Lax security and complacency make British businesses ideal targets for hackers and fraudsters, according to government research. The Department of Trade and Industry's Security Breaches Survey 2000 (ISBS 2000) shows that 60 per cent of British e-businesses have suffered a security breach in the last two years. The study was released at Infosecurity Europe 2000 on 11 April at Olympia in London.
“As they rush to trade electronically, organizations are increasingly exposing their information and IT systems to a wide range of security threats,” said a public relations firm working for the DTI
Even more alarmingly, two-thirds of the companies interviewed said they had not done anything to improve security since security was breached, according to the DTI, and 30 per cent don’t think they have anything worth protecting. The average costs of each intrusion was around £20,000.
Recent trends show an increasing number of youngsters who are responsible for unauthorised network intrusions costing tens of thousands of dollars. And hacking is easiest for those you trust most. Employees, former employees and contractors often take advantage of their trusted relationships to harm their ex-employers. Add these factors to the increased sophistication and complexity of intrusions, and you begin to understand the level of the problem.
In Hong Kong a teenager has been sentenced to six months in jail after pleading guilty to 49 computer crime-related charges, and his two accomplices have been sent to detention centres. The trio met up online, and swapped password information on several big accounts. The three have been released on bail pending an appeal.
Feeling less secure? A New Zealand company has introduced a device that is small enough to be hidden inside your keyboard, and which can monitor every key stroke you make. The device, known as KeyGhost, monitors and records every stroke on the keyboard and stores all data within itself.
In the US, the Census Bureau is deliberately playing down the availability of its online census form, as it has not fully tested the security of the site, although it is up and running. The philosophy appears to be that if no-one knows it’s there, it won't get hacked.
The FBI's snappily-named Washington Field Office Infrastructure Protection and Computer Intrusion Squad investigates breaches of computer networks belonging to telecommunications providers, private corporations, US Government agencies, and educational facilities. The squad also investigates the theft of cable and satellite signals, and co-operates with industry to limit damage on its home patch in its work to prevent cyber-based crime and improve the security of private and public networks,
Illegal computer network intrusions can cause loss of customer confidence, downstream liability, and the diversion of your resources to fight the breaches. The FBI offers some tips to help you minimize your vulnerability.
*Maintain backups of all original operating system software
*Maintain backups of ALL important data
*Maintain a solid, well thought out corporate security plan
*Install sufficient software to recognize attacks and track/audit defensive steps
*Routinely test network for vulnerabilities
*Change passwords frequently, especially when employees change jobs
*Use passwords containing alpha-numeric character combinations
*Cancel log-ins/passwords when employees leave the organization
*Reduce the number of modems on the system.
Carolyn Meinel is the author of ‘The Happy Hacker’ books, tools that teach how to hack computers and, conversely, make computer systems more secure against crackers, or purveyors of computer vandalism and crime. In her three decades as an engineer she has developed a strong distinction between hacking, which she says is about creation, and cracking, which she describes as the dark twin of computer system destruction. Hacking, she says, is about intellectual growth and development.
Meinel reflected: “A real hacker shows the flaws in a system and helps point out something to be fixed. Crackers, people responsible for computer crime, aren’t geniuses, they're just running programs. Crackers don't want people to know that they just run programs that other people have made.
“The basic hacker ethic is to teach other people. If you want to receive information, you have to give some. Problem solving is much faster when you work together. Mostly, I hope to reach people in their teens. Kids with tremendous energy need to be channeled to enrich their lives and the lives of others. Teenagers haven’t yet decided where their loyalties are, and that's when I hope to persuade them to hack for good, to create rather than destroy. Young people engage in criminal activity to prove they're geniuses, and I hope to show them another way.
“Hackers created the Internet. Freedom of speech has spread throughout the planet, and everyone has a voice. Hacking is also an economic benefit. A kid in Bangladesh can turn a crappy computer into an internet server thanks to the tools of the hackers, creating a level playing field for themselves.”
But please note, the Hackers’ website is copyright!