Security News > 2000 > June > Team to Quash Hackers, Expert Says
http://www.pcworld.com/pcwtoday/article/0,1510,17334,00.html by Douglas F. Gray, IDG News Service June 21, 2000, 3:58 p.m. PT LONDON -- The simple act of reporting hackers to authorities is one of the most effective weapons businesses can use to fight cybercriminals, but it is also among the most rarely used. "Companies are naturally resistant to tell the world they have been victims of fraud. They are afraid people will laugh at them," says Pottengal Mukundan, director of the International Chamber of Commerce's Commercial Crime Services division. Of course, companies are also worried about the negative effects of such an admission on customer relations and stock prices, Mukundan says, speaking here at InfowarCon 2000. But the victims' reluctance has a price. "In the absence of actual meaningful information coming from corporations, it is difficult to stop the crime," he says. Various studies find 90 percent of respondents detected computer security breaches in 1999. Of those surveyed, 74 percent report financial losses because of security breaches, Mukundan says. The Computer Security Institute and the FBI's computer intrusion squad have surveyed large companies and U.S. government agencies. A survey conducted in England for the Department of Trade and Industry shows that 60 percent of respondents suffered a computer security breach in the last two years, he adds. Emulate the Enemy Mukundan says the "bad guys" are collaborating while the "good guys" are going it alone. "It is important for these companies to portray a good image, so the good guys end up keeping the information to themselves," he says. "The baddies, on the other hand, are out there freely sharing information with each other on the Web." Kits to create Trojan horses or viruses are widely available on the Internet. Consider the recent "ILOVE YOU" worm that jammed e-mail servers, Mukundan says. "The software was not sophisticated, but what the authors lacked in technical expertise, they made up for in guile. It brought the e-mail systems of some governments to a halt," he says. But the worm depended on unprepared humans, he says. "There is no reason for people sitting in an office to open an e-mail which is clearly suspicious and definitely not work-related." Bottom Line: Human Error The human angle in Internet security is too often ignored, Mukundan says. "Take the physical office building, for example. There is very little use in spending millions on software security if you don't have decent security on the premises," he says. Government agencies have sustained stolen laptops, and people have unwittingly sent insecure e-mail using PCs containing classified information. "The Internet is fundamentally insecure," Mukundan says. "Internal networks should be physically removed from the Web, and it makes sense to run static Web sites from a CD-ROM instead of a server." Software filters help, he adds. "But there is no point in having this system if the IT manager is too busy to actually look at the logs." Mukundan also advocates international laws related to cybercrime so criminals don't slip through gaps in the legal system. Online crimes can be as damaging as their physical counterparts, he notes. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
News URL
http://www.pcworld.com/pcwtoday/article/0,1510,17334,00.html