Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Experts: Cyber-Criminals Still Running Amok

    Written by

    Matt Hines
    Published May 12, 2006
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      BOSTON—Gathered in the subterranean confines of a decommissioned vault in the basement of the Boston Stock Exchange, a panel of IT security experts told the assembled crowd that short of locking all their proprietary information in such a contraption, there may be little hope for securing their data.

      Brought together on May 12 for imaging giant Xeroxs 2006 Security Summit, the group of technology, intellectual property and law enforcement specialists painted a dreary picture of the current state of information security in enterprise companies, and even U.S. government agencies.

      Their warnings and anecdotes left little doubt among attendees that much work remains to be done in fighting the growing threat of so-called cyber-crimes.

      Among the perils that stalk enterprises and seek to spirit away their trade secrets, customer information and money, are a new breed of organized criminals, a lack of proper tools for detecting the most advanced forms of computer attacks and legions of unsuspecting workers who leave their employers most valuable information assets available for the taking.

      One of the fastest growing areas of IT-related felonies is trade secret theft, carried out by everyone from legitimate business to electronic crime syndicates and even foreign governments, said Craig Morford, the first assistant U.S. Attorney for the Northern District of Ohio.

      “Five or ten years ago companies recruited one of your employees to steal data, and its much scarier to think that today someone doesnt even need to break into your building to get the same information,” he said.

      “Theres a twenty-something-year-old guy in the Ukraine in a run-down apartment who is entering your company where the information is kept so he can sell it, and this sort of thing is happening on a regular basis.”

      Morford, who has won national acclaim for his work fighting both traditional organized criminals and emerging cyber-criminals, said that people who formerly sold stolen credit card accounts have advanced their operations into “eBay-like” businesses where they instead market malware such as polymorphic virus code to others, who in turn use the code to carry out their own schemes.

      The attorney said that it may be even harder to trace the reach of such criminals since, unlike the Mafia of old, those individuals specializing in IT attacks are able to hide themselves behind layers of technological barriers and often work together with large numbers of people they have never even met, who may be spread anywhere around the world.

      “Were seeing the growth of a large number of criminal entities targeting U.S. organizations for cyber-crimes, and its sort of like the atmosphere around organized crime here in the U.S. in the 1950s as it seems that were only just scratching the surface of this type of activity,” he said.

      /zimages/5/28571.gifClick here for an interview about cyber-crime with Craig Morford, first assistant U.S. Attorney for the Northern District of Ohio.

      Among the recent examples of such attacks that Morford and other experts highlighted was a failed attempt by one hacker to extort $200,000 from financial news giant Bloomberg.

      The 22 year-old individual, who hailed from Kazakhstan, was reportedly able to break into the companys network and steal the account information of some of the firms largest customers, as well as the detailed personal information of founder and New York City Mayor Michael Bloomberg, including his address and social security number.

      While the plot was foiled when the FBI arrested the hacker in London trying to accept his ransom, said Morford, it stands as evidence of the type of sophisticated attack that can be launched by one individual alone.

      In an even scarier scenario, Dan Verton, executive editor of the monthly newsmagazine Homeland Defense Journal, described how security workers at an unnamed government agency caught an employee communicating with outsiders via the organizations IT network.

      The worker was reportedly communicating with other people regarding plans to support the Middle East-based terrorist group Al Qaeda, which is believed to be responsible for the attacks of September 11, 2001.

      Next Page: Adult content and spyware.

      Adult Content and Spyware

      One of the greatest information security threats to U.S. enterprises remains workers illicit viewing of adult content on their work-issued PCs and laptops at home, and then unknowingly carrying the spyware programs they contract on such sites back into their companys operations.

      “Companies are suffering under the weight of adult content as employees are opening enterprises to boatloads of spyware thats capable of stealing information,” said Verton, who has also authored several books on IT security.

      “The truth is that most businesses really have no confidence regarding where exactly their proprietary data is secure at any time, and its getting harder to differentiate between internal and external threats.”

      The issue of the internal threat is one of the most biggest challenges facing IT departments because it is becoming easier for people to download information onto mobile devices, send out data via obscure network ports and transfer physical documents into electronic files and images, said the experts.

      As a result of the insider threat, companies are struggling perhaps more than ever before, said Mark Halligan, principal attorney at the Chicago-based law firm Welsh & Katz, which specializes in intellectual property law.

      To demonstrate the ease with which people can plug devices into corporate networks that allow them to walk away with gigabits of stolen information, the attorney showed off his wristwatch which featured a USB connector and onboard memory.

      “This whole concept we have of the security perimeter has disappeared; its more about where your critical data is being protected at any given time,” Halligan said.

      “Companies lack the technical capabilities to ensure that employees, good and bad, can be effectively monitored. IT is the vehicle for distributing these assets and you wont know that youve been fleeced until you get to a trade show and your next big product is already there.”

      While the experts contend that the pressure on enterprises network defenses shows no sign of abating, and in fact may likely increase, they agreed that most companies must begin aggressively distributing and enforcing IT security policies, and holding workers caught breaking the rules more accountable.

      /zimages/5/28571.gifAmerican Express warns of a phony log-in screen on its site. Click here to read more.

      When someone is caught circumventing internal procedures, firms should strongly consider terminating those employees to protect themselves and send a message to other workers, they said.

      On the flip side of the coin, enterprises may consider rewarding workers who openly promote adherence to company guidelines to foster an atmosphere where the rules are respected, rather than resented, said the industry watchers.

      While workers may not like that their actions are being tracked in the workplace, and that they must hand over some level of privacy on the job to allow for better data protections, the benefits of more pervasive IT systems monitoring outweigh those concerns, the panelists said.

      “You have to adopt a system where you can trust your workers, but where you frequently verify their identification and intentions,” said Verton.

      “Dont be too concerned that youre going to make people uncomfortable; if you help them understand that their livelihood, and their paychecks, are directly tied to protecting your data, they will get it.”

      /zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines
      Matt Hines

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×