Serious business

1 2 Page 2
Page 2 of 2

Anyone with a database is at risk. Anybody that has something that I can buy, sell, trade or barter on the Internet. And that could be as much as bandwidth. If I break into your system and there's nothing else there worth taking, I can compromise the system and borrow your bandwidth. If you have a customer database of credit card numbers, home addresses that can be sold on the Internet, the credit cards can be sold, used for identity theft, used to open up bank accounts. So any business out there is just as likely to get hit as another. Of course [criminals] do gravitate a lot toward the e-commerce sites because they know e-commerce deals on the Internet and they're going to have databases and credit cards and things they're looking for. So they will always be a little more susceptible. But generally a lot of these programs are automated, and they're just looking for computers to get into. And they have no idea until they harvest them even what they have and what they've broken into.

A lot of crime or computer-related destructive activities come from employees inside an organization, people who work for the company, whether they're disgruntled or monetarily driven to steal or something like that. What are you seeing in that area?

Dave ThomasThe insider has always been the No. 1 threat, and probably always will be. No one knows the network better than someone who's on the inside. If that person gets disgruntled, they can take files with them. They can put files out there that can cause damage. They know the network better than anyone else. And generally you trust people inside the network. Up until just a couple years ago, most security appliances didn't even look internal within the network. Everyone was trusted internally and could move around the network as they pleased. But now that the threat has become more known, most security appliances now look internally and externally on the network to try to block access and look for patterns of suspicious activity. But again, it is a threat and it is a large threat.

What are companies doing to defend against that?

Unfortunately, the problem with the insider is you really can't predict it. We know how dangerous the insider threat can be, such as the Robert Hanssen case. [An FBI agent convicted in 2001 of selling intelligence to Russia]. We've had it internally [happen] to us. We changed our security policies and we constantly are vigilant about that with our own employees and other companies are doing the same. But you have no idea why an employee may be going bad on you most of the time and so it's very, very difficult to predict and/or prevent an insider from carrying out problems on your network.

With the  phishing scams, the scammers are trying to get money. But viruses sometimes seem to just be destructive. Are there viruses that are meant to steal money?

Absolutely. It's changed. The whole virus writing community has changed over the past year. When I first started doing this, and we were doing work in the community, the whole idea was to write a virus to get it to spread exponentially so you would get your name out in the media. Then maybe someone would hire you for an IT job, or you would be seen in the community as making a name for yourself because you wrote that virus. Now we're seeing everything completely change. The whole idea behind the malicious code now is to go out and steal access, putting key loggers in, stealing databases, personal information, harvesting computers for huge bot networks, where you can sell the bandwidth off to spammers. Most of the malicious code, we believe right now, is being written to harvest computers and then spam operators who are trying to spread spam are paying for that access. So you've seen forces join, if you will. Now if I need to get spam out, then I join forces with some hacking crew or virus writing crew that will go out and harvest the computers to allow me to put out the type of messages I need to put out. They've seen a lot of restrictions in the U.S. [lately], in closing down open proxies and different ways that spammers could get their information out. And they still need to spread that information. And there's money to be made now in selling bandwidth.

Are cybercrimes ever violent? Or result in violence?

They can be. There are instances of a lot of cyberstalking. Look at the exploitation of children and some of the things done with innocent images and kids that travel across state lines that are being exploited now by adults . . . [that has] grown significantly. We've had a presence out there for a long time, along with a lot of other state, local and federal agencies. But yes, we have seen violence associated with computer crimes.

Copyright © 2004 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
The 10 most powerful companies in enterprise networking 2022