| The world is seemingly marching on towards conflict on
both home and foreign fronts, with terrorism capable of striking
anywhere at any time. In the face of all this military and
political activity, much has been said and done to prevent
hostile attacks from a variety of political and religious
groups. But, it is the growing battle in cyberspace that experts
are calling for increased attention on.
With more damage being perpetrated against both governments
and industry through computer hacking, increased security
and legal measures are being set in place to counteract
this growing wave of criminal activity.
Symantec Corporation, an Internet security technology company,
has compiled statistics showing that hacking activity on the
Internet is growing at a staggering rate of sixty-four per
cent per year.
During the first half of 2002, there were an average of
32 attacks per week on businesses which have a presence
in cyberspace, compared to 25 attacks during the second
half of 2001.
There are also about 400 to 500 new viruses identified
every month, with power and energy company networks being
the most popular target, followed by financial service institutions.
In self-defence
In fact, the problem is growing at such a rate that there
is an emergence of "white hat hacking" courses
being offered to companies so they can identify vulnerabilities
before being hacked. Course participants are offered step-by-step
procedures for executing Internet, intranet and host-level
security reviews, as well as taught how to identify, exploit,
and secure well-known, and little known, vulnerabilities
found in system networks and software.
SBC Communications, a data, voice and Internet services
provider has recently launched an anti-hacker research centre.
Aimed at protecting consumers and Internet networks from
security violations, the Internet and Assurance Security
Center (IASC) lab was created in response to the rising
tide of Internet security violations, such as viruses, worms
and denial of service (DoS) attacks.
The Cyber Security
Enhancement Act
The growing trend has also prompted the US government to
pass a bill providing severe penalties for computer crimes,
which endanger human life or critical systems within the
US's infrastructure.
Bill H.R. 3842, the Cyber Security Enhancement Act (CSEA),
also alters current regulations on surveillance and allows
wiretaps to be installed in the event an attack is deemed
to threaten national security.
Passed with a huge majority in early November, the Bill
includes a provision for a maximum life sentence for anyone
putting lives at risk by breaking into and altering computer
systems, or through reckless misuse of a computer.
Critics, however, claim the CSEA is a serious threat to
individual privacy, as it gives agencies the authority to
obtain email or electronic communications without having
to establish "probable cause" that a crime has
occurred or is about to occur.
"It reduces the accountability of government in implementing
provisions of the USA-PATRIOT Act, leaving the door open
even wider to allowing abuses of civil liberties and privacy
rights of law-abiding Americans" states Bradley Jansen,
Deputy Director of the Center for Technology Policy at the
Free Congress Foundation.
Human errors
The blame for hacking is not just linked to hostile forces,
though, as company employees are more commonly being identified
as the source, intentional or otherwise, of company security
breaches.
The UK government's Department for Trade and Industry's
annual Information Security Breaches report has claimed
that employees in the UK are using digital cameras and handheld
PCs to steal from, or commit sabotage against, their own
companies.
Removable memory cards allow software to be brought onto
the premises and the devices themselves can be used to smuggle
out confidential or sensitive information.
This worrying claim was brought to light following a survey
demonstrating how company workers were responsible for nearly
half of the most serious security incidents to hit businesses
in 2001.
The report also revealed that 48% of bigger companies blamed
the worst cases of their security breaches on employees.
These incidents included virus outbreaks, fraud and cracking
corporate computer networks from the inside.
There are other ways in which employees can cause security
breaches and make it easier for hackers to gain access to
company systems. Those who are not familiar with computers,
or who are careless with their e-mail, can inadvertently help
hackers get access to an internal network or trigger virus
outbreaks.
For example, employees at call centres are potentially
vulnerable to hackers who will call to try and extract information
regarding account details and passwords.
The infamous hacker Kevin Mitnick, who has spent more than
five years in prison for hacking offences and is banned
from using a computer or surfing the Internet, best demonstrates
this case. Mitnick claims he rarely used technology to gain
access to networks, preferring instead to use social engineering
to sleuth required information.
He has written a book called The Art of Deception,
which describes the various ways in which employees, unintentionally,
leak information that can then be exploited by hackers.
Prevention
the best medicine
The best way to prevent staff from being taken advantage
of or divulging vital snippets of information is by training
them to be vigilant in the face of an ever-increasing world
of fraud and cyber-crime.
A trained staff member will choose uncommon passwords,
be suspicious of unsolicited emails and will not give out
confidential information - a precious and sometimes vital
commodity in the modern world of hacking.
For more information and interesting articles on computer
hacking go to www.internetnews.com
|
