Computer Crime

With an estimated one billion computers destined to be online by the year 2005, the threat from intrusion and the statistics regarding loss and computer crime will continue to grow exponentially. How many of these computers will be targeting you and your organization?

Computer Crime and What You Can Do About It

Ask any group of computer security professionals what computer crime is and you will get a multitude of different answers. The term computer crime is dynamic and far reaching. There is a broad spectrum of cyber crimes which may include:

• Unauthorized access by insiders (Employees)
• System penetration by outsiders (Hackers)
• Theft of proprietary information
• Financial Fraud
• Sabotage of data or network
• Disruption of network traffic
• Creation and distribution of malicious code (viruses)
• Software piracy
• Identity theft
• Hardware theft (laptops)
• Pornographic Uses

Computer crime is evolving at a pace which far outstrips the ability of most business and institutions to develop the safeguards necessary to completely protect their networks and computers. The Computer Security Institute recently released a report based on responses from 538 computer security practitioners. The findings of the 2001 Computer Crime and Security Survey confirm that the threat from computer crime and other information security breaches continues unabated, and that the financial toll is mounting.

(Statistics available at article end)

Business owners and operators are faced with attacks from outsiders (hackers), insiders (disgruntled or dishonest employees), and ineptitude on the part of curious employees who may inadvertently corrupt or destroy important and valuable data.

Hackers and criminals have adapted the advancements of computer technology to further their own illegal activities. Unfortunately, their actions have generally out-paced the ability of most organizations to respond effectively.

IT specialists are confronting new threats daily, including crimes resulting from wireless connections, PDAís and other devices. Servers continue to be the area most in need of safeguarding. The fact is that most business people donít know where their most valuable assets reside in their own systems.

Large companies and businesses may have in-house IT managers and computer security/ network experts who can monitor activity to prevent and detect abuses and criminal acts. Most small to medium sized businesses will require the use of well trained, capable, outside experts to assist them in monitoring their systems. Reading system and access logs can be vital in the identification of illicit activity. The importance of having experienced experts do this work cannot be overstated, particularly as it applies to seizing evidence, the investigation process, and compliance with applicable law.

Computer Investigators must know the materials to search and seize, the electronic evidence to recover, and the chain of custody to maintain. Without question, businesses have to be prepared to deal with the many evolving aspects of computer-related crimes and programs which have propagated at an amazing pace.

Organizations donít need to face these daunting challenges alone. SSC, Inc. has on staff computer security professionals. These professionals have the expertise to investigate computer security issues, as well as assisting business and institutions with network security and the examination and recovery of data. These services include but are not limited to:

• Hard Drive Forensics and Analysis
• Internet Usage and Security Reviews
• Email History and Data Retrieval
• Network and Firewall Testing
• Investigation of Employee Abuses

Highlights of the 2001 Computer Crime and Security Survey include:

• 85% of respondents (primarily large corporations and government agencies) detected computer security breaches within the last 12 months.
• 64% acknowledged financial losses due to computer breaches.
• 35% (186 respondents) were willing and/or able to quantify their financial losses. These respondents reported $377,828,700 in financial losses. By contrast, the losses from 249 respondents in 2000 totaled only $265,589,940. The average annual total over the three years prior to 2000 was $120,240,180.
• As in previous years, the most serious financial losses occurred through theft of proprietary information, with 34 respondents reporting $151,230,100. in losses, and financial fraud, with 21 respondents reporting $92,935,500. in losses.
• For the fourth year in a row, more respondents (70%) cited their Internet connection as a frequent point of attack than their internal systems as a frequent point of attack (31%). Indeed, the rise in those citing their Internet connections as a frequent point of attack rose from 59% in 2000 to 70% in 2001.
• 36% of respondents reported the intrusions to law enforcement; a significant increase from 2000, when only 25% reported them. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.)

Respondents detected a wide range of attacks and abuses. Here are some examples of attacks and abuses on the rise:

• 40% of respondents detected system penetration from the outside compared to 25% in 2000.
• 38% of respondents detected denial of service attacks compared to 27% in 2000.
• 91% detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems) compared to 79% in 2000.
• 94% detected computer viruses. Only 85% detected them in 2000.

For the third year, the survey asked some questions about electronic commerce over the Internet. Here are some of the results:

• 97% of respondents have WWW sites.
• 47% conduct electronic commerce on their sites.
• 23% suffered unauthorized access or misuse within the last 12 months.
• 27% said that they didn't know if there had been unauthorized access or misuse.
• 21% of those acknowledging attacks reported from 2 to 5 incidents.
• 58% reported 10 or more incidents.
• 90% of those attacked reported vandalism compared to 64% in 2000.
• 78% reported denial of service compared to 60% in 2000.
• 13% reported theft of transaction information compared to 8% in 2000.
• 8% reported financial fraud compared to 3% in 2000.

Sources:

Tangled Web by Richard Power
Computer Crime: The Insecurity of Your Network by Steven A. Sandberg
CSI 2001 Computer Crime Survey

Hot Topic Archives:   Security: What is it? Who needs it? And how much does it cost? Facing the real threat to commercial buildings in the US today Plenty of IM Security Holes Left to Plug An Effective Compromise Between Security and Privacy Travel and Terror Computer Crime Workplace Violence Laptop Theft

For inquiries about SSC’s services, please call 1-866-704-6140. Home · President's Message · Our People · Investigation Services Uniformed Security ·Security Computing · Risk Consulting Services Electronic Security · Partners · Upcoming Events Hot Topic · Employment · Links Press Releases · Contact Us SSC, Inc.    25 Controls Drive    Shelton, CT 06484 Toll Free: 866-704-6140  ·  Telephone: 203-925-6140  ·  FAX: 203-402-0387