Free Newsletters :
IT Management
Security
Read More in Security »

Take A Bite Out Of Computer Crime

July 17, 2001
By

Paul Desmond







As I was reading recently about a New Hampshire guy going to jail for hacking into his ex-employer's network, it struck me that I've been seeing more and more of these types of stories, with all manner of computer criminals being arrested, prosecuted, and convicted, both in the United States and abroad.

To make sure I wasn't imagining the phenomenon, I checked with the National Infrastructure Protection Center. The NIPC works with U.S. government agencies, state and local governments, and the private sector to protect critical infrastructures, including those of telecommunications companies and banks. Sure enough, I found out the number of computer crime cases the NIPC works on has doubled every year since its inception in 1998. Currently, the agency is investigating with the FBI more than 1,230 cases.

More and more, these cases and others are going to court, and perpetrators are getting meaningful sentences.

Consider these cases from just the last month or so:

  • Patrick McKenna of Hampton, N.H., got six months and has to pay $13,600 in restitution for breaking into the network of his former employer, Bricsnet, a software services firm for the construction industry. According to the Boston Globe, on the day he was let go from the Bricsnet, he twice broke into its network, deleted about 675 files, modified user access rights, and sent bogus emails to company clients saying the company's "project center" would be temporarily closed or shut down. When he gets out of the slammer, he'll be subject to two years of supervision.

  • On June 20 a federal grand jury indicted two Russian hackers on a slew of federal charges, from breaking into computer systems to stealing credit card information and attempted extortion. The indictment alleges the pair broke into computer systems at a number of U.S.-based banks and e-commerce companies and threatened to keep doing it until they were hired as security consultants. The FBI set up a bogus company that agreed to take them up on the offer. The pair was arrested in Seattle after coming into town for a "job interview." I just love that story. Can't wait for the movie.

  • Raphael Gray, the hacker who used Bill Gates' credit card to send him a bunch of Viagra, was sentenced by a Welsh court to three years of community rehabilitation with psychiatric care. (I probably should be more sensitive, but all I can picture is Jack Nicholson as Randall P. McMurphy in "One Flew Over the Cuckoo's Nest.")

  • The 20-year-old Dutch man who admitted he created the Anna Kournikova virus will be prosecuted, and is likely to get a 6-month prison sentence.

These kinds of prosecutions raise two issues. One, it should be clear that companies have far more to gain than to lose by working with law enforcement should they be a victim of cyber crime. Law enforcement is getting better at finding and prosecuting perpetrators, but the process works far better if victims cooperate.

There have been a lot of misconceptions about what happens when law enforcement is called in to investigate a computer crime. Companies are afraid their names will be plastered all over the papers, their computers confiscated as forensic evidence, and their business interrupted.

Not so, says David Green, principal deputy chief of the U.S. Department of Justice's Computer Crime and Intellectual Property Section (CCIPS), which is charged with coordinating law enforcement's computer crime efforts nationally.

"Sometimes we go seize computers, but it's not from the victims, it's from the perpetrators," Green told an audience at the E-Security Conference and Expo in Boston earlier this year. And, typically, investigations only hit the press when they bear fruit, at which point the company in question comes out looking pretty smart.

Newsweek had a good piece about how the online payment company PayPal is helping provide forensic evidence in the Russian hacker case noted above.

And Michael Bloomberg certainly looked smart last summer, when he helped the NIPC and FBI nab two hackers from Kazakhstan who were trying to extort $200,000 from him in exchange for information on how they had broken into Bloomberg LP's network. The pair was arrested in London and the U.S. has requested their extradition.

While in that kind of case it's clear that a crime is being committed, in many others it is less obvious -- or at least that's what hackers claim. That leads to the second issue: education on ethical computing.

The pinhead who unleashed the Anna Kournikova worm, for instance, claims he didn't mean to cause such damage, didn't realize what he'd done, blah, blah, blah. (He also posted a note on his Web site saying anyone who got hit with the virus deserved it, the implication being that they didn't take basic precautions. He's got a point there, but still deserves a dope slap for saying it, just on general principles.)

Whether you believe him or not, there does seem to be a disconnect between the physical and cyber worlds in terms of telling right from wrong. A kid who would never think of robbing his local convenience store thinks nothing of hacking into a corporate computer for the sheer challenge of it. Perhaps he has no idea of the damage he can cost in terms of time and money -- even if he doesn't disturb anything.

And therein lies the problem. The kid should understand what he's done is a crime, that it means somebody on the other end is going to have to spend valuable time trying to figure out how he got in and what he did.

In his talk in Boston, the DOJ's Green encouraged IT people to get into schools and help educate kids about socially responsible computing. He also encouraged companies to create an incident response strategy that includes contacting law enforcement, and to meet with these folks in advance so you're not calling them for the first time when you're in a panic. Good ideas, both.

If you want to get started, here are links to a few law enforcement resources:

Paul Desmond is editor of ecomSecurity.com, a source of practical security information for IT managers, CIOs, and business executives.

1





IT Offers






Partners
Partner With Us














More IT Management
CIO Update
Datamation
eSecurity Planet
ITSMWatch
Intranet Journal
IT Career Planet
Project Manager Planet
Semantic Web
Datamation Definitions






 


The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Intel Whitepaper: 2010 Intel Core vPro Processors Overview
Article: Adobe Helps PHP Developers Create Rich Internet Applications
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
Microsoft Whitepaper: Improve Communications and Collaboration
 Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

IBM Cloud Computing for Developers Virtual Event, April 6-8
Micro Focus Webcast: Boosting the Impact and Effectiveness of Software Development QA and Testing
Microsoft Webcast: Simplified Access and Single Sign-On
Intel Video: 2010 Intel Core Processor Technologies
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Adobe Download: Tour de Flex Application and Explore Flex
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
 Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Free Adobe Online Flex Training: Check Out this Video Training Course Here
Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES