[ISN] Accounting firms fight cybercrime (fwd)

From: cult hero (jerichoat_private)
Date: Thu Jun 10 1999 - 04:01:54 PDT

Forwarded From: William Knowles <erehwonat_private>

Accounting firms fight cybercrime
By Dan Goodin
Staff Writer, CNET News.com
June 7, 1999, 4 a.m. PT
URL: http://www.news.com/News/Item/0,4,37419,00.html
The dramatic growth in computer-perpetrated crime has not been lost on big
accounting firms, which smell a growing profit center in helping clients
protect themselves against online trespassers. 
In the past six months, both Deloitte & Touche and PriceWaterhouse Coopers
have formed new cyber-"fraud squads" to investigate crimes and evaluate
security systems. The other big accounting firms, as well as IBM and
smaller private investigation outfits, are also jumping into the game.

"We think there are significant unmet needs," said Bill Boni, director of
Price Waterhouse's cybercrime investigations group, which was created
earlier this year. "It's certainly going to be an area of interest for all
the large accounting firms."

The reason for the interest is simple: Incidents of fraud and other crime
perpetrated online are on the rise. Putting a number on the increase is
difficult, since many incidents go unreported. One of the most useful
measuring sticks, however, comes from annual reports released by the
Computer Security Institute, which surveys 521 security practitioners from
corporations, banks, government agencies, and universities.

Last year, 32 percent said they reported serious incidents to law
enforcement agencies, nearly twice the number as three years ago.
Meanwhile, 55 percent said that company insiders gained unauthorized
access to computer networks, and 30 percent reported intrusions by
outsiders. The San Francisco-based group estimates that computer security
breaches cost the respondents more than $123 million last year, and
worldwide may cost businesses tens of billions of dollars, according to
Richard Power, the organization's editorial director.

"With the rise of the Internet and the transaction of e-commerce,
corporations and government agencies are far more open to attack then ever
before," Power told CNET News.com in an interview. "There are all kinds of
new ways to make money through computer crime."

That's where accounting firms come in. For a host of reasons, companies
whose online security has been breached frequently prefer to take their
problems to private investigators rather than law enforcement agencies.

"Some [law enforcement agencies] have taken aggressive stances, but even
in Silicon Valley you will find that most of the senior officials in
police departments are not that sensitive to high-tech matters," said John
O'Laughlin, director of worldwide security at Sun Microsystems. "Most of
them are not up to speed in dealing with high-tech issues."

Companies are also hesitant to go to authorities out of fear the matter
will generate negative press. "Some of these companies don't want to admit
that they've been compromised," said assistant U.S. attorney Chris
Painter, who investigates high-tech crime. A benefit of taking a crime to
private investigators is that companies can learn all the facts before
deciding whether to take the matter to court.

"They keep control of their information," said George Vinson, former head
of the FBI's computer intrusion team in San Francisco and now practice
leader for Deloitte & Touche's fraud and forensics team. "So many times
[companies] are interested in settling something civilly rather than
seeing it splashed on the A-1 page" of the local newspaper.

The bulk of Vinson's work so far has been investigating claims of
copyright infringement. Typically, that means comparing the source code of
a client's software against that of a suspected infringing copy. Vinson
also investigates people suspected of using the Internet to manipulate a
company's stock price and tracks employees who misappropriate a company's
trade secrets. The accounting firms also assess clients' security systems
to make sure they are not vulnerable to attacks.

The work is similar to what Vinson did while at the FBI. In 1996 his group
brought down more than 20 Internet users in 10 states who used chat groups
to trade software titles made by companies such as Adobe and Microsoft.
And with more and more companies transacting business online, the demand
for computer forensics services is only expected to continue, said Sun's

"I don't think there's any question the e-commerce is here to stay,"  he
said. "You're going to see that it's pretty vulnerable to fraud and abuse
and [companies] want to get ahead of the curve."

Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: OSAll [www.aviary-mag.com]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:33 PDT