In Response To: Computer Crime-Abetting Sites...
Original Article: http://biz.yahoo.com/bw/991018/ca_compute_1.html (Company Press Release) Computer Crime-Abetting Sites Will Dramatically Increase Costs for Businesses and Consumers Business Wire -- Oct. 18, 1999
> Hacking and computer-crime-abetting Web sites are supplying > Web surfers with tools and instructions that could cost > consumers and businesses worldwide over a trillion dollars this year.Wow! What a dramatic and shocking intro to a company press release. Unfortunately for them, it did not have the desired affect like they had planned I am guessing. Rather than think "This is a serious problem!", many colleages and myself said very little because of the laughter that ensued.
> Computer Economics research shows that hacking and computer crime > will experience a dramatic increase in the next few years due to > the abundance of Web sites devoted to these topics. Also factoring > into the growth of computer crime is the low cost of the tools and > instructions that these sites sell, and the rise of the wireless > Internet.I can't help but wonder why they use the word 'sell' in relation to computer crime information. Why they would refer to a handful of distributers that pawn off half a CD-ROM of outdated text files while ignoring the sites that give away up-to-date information for free. Perhaps this falls into the picture of nefarious activity and helps sell their cause? And where in the world did the wireless aspect come in?
> "The Internet has always been a haven for computer criminals," > said Computer Economics research analyst Adam Harriss. "The > technologically savvy hackers have been online swapping tips > and programming for decades, but now the information is being > posted and sold at low cost in a form that even the techno-illiterate > can understand. Causing damage to machines and infiltrating systems > has become as easy as putting together a child's Christmas toy."I would be willing to bet a couple dollars that Adam Harriss has been on the Internet for less than two years. I certainly hope I am correct as the above quote should only come from a complete neophyte that has little to no clue about the history of the Internet. Founded on open resources and sharing of knowledge, the Internet was a research and development network designed to facilitate the advancement of technology and all scientific ideas. For the first decade or two, there were no laws governing it. There was no 'computer crime', no laws against hacking or intrusion. To make such absurd and un-intelligent claims as Harriss does is an outright insult to the founders of the Net.
> While some hacker sites warn that the products they sell are to be > used for informational purposes only, other sites pander to malicious > users, and are growing a future generation of hackers by targeting > children. The proprietors of some hacking manuals tout them as guides > that help users "search for company secrets." Vendors of hacking > hardware often boast that their goods "screw up all types of computer > disks." Software that could be used to pirate other programs is > sometimes said to be "a must for anyone who doesn't want to pay full > price for software."I will send mail to the contact for this article as well, but let this be an open challenge for Computer Economics to quote where any "Vendor of hacking hardware" boasts that their goods "screw up all types of computer disks." It amazes me that industry charlatans get away with spewing loads of false claims without ever backing them in any fashion. That a single person gets taken in by such unfounded and wild claims still amazes me.
> Not only are these hacking tools priced very low, but many of the most > popular hacking tools, such as L0phtCrack, AntiSniff, nmap, and netcat > are free shareware. Manuals and software about hacking and computer > crime interests such as viruses, counterfeiting, piracy, and various > types of fraud typically run from $8 to $60.Interesting that Computer Economics calls L0phtCrack a 'hacking' tool, while agencies like the Department of Energy pay for it as an internal auditing tool. Security consultants and hackers alike use NMAP and other network scanning utilities. If a hacker uses ISS or Retina to break into an NT machine, does it automatically change their status from 'Network Security Scanner' to 'hacking tool'?
> The low cost of computer crime software and hardware combined with the > dramatic expansion of the Internet into new, lesser-developed regions > of the world promises to exacerbate the hacking problem. There are > roughly three times as many people using wireless phone services as > there are people on the Internet, so there is possibility for an > online explosion once a wireless Internet is established. With the > expansion and proliferation of the Internet in many countries with > loose regulation of computer crime and poorly organized law enforcement, > hacking and computer crime will flourish in the years to come.Blame it on third world nations, that always works! This is just about the last possible point of blame that could be drug into this article in a desperate attempt to sell that 'trillion' figure. We also get the second mention of the 'wireless' Internet that will be established. I'd hate to be the first to break this to Computer Economics, but wireless is already here, and it is in no position to challenge the hardline backbone the Internet relies on. Using this is weak justification for a completely unrelated point (that of computer crime proliferation).
> Computer Economics is an independent research firm specializing in > helping IT decision makers plan, manage, and control IT costs through > advisory services, analyst support, an innovative Web site, and > printed reports. Based in Carlsbad, Calif., Computer Economics serves > 82 percent of the Fortune 500. For further information, please visit > the Web site at http://www.computereconomics.com.Wow. 82 percent of Fortune 500 and I have never heard of this company. Asking around I can't find a single colleage that has seen the name, many of which work daily for Fortune 5's. Looking at their statement, it is interesting to note there is absolutely no mention of security services, computer forensics, computer crime control or anything remotely related to the subject of this press release.
Contact: Computer Economics Inc. Catherine Huneke, 760/438-8100, ext. 108 or 116 firstname.lastname@example.org http://www.computereconomics.comInflated damage figures. No quoted sources backing their claims. No reputation good or bad among a dozen or so security professionals. Add them up and it seems to me we have a new industry charlatan in the making.