 |
 |
|
|
|
|
Rich, easy pickings for hackers2006-01-27 By BusinessDay, January 2006 HACKING into a company to steal its confidential data or the banking details of its customers has become far easier in recent years, despite technical advances and stronger demands for corporate governance. Companies and government departments are still lackadaisical about protecting their secrets, and criminals are winning the cyber war, says Kevin Mitnick, the world’s most notorious hacker. Mitnick served five years in jail in the 1990s for hacking into organisations including Nokia and Novell, and the Pentagon itself. Now he runs Mitnick Security Consulting, and is paid to infiltrate networks to find and fix the vulnerabilities. Mitnick will visit SA for the first time in March to address the IT-Web Security Summit. “It’s become easier to hack today because when somebody finds a vulnerability it gets published on the internet so everybody can access the information,” he says. “The person finding the vulnerability needs to be clever and understand programming, but once they release the information, anybody with some technical knowledge can use it for illegal purposes.” New corporate governance laws have given higher priority to data security, but it is still a form of risk management with no direct return on investment. “It’s an insurance against a potential loss, so it’s last on the to-do list. Sometimes businesses gamble and hope they won’t be a victim, but if you are on the internet, your business systems are being probed for weaknesses every minute of every day,” he says. Mitnick insists he was never a malicious hacker, never profited from his exploits and never damaged data. Yet his notoriety was such that he spent eight months of his sentence in solitary confinement as the judge was told he could start a nuclear war by telephoning the North American Aerospace Defence Command and whistling modem tones into the receiver. Cyber crime cost companies and individuals about $400bn in 2004, says the Federal Bureau of Investigation, but just 5% of cyber criminals are caught. Low risk is coupled with high rewards as online banking and e commerce have created a vast market to attack. Online security company McAfee says professional criminals have taken over from amateur hackers, and are stealing information to commit fraud or extortion. McAfee warns that law enforcement agencies are struggling to keep pace as cyber criminals grow more sophisticated. Yet the average company is still either careless or complacent. In a recent experiment Mitnick connected six computers to the internet and recorded the attacks that occurred. It took less than four minutes for an automated attack to break through the security on one PC. A computer without a firewall faced 300 attacks an hour, while those with firewall protection faced four attacks an hour. But no technology can protect against employees giving out confidential passwords and personal identity numbers just because they are asked to. The most damaging attacks blend technical expertise with information gleaned from staff. Negligence also makes wireless networks highly vulnerable. Employees who like the convenience of using a notebook will simply install a wireless access point under their desk, opening the network to the outside world. “A lot of businesses and government agencies are running wireless networks with no security, and I can crack one of those within minutes,” says Mitnick. “Once on the wireless network, a bad guy can monitor traffic and steal passwords for the whole company.” The latest report from PricewaterhouseCoopers warns of a rapid rise in identity theft, corporate espionage and phishing scams, where e-mails trick people into revealing personal details. Its 2005 Information Security study polled 8200 executives in 63 countries, including SA: 22% had suffered a financial loss from a cyber attack — from only 7% in 2004 — but only 37% had a comprehensive security strategy in place. Another worrying trend is the prevalence of in-house assaults, with a third of attacks launched by employees and another 28% by former staff. Source: My Broadband |
Privacy Policy | Terms & Conditions | Terms Of Service | Sitemap