Corrections or additions?

This article by Bart Jackson was prepared for the June 5, 2002 edition of U.S. 1 Newspaper. All rights reserved.

Skunking Cyber Skullduggery

Last year over $456 million was stolen — or reported

stolen — from Americans by cyber criminals. Since the FBI estimates

a mere 34 percent of victims actually report such crimes, the actual

amount of theft by computer and the huge resulting cost of restoration

multiplies that figure easily into the billions. The question is,

how long can we treat this epidemic like some furtive Victorian disease

and politely sweep it under the rug?

Technical and business people seeking protection against this very

real and growing threat will find answers at the seminar "Information

Security: The Cost of Neglect" on Thursday, June 13, at 1:30 p.m.

at the Cyber Security Theater of the Garden State Exhibition Center

in Somerset. This seminar is one of 20 such workshops included in

the New Jersey Technology Showcase, which takes over the Garden State

Exhibition Center in Somerset from 10 a.m. to 4 p.m. on June 12 and

13. Sponsors of this free event, organized by trade show company ITEC,

include Microsoft, Intel, Gateway, and other major computer players.

To register visit

This roundtable discusses subspecies of computer criminals and crimes;

our public and private response; and some solutions. The event sponsor

is InfraGuard, an arm of the FBI’s National Infrastructure Protection

Center. InfraGuard New Jersey unites enforcement and justice department

capabilities with academic resources, such as Andy Russnov of

the networking department at Princeton University.

Speakers include Gideon Lenkey, founder of RA Securities; Susan

Secco of InfraGuard; private security expert David Teuman;

Scott Christie from the Department of Justice, and RA Securities

agent Robert Grabowsky, who specializes in the human element.

There are many reasons businesses do not report a cyber break in and

theft. They include: "Our stockholders would worry." "We

can’t appear like non-vigilant fools to the public." "Our

clients will be afraid to send us their information." "Sales

will fall." "The boys in legal say we might even be held responsible."

But speaker and securities specialist Lenkey insists that all these

rationales are short sighted. "We have convinced the criminals

that it’s worth a try since they are dwelling in an environment of

no-complaint, no-prosecution."

Lenkey has first-hand experience of the benefits of

fighting back. After a boyhood in Blairstown, and graduating from

the County College of Morris, Lenkey began consulting for wide area

databases. These enormous infobanks included many of the state’s medical

claims’ databases, containing very private and sensitive facts about

patients. In l996, Lenkey’s system was, in his words, "egregiously

hacked." Working with FBI agent Steve Foster, he began a very

hot cyber pursuit. It climaxed in a raid — the first search and

seizure of an Internet provider — and several arrests. Eventually

Lenkey went on to found RA Securities and Foster founded InfraGuard.

"Like any other criminal," notes Lenkey, "computer bandits

fall into set categories with set patterns."

The Everest hacker. This merely curious hacker breaks

into your system just because it’s there, and to see if he can. But

he is seldom harmless. Typically he wants to conquer and own your

PC or server. He may use it to store files, possibly including hacker

tools or porn. Then he may examine his target of opportunity and see

just how much havoc he can laughingly wreak.

The skimmer. "A slice from a loaf is never missed,"

is the adage this white collar con lives by. Typically an insider,

the skimmer knows the business routine intimately. The classic case

involves the "salami technique," wherein a bank employee alters

the rounding off of each cent within each daily transaction. These

small surpluses are automatically dropped into a separate account.

"Interestingly, they never would have caught him had he switched

accounts occasionally," says Lenkey. "But the guy kept only

one account and when it reached several million, the bank grew suspicious."

The Godfathers. Never fear that organized extortion died

with Al Capone. This popular and growing group of data thieves breaks

into a company’s system and steals just a sample of their most confidential

files. They then approach the firm, via anonymous computer of course,

display the files and threaten to reveal them on an international

website if the firm doesn’t come across with a hefty bribe. The victimized

business may feel it can stand tough concerning its own information,

but what about the confidential files of its clients? Unwilling to

spook its customer, the firm pays.

Ex-Soviet satellite nations, particularly Romania, are renowned for

this type of crime, Lenkey notes. But the traditional roots of organized

crime are also adapting their talents to the modern age. In Sicily,

a group called the Casa Nuova recently was caught in a $246 million

bank heist. In the process of tracing the heist computers, authorities

uncovered a huge bribery ring and an entire university that the organization

had taken over and transformed into a Cybercrime U., graduating scores

of diligent hackers.

A less dramatic method used by organized hackers is the mere theft

of vital information, for example, personal credit card or corporate

bank account access numbers. A growing amount of these hackers reach

into the U.S. from over international borders. However, despite all

the invisibility myths, web criminals are very catchable.

"Like any other criminal, they leave traces," says Lenkey.

"Most hackers don’t know all the precautions they need to leave

a clean exit. And those precautions are multiplying every day."

As business owners, there is much we can do to protect ourselves.

But primary is to develop a little understanding.

Lenkey’s cardinal rule is that security depends on people, not gizmos.

"The best bank vault in the world is rated to protect your assets

against only two hours of conventional cutting," he explains.

"In the end your security comes down to the watchful eye of the

tellers and clerks who stand ready to push the alarm button."

Ironic words from a man whose very technical RA Securities is considered

state of the art. But Lenkey explains that while his installation

of RA Securities hardware saves on monitoring personnel, it also involves

a retraining of the entire staff to be specifically alert.

— Bart Jackson

Previous Story Next Story

Corrections or additions?

This page is published by

— the web site for U.S. 1 Newspaper in Princeton, New Jersey.

Facebook Comments