Return-Path: <sentto-279987-3810-1005224559-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 08 Nov 2001 05:04:08 -0800 (PST) Received: (qmail 16341 invoked by uid 510); 8 Nov 2001 13:01:41 -0000 Received: from n35.groups.yahoo.com (216.115.96.85) by 204.181.12.215 with SMTP; 8 Nov 2001 13:01:41 -0000 X-eGroups-Return: sentto-279987-3810-1005224559-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.52] by n35.groups.yahoo.com with NNFMP; 08 Nov 2001 13:02:40 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 8 Nov 2001 13:02:39 -0000 Received: (qmail 87385 invoked from network); 8 Nov 2001 13:02:39 -0000 Received: from unknown (216.115.97.167) by m8.grp.snv.yahoo.com with QMQP; 8 Nov 2001 13:02:39 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 8 Nov 2001 13:02:39 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA8D2og15436 for iwar@onelist.com; Thu, 8 Nov 2001 05:02:50 -0800 Message-Id: <200111081302.fA8D2og15436@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 8 Nov 2001 05:02:50 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Companies.veil.true.level.of.hacking] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Companies veil true level of hacking Reuters, 11/7/2001 <a href="http://www.news24.co.za/News24/Finance/0,4186,2-8_1104621,00.html">http://www.news24.co.za/News24/Finance/0,4186,2-8_1104621,00.html> Johannesburg - The incidence of hacking, and associated financial loss, is far greater than what has been reported in the media, says Gary Middleton, national security business development manager at Dimension Data. "The majority of hacking incidents are covered up. Indeed, I believe that the IT crime statistics published periodically are totally inaccurate," he says. "Even if companies call in investigators once they suspect their systems have been infiltrated, they are extremely reluctant for any external parties to be aware of how much damage has really been caused. They will let the security experts establish that there has been a breach of security, but do not even allow them to go further and find out exactly what damage has been done, or by whom." According to a recent article by Thomas C Greene of The Register, published on the SecurityFocus website, many companies believe that the public relations cost of being identified in the media as having weak security is far greater than the damage most malicious hackers can inflict. "This is a major reason for companies to cover up computer crimes, in particular large public companies with most to lose in terms of reputation," says Middleton. But it is not only reputation that companies protect when they cover up computer crime. According to a well-known US security manager, Tom Perrine of the San Diego Supercomputer Centre, it is company time and effort as well. Perrine suggests companies conduct their own internal investigations before getting the police involved if they suspect a security breach. Law enforcement needs, he claims, often diverge from corporate needs, and companies could get bogged down, spending costly company time. "Expect them (the police) to move very slowly and deliberately, and to require a great deal of detailed information about your business," he told delegates to the tenth annual Usenix Security Symposium in Washington last week. "Expect to be interviewed by federal agents at least once, probably more. Expect to be called as a witness if the case goes to trial." Forensic services Middleton says companies are beginning to utilise security forensic services if they suspect a computer breach. "Many companies know that some wrongdoing, for example network intrusion, has occurred, but cannot pinpoint exactly where or what, and need help in identifying computer security violations," he says. According to Middleton, hackers - like many fraudsters - are extremely adept at covering their tracks, so although a company may detect an intrusion, it is often unable to assess the actual damage done. "Therefore, companies need to be aware that security breaches are a reality and try to ensure they both expose and counter these incidents," he said. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/XwUZwC/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST