[ISN] Hoosiers don't take cybercrime seriously

InfoSec News isn at c4i.org
Thu Nov 18 06:21:26 EST 2004


http://www.indystar.com/articles/7/195545-9937-223.html

By Norm Heikens
norm.heikens @ indystar.com
November 18, 2004
 
Computer security isn't improving fast enough to prevent hackers from
causing ever more mayhem -- or ultimately ward off the likely rise of
organized cybercrime, a Purdue University expert said at an
IUPUI-sponsored conference Wednesday.

Computer professor Marc Rogers, speaking to about 110 participants --
most of whom are involved in corporate or government information
technology -- warned that many companies doubt they'll be targeted by
people wanting to steal information or damage their systems.

But the individuals now tormenting systems personnel will seem like
Boy Scouts compared to the expected increase in organized cybercrime,
Rogers predicted.

"If we don't have our house in order before that happens, we're in for
a world of hurt," said Rogers, who worked more than a decade in law
enforcement before joining Purdue. "The criminals realize we're moving
much too slow."

Monday was a landmark for information-technology workers. It was the
effective date for a provision in the federal Sarbanes-Oxley Act of
2002 requiring corporations to make their information secure.

But few are in compliance, Rogers said at the forum at Indianapolis
University-Purdue University Indianapolis.

Assistant U.S. Attorney Steve DeBrota also advised companies to erect
thick firewalls.

Among the biggest problems are the highly sophisticated hackers in
Eurasia -- sometimes former Soviet Union intelligence employees -- who
have taken up identity theft, DeBrota said.

They're hard to catch because they sell the information to lower-level
criminals.

But the problem can just as easily be an employee who steals sensitive
information. He warned companies to beware of employees who set up
outside e-mail accounts that can be used to send information out of
the company.

Other times, hackers steal information and extort a company by
threatening to divulge it publicly. Few companies report such crimes,
said both DeBrota and Rogers.

Purdue's Rogers said one of the largest holes in cybersecurity is
high-speed Internet lines, particularly those hooked to homes.

Companies work hard to secure their own systems, then open themselves
to trouble when employees log in from homes, where their computers may
be infected with viruses.

Malfeasance is growing as the world wires itself together.

"Everybody is potentially our neighbor now," Rogers said.

Hoosiers who think cyber-attacks happen elsewhere should think again.

Quoting common attitudes, Rogers said, "We're little Indiana. Why
would anyone want to hack into our system?"

Participant Jack Osborne said the speakers confirmed what he hears and
reads elsewhere.

Osborne, a computer technician at the Indianapolis electrical control
maker Transportation Safety Technologies, said co-workers "get tired
of hearing me say, 'This is going to happen.' "

"I'm amazed the terrorists haven't entered it yet," he said.

Osborne thinks his company is fairly well-protected.

Yet, he added, "It's like your car. If someone wants in badly enough,
they will" get in.





More information about the ISN mailing list