Expert Lists Ways To Beat Cybercrime

Welcome Guest. | Log In| Register | Membership Benefits

March 29, 2001 (12:00 AM EST)

By Joy Russell,

A recent FBI survey reported that 70 percent of organizations had information security breaches within the past 12 months.

Only 25 percent of companies that had their systems attacked by hackers reported the incident to law enforcement.

Although overwhelmed by increasing numbers of cybercrime caseloads, David Green wants more people coming forward to report such incidents to law enforcement and believes the number of incidents will eventually decrease.

"Most people ignore it and think it's going to go away," said Green, principal deputy chief of the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice. "But calling law enforcement gives us a better scope of the problem and information to piece together the puzzle to find a suspect.

Green made his presentation entitled "Responding To Challenge of Computer Crime" here at the eSecurity Conference & Exposition.

A common reason why company executives do not report cybercrimes is because they feel shame in being a victim in cyberworld.

"It's this sense of blaming the victim instead of the hacker," Green explained. "It's like an incompetency that you were hacked, so the executive says to the security professional, 'I thought we hired you to avoid such intrusions?'"

No system is 100 percent safe from unwanted intrusions, according to security experts. Law enforcement officials in this area are better equipped to fight cybercrime today, but Green admits that his office cannot investigate every call regarding computer-related crime.

"Damages have to be at least $5,000 for it to be considered a crime, which includes the cost to see how bad your system has been hit," Green said.

FBI statistics show that in 1998, 547 computer intrusion cases were opened, with 399 having been closed. In 1999, 1,154 cases were opened with 912 closed.

Green noted that officials don't always seize the victim's computers but sometimes must, which is another reason why executives avoid reporting cybercrime.

"Trust me, we really don't want to," he said. "Most investigations require cooperation with the victim's system operator."

One way to prevent youngsters from becoming hackers is teaching ethics in computing and depopularizing the hacker life, Green said.

"These kids wouldn't dream of going next door and stealing the neighbor's mail, but they don't see the Internet as being the same kind of place," Green said. Prosecuting young hackers often results with slaps on the wrists, "but more and more people are going to jail."

Deterrence, along with consistent software upgrades, can also work in preventing hackers from going into a particular website, according to Green.

"Let hackers know you will take action if they attack your site," he said.

Several years ago, a young hacker broke into the telephone switch system controlling Worcester Airport in Massachusetts. He brought down the switch, which turned off the lights at the regional airport, Green said.

"Luckily, the airport was small and not very busy, so that no one realized it for a while," Green said. "But Bell Atlantic put out a press release basically saying, 'Don't mess with us.' You must resist being a community of fear and fearing what the hackers can do."

There's one vital thing to potentially find a suspected hacker after damage has been done to a company's system.

"Preserve your information by keeping logs," Green said. "If you don't, there's not a whole lot we can do for you."

There are 17 computer crime squads located in cities across the country. In every FBI office, there is an agent responsible for investigating computer crimes.

To report cybercrime, go to: www.cybercrime.gov or call the National Infrastructure Protection Hotline at (202) 323-3205.