[ISN] UK law lets hackers get away with it

From: InfoSec News (isnat_private)
Date: Wed Nov 07 2001 - 01:27:21 PST

  • Next message: InfoSec News: "[ISN] Microsoft, researchers tussle over security issues"

    http://www.computing.vnunet.com/News/1126671
    
    By Andy McCue 
    06-11-2001
    
    Companies are failing to track down and prosecute hackers because they
    find it too expensive and difficult to investigate attacks. Security
    experts claim that UK firms are prepared to write off losses of up to
    50,000 because of the difficulty getting a conviction.
    
    "Primarily it depends on whether the damage suffered is equal to or
    less than the value of an investigation," said Nigel Layton, chief
    executive of UK security consultant Quest.
    
    "And in the UK, most companies do not think it is worth pursuing for
    less than 50,000, although if there is harm to the company's
    reputation they may choose to pursue it more vigorously."
    
    According to Layton, there are simple things that users can do to help
    preserve evidence in case of a breach, but justifying the cost before
    an incident is difficult.
    
    "Maintaining log files so they can be used for investigative purposes
    is useful but hard to justify before the act," he added.
    
    Layton said the government's controversial National Hi-Tech Crime Unit
    has worked with his company on a couple of investigations involving
    his clients, though none have yet gone to court.
    
    Quest has this week launched a service in the UK in conjunction with
    US-based Internet Crimes Group (ICG) to help companies tackle
    cyber-criminals.
    
    Cameron Craig, ex-FBI white collar crime specialist and president of
    ICG, claims the high levels of redundancies across the hi-tech sector
    are likely to lead to an "explosion" of cyber-crime, as disgruntled
    ex-employees use knowledge of corporate networks for criminal
    activity.
    
    The service combines bespoke software with what it calls "traditional
    sleuthing techniques", and ICG claims a 66 per cent success rate in
    the US.
    
    Earlier this year a survey by KPMG of 1250 chief executives and chief
    information officers in large public and private companies found 83
    per cent of those that suffered security attacks did not pursue legal
    action.
    
    This was put down to weak legislation, a lack of evidence, and some
    cases being settled out of court.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Nov 07 2001 - 06:07:59 PST