Corrections or additions?
This article by Bart Jackson was prepared for the June 5, 2002 edition of U.S. 1 Newspaper. All rights reserved.
Skunking Cyber Skullduggery
Last year over $456 million was stolen — or reported
stolen — from Americans by cyber criminals. Since the FBI estimates
a mere 34 percent of victims actually report such crimes, the actual
amount of theft by computer and the huge resulting cost of restoration
multiplies that figure easily into the billions. The question is,
how long can we treat this epidemic like some furtive Victorian disease
and politely sweep it under the rug?
Technical and business people seeking protection against this very
real and growing threat will find answers at the seminar “Information
Security: The Cost of Neglect” on Thursday, June 13, at 1:30 p.m.
at the Cyber Security Theater of the Garden State Exhibition Center
in Somerset. This seminar is one of 20 such workshops included in
the New Jersey Technology Showcase, which takes over the Garden State
Exhibition Center in Somerset from 10 a.m. to 4 p.m. on June 12 and
13. Sponsors of this free event, organized by trade show company ITEC,
include Microsoft, Intel, Gateway, and other major computer players.
To register visit www.goitec.com
This roundtable discusses subspecies of computer criminals and crimes;
our public and private response; and some solutions. The event sponsor
is InfraGuard, an arm of the FBI’s National Infrastructure Protection
Center. InfraGuard New Jersey unites enforcement and justice department
capabilities with academic resources, such as Andy Russnov of
the networking department at Princeton University.
Speakers include Gideon Lenkey, founder of RA Securities; Susan
Secco of InfraGuard; private security expert David Teuman;
Scott Christie from the Department of Justice, and RA Securities
agent Robert Grabowsky, who specializes in the human element.
There are many reasons businesses do not report a cyber break in and
theft. They include: “Our stockholders would worry.” “We
can’t appear like non-vigilant fools to the public.” “Our
clients will be afraid to send us their information.” “Sales
will fall.” “The boys in legal say we might even be held responsible.”
But speaker and securities specialist Lenkey insists that all these
rationales are short sighted. “We have convinced the criminals
that it’s worth a try since they are dwelling in an environment of
no-complaint, no-prosecution.”
Lenkey has first-hand experience of the benefits of
fighting back. After a boyhood in Blairstown, and graduating from
the County College of Morris, Lenkey began consulting for wide area
databases. These enormous infobanks included many of the state’s medical
claims’ databases, containing very private and sensitive facts about
patients. In l996, Lenkey’s system was, in his words, “egregiously
hacked.” Working with FBI agent Steve Foster, he began a very
hot cyber pursuit. It climaxed in a raid — the first search and
seizure of an Internet provider — and several arrests. Eventually
Lenkey went on to found RA Securities and Foster founded InfraGuard.
“Like any other criminal,” notes Lenkey, “computer bandits
fall into set categories with set patterns.”
The Everest hacker. This merely curious hacker breaksinto your system just because it’s there, and to see if he can. Buthe is seldom harmless. Typically he wants to conquer and own yourPC or server. He may use it to store files, possibly including hackertools or porn. Then he may examine his target of opportunity and seejust how much havoc he can laughingly wreak.The skimmer. “A slice from a loaf is never missed,”is the adage this white collar con lives by. Typically an insider,the skimmer knows the business routine intimately. The classic caseinvolves the “salami technique,” wherein a bank employee altersthe rounding off of each cent within each daily transaction. Thesesmall surpluses are automatically dropped into a separate account.”Interestingly, they never would have caught him had he switchedaccounts occasionally,” says Lenkey. “But the guy kept onlyone account and when it reached several million, the bank grew suspicious.”The Godfathers. Never fear that organized extortion diedwith Al Capone. This popular and growing group of data thieves breaksinto a company’s system and steals just a sample of their most confidentialfiles. They then approach the firm, via anonymous computer of course,display the files and threaten to reveal them on an internationalwebsite if the firm doesn’t come across with a hefty bribe. The victimizedbusiness may feel it can stand tough concerning its own information,but what about the confidential files of its clients? Unwilling tospook its customer, the firm pays.Ex-Soviet satellite nations, particularly Romania, are renowned forthis type of crime, Lenkey notes. But the traditional roots of organizedcrime are also adapting their talents to the modern age. In Sicily,a group called the Casa Nuova recently was caught in a $246 millionbank heist. In the process of tracing the heist computers, authoritiesuncovered a huge bribery ring and an entire university that the organizationhad taken over and transformed into a Cybercrime U., graduating scoresof diligent hackers.A less dramatic method used by organized hackers is the mere theftof vital information, for example, personal credit card or corporatebank account access numbers. A growing amount of these hackers reachinto the U.S. from over international borders. However, despite allthe invisibility myths, web criminals are very catchable.”Like any other criminal, they leave traces,” says Lenkey.”Most hackers don’t know all the precautions they need to leavea clean exit. And those precautions are multiplying every day.”As business owners, there is much we can do to protect ourselves.But primary is to develop a little understanding.Lenkey’s cardinal rule is that security depends on people, not gizmos.”The best bank vault in the world is rated to protect your assetsagainst only two hours of conventional cutting,” he explains.”In the end your security comes down to the watchful eye of thetellers and clerks who stand ready to push the alarm button.”Ironic words from a man whose very technical RA Securities is consideredstate of the art. But Lenkey explains that while his installationof RA Securities hardware saves on monitoring personnel, it also involvesa retraining of the entire staff to be specifically alert.— Bart JacksonPrevious StoryNext StoryCorrections or additions?This page is published by PrincetonInfo.com— the web site for U.S. 1 Newspaper in Princeton, New Jersey.
