杏吧原创

Companies turn blind eye to diddlers and spoofers

San Francisco

IN cyberspace, hardly anyone will scream 鈥淧olice!鈥 An American survey
co-sponsored by the FBI suggests that the vast majority of computer crimes go
unreported. The reason? Victims are more interested in concealing their
vulnerability from their customers than capturing the crooks.

The FBI drew up the questions for a survey of 428 corporate, government and
academic institutions, which was conducted by the Computer Security Institute, a
professional association of computer security experts. 鈥淲e are just starting to
attack the whole issue of computer crime,鈥 says George Grotz, a special agent
from the FBI鈥檚 San Francisco office. 鈥淭he first question we had was how much
crime is out there?鈥

The survey results look like 鈥渁 bad omen鈥 for computer crimebusters, says
Patrice Rapalus, director of the CSI. Of those organisations questioned, 41 per
cent admitted that their computer systems had been infiltrated by hackers at
least once in the previous year. One victim had logged a phenomenal 1000
attacks.

The trespassers seemed to be after more than just the thrill of treading on
forbidden ground. The most frequent form of attack on medical and financial
institutions, for instance, was 鈥渄iddling鈥, an industry term for changing
records without authorisation. Another common crime was 鈥渟poofing鈥, where the
hacker breaks in in order to send an e-mail under an assumed identity. 鈥淵ou get
someone who pretends to be the chief executive officer of the company and starts
issuing orders,鈥 explains Rapalus.

More than half the victims reported attacks that had originated within their
own systems, where disgruntled employees were the prime suspects. But nearly 40
per cent had been infiltrated from the outside, via modems or the Internet.
Competing companies and foreign governments were cited as possible perpetrators
of these attacks.

The big surprise was that despite the level of mischief detected, the
security managers at more than half the companies and institutions in the survey
had no policy on how to react to a break-in. Such preparedness, including
strict guidelines on documenting and preserving all the evidence, is vital
for bringing a case against criminals, says Grotz.

More than 83 per cent of those who took part in the study said they do not
notify the police when they spot a break-in. Rapalus believes that businesses
and institutions do not report these crimes because they are worried that doing
so might reveal just how vulnerable they are to intruders and undermine their
clients鈥 confidence. Advertising their poor security might also invite new
attacks.

FBI officials warn that computer crime is bound to flourish if computer-based
businesses and institutions continue to stay silent. In anticipation of the
coming crime wave, the FBI has beefed up its investigations, and over the past
year has established an International Computer Crime Squad, with special teams
in San Francisco, New York, and Washington DC. The survey suggests that
educating the people responsible for computer security should be a major part of
the squad鈥檚 efforts, says Grotz.

Computer crimes in the US

More from New 杏吧原创

Explore the latest news, articles and features