemon, a researcher who runs The Ponemon Institute, a privacy consulting firm "We are starting to see more stories about malicious insiders. Perhaps they are realizing there's a lot of money to be made with this data."

Insider data theft is hardly new. In 2002, Philip Cummings stole steal thousands of credit reports while working for a company that supplies tech support to the nation's credit bureaus, for example. But companies still don't spend as much as they should to stop insider theft, said Avivah Litan, a computer security analyst with research firm Gartner.

"One case of insider fraud does as much damage as 100 hacking attempts," Litan said. "They know where the data is, which accounts to steal, and often, they have access to it."

New technologies offer hope, Litan said. So-called "content monitoring" software watches employee computers for signs of suspicious activity, such as an attempt to download thousands of credit cards. Unfortunately, Litan said, most firms are too caught up in monitoring e-mail and Web browsing abuse to pay attention to data theft. While most firms monitor employee e-mail, for example, only about 5 percent watch for signs that workers are moving data on and off of company servers.

"A lot of this is easy to catch, but you have to have policies and software in place," Litan said. "Unfortunately, most firms have very few policies in place to prevent this kind of fraud."

Just how easy is it to hack into a cell phone?

The strange story of Heather Kuykendall and her neighbors in Tacoma, Wash., begs that question. Kuykendall says someone has managed to hijack her phone and use it to spy on her. Whoever it is apparently is able to turn her phone on and off, order the unit's camera to take pictures and even enable the speakerphone function so the device can be used as a bug. You can see the icky details in a Michael Okwu report that aired Friday on the Today Show.

Cell phone hacking to read someone's contact list is one thing; but cell phone spying is a far more disturbing possibility. Could whatever happened to Kuykendall and her neighbors happen to you?

The short answer: Yes, but it's very, very unlikely.

Cell phones are loaded with so much personal information -- and have so many new capabilities -- that phone hacking has been the holy grail for computer criminals for some time. Remember the hubbub after Paris Hilton's T-Mobile phone was "hacked" and her contact list stolen? Her Hollywood friends were getting prank calls for weeks.

Today, phones have even more capabilities. Many have GPS chips, allowing telephone companies -- and probably hackers -- to determine the exact location of any phone user. If computer criminals could figure out how to hack into these smart phones, imagine the chaos that could follow.

They've been trying. For years, enterprising software developers have invented tools that turn cell phone handsets into spying devices. Some are even sold commercially. These tools remain very rudimentary, however. Most important: They require physical access to the phone, both to load the spyware and to turn it on.

If you think about it, this physical access requirement severely limits the threat of cell phone spying. An anonymous criminal tapping into your phone from across the Internet is frightening; having a family member or ex-boyfriend spy on your phone is still spooky, but that's not really a technology problem. After all, someone who had possession of your phone long enough install software could also read through your sent text messages.

There have been some demonstrations of spyware being added to cell phones without physical access -- over short distances using Bluetooth technology, for example.

New viruses being developed
In an effort to install cell phone spying software over longer distances, virus writers are also trying to invent Trojan horses that would trick consumers into downloading and installing spyware on their phones, similar to the way e-mail attachment viruses work, says Paul Miller, the head of mobile device security at Symantec Corp. But so far, there have been no confirmed attacks using this method, only experiments, he said.

Another problem for the virus writers: Only about 15 percent of cell phone users have "smart phones" with operating systems sophisticated enough to be hit by such an attack, Miller said.

That's part of the reason it's hard to hack cell phones. A PC hacker knows that any software flaw can be used to attack about 95 percent all computers, because the Windows operating system is so widespread. But there are numerous cell phone operating systems, so flaws can't be used for widespread attacks. Perhaps more important, hackers' can't build on one another's work.

"Any flaw you find couldn't be used on 98 percent of the phones out there," Miller said.

All these factors indicate that cell phone spying of the type that hit Tacoma would likely be committed by a family member, friend or neighbor.

But not everyone agrees that remote cell phone spying is so unlikely. Massachusetts-based security consultant James Atkinson says cell phones that run some operating systems designed to download new applications can be tricked into downloading spy software.

"It's just a matter of accessing the operating system," he said.

Atkinson could not point to confirmed cases of this happening. And if it were widespread, hacker chat rooms would certainly be abuzz with discussion about it. After all, when it became known that criminals could use caller-ID spoofing to hear other people's cell phone voice mail, that didn't stay a secret long. And stories of crazed ex-boyfriends spying on their former girlfriends through voicemail snooping were widespread.

That doesn't mean there won't some day be widespread spying committed with these incredibly sophisticated cell phone we are all carrying around. The more capabilities each cell phone has, the more chances that hackers can find a glitch and exploit it. So consumers should treat those smart phones with the same care they treat their PCs. Never agree to open a file or install a program that arrives unexpectedly, for example.

"These things are small computers," Miller said. "We want to get people the message to treat them like computers."

For the truly paranoid, you could consider removing your cell phone battery from your phone when you are not using it. That would foil any attempts to use it as a spying device. Of course, it would also severely limit the phone's usefulness. And you should balance a choice like that with the answers to some realistic questions, such as: How valuable would it be for someone else to remotely access your cell phone camera and take pictures of the inside of your pocket?