The hole in the Internet
Companies that don't actively protect themselves against hackers are at fault for making their networks easy prey.
Cybercrime is, as Neal puts it, "a growth business," but it remains largely unreported. The most comprehensive study on the subject is the 2001 Computer Crime and Security Survey conducted by the Computer Security Institute and the FBI's San Francisco office. The study revealed that 47 percent of the companies surveyed had their systems penetrated from outside. A full 90 percent reported at least some form of electronic vandalism, and 13 percent reported stolen transaction information (personal data and credit card numbers, for example).
The statistic most overlooked in the CSI survey, however, is that only 14 percent of the companies queried even responded. "I get these people asking me, 'What can we do to stop this?' " Neal says in total exasperation. "I tell them, 'Well why don't you start reporting it? Answer the survey!' "
Few dispute the fact that cybercrime statistics are underreported. "I have a saying," says Bill Swallow (pictured), a former special agent with the Department of Defense's Defense Criminal Investigative Service who participated in the first undercover operation in which federal agents posed as hackers. "If it's not hardened [protected], it's hacked. And it's getting worse. The type of automation that is going on is scary." Swallow is talking about May's cyberwar between Chinese and U.S. hackers in which a group called the Honker Union of China unleashed an automated program that scanned the Internet for sites with a particular technical weakness. It took over those Web pages and defaced them with messages like "Beat down Imperialism of American!"
Automation, Swallow argues, is the future of cybercrime, and it will open it up to all sorts of groups, from hacktivists to career criminals and even terrorists. Most attacks could be thwarted easily if tech staff more diligently downloaded and applied software patches. A patch to fix one of the holes that the Honker Union of China attacks preyed on, for example, has been available for three years.
"You want to hear something really incredible?" Swallow asks. "Today, more than half of the boxes that are compromised are NT or Windows 2000 servers, and most of that is done with an exploit called Unicode. The patch for that has been out since last October!
"You've got to continually update your security," he adds. "But these IS guys are the busiest guys in the whole company and their first job is to just make sure that their server doesn't crash."
This begs the question: Is the information these servers hold really worth protecting? "It's everything that's in your company," sighs Swallow. "If somebody gets 'root' they can see it all: e-mail, personal information, Social Security numbers, company secrets, whatever. I can tell you there is a concerted effort to steal credit card numbers. I've seen intellectual property theft and corporate espionage, and we've started seeing indications of organised crime on the Web. The problem is huge."
A good story. Preaching to deaf ears in Australia though. Its going to take a massive attack which brings down a high profile company before people in Australia take security even remotely seriously.