Corrections or additions?
This article by Bart Jackson was prepared for the June 5, 2002 edition of U.S. 1 Newspaper. All rights reserved.
Skunking Cyber Skullduggery
Last year over $456 million was stolen — or reported
stolen — from Americans by cyber criminals. Since the FBI estimates
a mere 34 percent of victims actually report such crimes, the actual
amount of theft by computer and the huge resulting cost of restoration
multiplies that figure easily into the billions. The question is,
how long can we treat this epidemic like some furtive Victorian disease
and politely sweep it under the rug?
Technical and business people seeking protection against this very
real and growing threat will find answers at the seminar "Information
Security: The Cost of Neglect" on Thursday, June 13, at 1:30 p.m.
at the Cyber Security Theater of the Garden State Exhibition Center
in Somerset. This seminar is one of 20 such workshops included in
the New Jersey Technology Showcase, which takes over the Garden State
Exhibition Center in Somerset from 10 a.m. to 4 p.m. on June 12 and
13. Sponsors of this free event, organized by trade show company ITEC,
include Microsoft, Intel, Gateway, and other major computer players.
To register visit www.goitec.com
This roundtable discusses subspecies of computer criminals and crimes;
our public and private response; and some solutions. The event sponsor
is InfraGuard, an arm of the FBI’s National Infrastructure Protection
Center. InfraGuard New Jersey unites enforcement and justice department
capabilities with academic resources, such as
the networking department at Princeton University.
Secco of InfraGuard; private security expert
There are many reasons businesses do not report a cyber break in and
theft. They include: "Our stockholders would worry." "We
can’t appear like non-vigilant fools to the public." "Our
clients will be afraid to send us their information." "Sales
will fall." "The boys in legal say we might even be held responsible."
But speaker and securities specialist Lenkey insists that all these
rationales are short sighted. "We have convinced the criminals
that it’s worth a try since they are dwelling in an environment of
Lenkey has first-hand experience of the benefits of
fighting back. After a boyhood in Blairstown, and graduating from
the County College of Morris, Lenkey began consulting for wide area
databases. These enormous infobanks included many of the state’s medical
claims’ databases, containing very private and sensitive facts about
patients. In l996, Lenkey’s system was, in his words, "egregiously
hacked." Working with FBI agent Steve Foster, he began a very
hot cyber pursuit. It climaxed in a raid — the first search and
seizure of an Internet provider — and several arrests. Eventually
Lenkey went on to found RA Securities and Foster founded InfraGuard.
"Like any other criminal," notes Lenkey, "computer bandits
fall into set categories with set patterns."
into your system just because it’s there, and to see if he can. But
he is seldom harmless. Typically he wants to conquer and own your
PC or server. He may use it to store files, possibly including hacker
tools or porn. Then he may examine his target of opportunity and see
just how much havoc he can laughingly wreak.
is the adage this white collar con lives by. Typically an insider,
the skimmer knows the business routine intimately. The classic case
involves the "salami technique," wherein a bank employee alters
the rounding off of each cent within each daily transaction. These
small surpluses are automatically dropped into a separate account.
"Interestingly, they never would have caught him had he switched
accounts occasionally," says Lenkey. "But the guy kept only
one account and when it reached several million, the bank grew suspicious."
with Al Capone. This popular and growing group of data thieves breaks
into a company’s system and steals just a sample of their most confidential
files. They then approach the firm, via anonymous computer of course,
display the files and threaten to reveal them on an international
website if the firm doesn’t come across with a hefty bribe. The victimized
business may feel it can stand tough concerning its own information,
but what about the confidential files of its clients? Unwilling to
spook its customer, the firm pays.
Ex-Soviet satellite nations, particularly Romania, are renowned for
this type of crime, Lenkey notes. But the traditional roots of organized
crime are also adapting their talents to the modern age. In Sicily,
a group called the Casa Nuova recently was caught in a $246 million
bank heist. In the process of tracing the heist computers, authorities
uncovered a huge bribery ring and an entire university that the organization
had taken over and transformed into a Cybercrime U., graduating scores
of diligent hackers.
A less dramatic method used by organized hackers is the mere theft
of vital information, for example, personal credit card or corporate
bank account access numbers. A growing amount of these hackers reach
into the U.S. from over international borders. However, despite all
the invisibility myths, web criminals are very catchable.
"Like any other criminal, they leave traces," says Lenkey.
"Most hackers don’t know all the precautions they need to leave
a clean exit. And those precautions are multiplying every day."
As business owners, there is much we can do to protect ourselves.
But primary is to develop a little understanding.
Lenkey’s cardinal rule is that security depends on people, not gizmos.
"The best bank vault in the world is rated to protect your assets
against only two hours of conventional cutting," he explains.
"In the end your security comes down to the watchful eye of the
tellers and clerks who stand ready to push the alarm button."
Ironic words from a man whose very technical RA Securities is considered
state of the art. But Lenkey explains that while his installation
of RA Securities hardware saves on monitoring personnel, it also involves
a retraining of the entire staff to be specifically alert.
— Bart Jackson
Corrections or additions?
This page is published by PrincetonInfo.com
— the web site for U.S. 1 Newspaper in Princeton, New Jersey.