Many victims of hacks clam up

[William Knowles <wk () C4I ORG>]

http://www.usatoday.com/life/cyber/tech/cti839.htm

By Greg Farrell
USA TODAY
11/27/00- Updated 08:35 AM ET

Across Corporate America, the hacker attack is the crime that no one
wants to talk about. According to the FBI and security consultants,
only a few of the many companies that suffer Internet-related security
breaches or whose databases are compromised by hackers ever approach
law enforcement for help. As a result, awareness of Internet-related
crime is much lower than it should be, industry professionals warn.
''The World Trade Center bombing woke companies up to the issue of
physical security,'' says Ted Fraumann, an ex-FBI agent who works at
Stroz Associates. ''It's going to take another event like the World
Trade Center bombing to wake people up to the importance of Internet
security.''

FBI surveys on cyber crimes show that extortion is a growing problem.
''A significant number of victim companies do not report this to law
enforcement but go ahead and pay the extortion,'' says FBI spokesman
Joe Valiquette.

''As a business guy, I understand why companies don't like to admit
that they've been hacked into,'' says Bruce Schneier of Counterpane
Internet Security. ''But as a security guy, I wish people would go
public, because we all need to learn the dangers that are out there.''

The world knows that hackers got into Microsoft's system in October,
and that a virus brought several e-commerce sites to a halt last
winter. But those high-profile incidents are the tip of the iceberg.

''These incidents are so public that they have to get out,'' says
Emily Freeman of Marsh, an insurance company that offers coverage for
Internet-related damage. ''But there are probably thousands of
incidents that never get reported.''

The problem is that many corporate chieftains think of cyber crime as
less tangible and dangerous than crimes like burglary and
embezzlement.

''The kinds of activity taking place in the digital environment are
the same as those that have been taking place since people existed,''
says Cal Slemp, director of global trust at IBM. ''All we've done is
move from a face-to-face environment to a digital one.''

In addition to defacing a company's Web site, cyber crooks have the
ability to pilfer a company's crown jewels, such as its customer list
or its customers' credit card numbers. Such attacks not only cost
money but can damage a firm's credibility.

''The more network-reliant your business is, the more this should be
on your radar screen,'' says Alan Brown of Chubb, another firm that
offers ''e-risk'' insurance solutions.

The lack of knowledge about the dangers of Internet-related crime is a
double-edged sword. Some companies are ignorant of their exposure,
while others fear the unknown. ''The fear of cyber crimes is a major
inhibitor to firms going into e-commerce,'' says IBM's Slemp.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".