[iwar] News
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Wed, 26 Apr 2000 16:23:02 -0700 (PDT)
fc Wed Apr 26 16:25:16 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Wed, 26 Apr 2000 16:25:16 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Apr 26 23:25:11 2000)
X-From_: sentto-279987-312-fc=all.net@returns.onelist.com Wed Apr 26 18:24:37 2000
Received: from fl.egroups.com (fl.egroups.com [208.50.144.74]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id SAA04114 for ; Wed, 26 Apr 2000 18:24:37 -0500
X-eGroups-Return: sentto-279987-312-fc=all.net@returns.onelist.com
Received: from [10.1.10.37] by fl.egroups.com with NNFMP; 26 Apr 2000 23:24:36 -0000
Received: (qmail 17086 invoked from network); 26 Apr 2000 23:23:04 -0000
Received: from unknown (10.1.10.27) by m3.onelist.org with QMQP; 26 Apr 2000 23:23:04 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta2 with SMTP; 26 Apr 2000 23:23:03 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id QAA12428 for iwar@onelist.com; Wed, 26 Apr 2000 16:23:02 -0700
Message-Id: <200004262323.QAA12428@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Wed, 26 Apr 2000 16:23:02 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: FWD: Criminals hot on Cyberspace Money Trail (USA Today)
03/22/00- Updated 09:50 AM ET
Criminals hot on cyberspace money trail
By M.J. Zuckerman, USA TODAY
WASHINGTON -- A survey of systems professionals out Wednesday shows 70%
report being victimized by serious computer crimes, especially on the
Internet.
When equipment theft, viruses and other pilfering are factored in, the
figure rises to 90%, according to the fifth annual survey by the FBI and the
Computer Security Institute (CSI) of San Francisco.
Those claiming financial losses reported totals exceeded $265 million, more
than double that of 1999.
"There is exponentially more money and value being placed on the Net," says
Martha Stansell-Gamm, head of the Justice Department's computer crime
section, "and that is attracting a kind of crook in the model of Willie
Sutton."
Sutton was notorious for nearly 100 bank robberies in 30 years. Upon his
arrest in 1952, he is said to have explained why he robbed banks: "Because
that's where the money is."
"If Sutton were around today, he most certainly would say, 'I rob e-tailers
because that is where the money is,' " says Kawika Daguio of the Financial
Information Protection Association.
The numbers in a new survey of systems professionals bear him out. The fifth
annual Computer Crime and Security Survey shows that the Internet is termed
a "frequent point of attack" by 59% of those responding; in 1996, only 37%
cited the Net. In the past year alone, those reporting crimes involving
breaches of Internet security rose from 62% to more than 70%.
Law enforcement and private sector officials long have insisted that
Internet prosperity combined with maturing, skilled cybercriminals would
fuel an online crime spree against businesses.
"There aren't a lot of good data to really measure the scope of criminal
activity on the Net," Stansell-Gamm says. "But I can tell you, anecdotally,
we're seeing lots and lots of extortion -- not merely hacking, but crimes
for profit or malice."
Her view is reflected in the trends of rising online crime shown in five
years of member surveys conducted by the CSI, which provides security
training for corporations and governments.
"Nationally, crime is going down, but in cyberspace crime is rising, and
it's going to continue rising because there's always more crime on the
frontier than there is in long-established communities," says Richard Power,
who directs the annual CSI survey in cooperation with the FBI.
Not wanting to jeopardize public faith associated with the Internet's
growth, business has treated online crime losses as a cost of doing
business. Like shoplifting suffered by traditional retailers, Net companies
label the losses as "inventory shrinkage" and rarely report them.
According to the new survey, that practice has changed little in recent
years. Among companies suffering Internet losses, those reporting to
authorities dropped from 32% to 25% over the past year. Why? More than half
cited negative publicity, while 39% worried about competitors.
Some businesses and "many bankers fear that all the attention" being paid to
online crime could become an excuse for government to more closely regulate
and patrol the Internet, Daguio says.
Meanwhile, the Justice Department has budgeted $1 million for next year to
develop methods for collecting closely guarded data on computer
vulnerabilities and security breaches.
Alan Brill of Kroll-O'Gara, an international security and investigations
firm, calls online extortion "a very real problem" that's made more complex
by criminals' recognition that businesses will go to great lengths to avoid
publicly acknowledging a weakness. "In some cases, merely an extortionate
threat gains value without ever having to commit the underlying act," he
says.
He notes that online extortion typically involves a former employee
departing with some secret, perhaps the code for essential corporate data,
and returning weeks later as a "consultant" demanding a king's ransom for
the code.
"Now we're seeing more and more cases of outsiders getting into systems,
lifting important data and demanding a ransom for its return," Brill says.
"Next I expect they will attack (child) porn sites, grab customer lists and
threaten to expose the customers' surfing habits."
That's what made two attacks in January unique. When online music store CD
Universe and Visa International in London refused to pay off, the
extortionists went public, boasting to the media that they had stolen
hundreds of thousands of credit card accounts using the Net.
"Clearly, the kind of losses suffered by CD Universe is nothing new," says
Drew Williams of BindView Corp., a security marketing firm in Houston. "Is
this a new trend in computer attacks? No. Are we going to see more of these
kinds of attacks? Yes. It's simply the result of more businesses coming
online and having those assets exposed.
"Organizations have to do basic homework before they do business online,"
Williams says.
But even with the best protection money can buy, thieves will always follow
the money, Power says: "As long as we have had storefront businesses, you've
had people in the neighborhood trying to sell you protection. Why should it
be any different in cyberspace?"
------------------------------------------------------------------------
Join Garden.com's affiliate program and enjoy numerous benefits.
To learn more click here:
http://click.egroups.com/1/2753/7/_/595019/_/956791475/
------------------------------------------------------------------------
------------------
http://all.net/