http://www.nandotimes.com/technology/story/347520p-2853392c.html By D. IAN HOPPER, AP Technology Writer WASHINGTON (April 7, 2002 12:18 a.m. EST) - Most large corporations and government agencies have been attacked by computer hackers, but more often and more frequently they do not inform authorities of the breaches, an FBI survey finds. The survey released Sunday found about 90 percent of respondents detected computer security breaches in the past year but only 34 percent reported those attacks to authorities. Many respondents cited the fear of bad publicity about computer security. "There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement," said Patrice Rapalus, director of the Computer Security Institute, which conducted the survey with the FBI's San Francisco computer crime squad. The seventh annual survey polled 503 American corporations, government agencies, financial and medical institutions and universities. The names of the organizations polled were not released. Overall, there were more computer crimes than in last year's survey. But fewer victims reported crimes to police than in 2001, reversing a trend from earlier surveys. A former Justice Department computer crimes prosecutor said there is frequently little incentive for a company to report computer attacks or crimes. "It tends not to help their bottom line, but hurt their bottom line," Mark Rasch said. "What a company wants to do is solve the problem and move on." When those companies are financial institutions or other parts of the nation's critical technology infrastructure, however, more than the company's bottom line is at stake. The government is using partnership groups - such as the FBI's InfraGard chapters in each field office - to persuade companies to report the attacks directly to FBI agents without public disclosure. "They need to use a mechanism to report these incidents and vulnerabilities broadly so they can be fixed, but won't be attributable back to them," Rasch said. The survey respondents said they lost at least $455 million as a result of computer crime, compared with $377 million the previous year. In both surveys, only about half chose to quantify their losses. The most serious monetary losses came from the theft of money or proprietary information, such as blueprints for computer programs, and fraud, such as failure to deliver services or equipment that have been paid for. Despite concerns that foreign governments would begin using computer attacks as a method of terrorism or war, most attacks on American companies still come from individual hackers and disgruntled employees, the report said. The survey also addresses the increasing frequency of attacks on Internet retailers. There have been several reports of thefts of credit card data over the past year, including some instances in which the thief threatened to release sensitive data unless the victim paid a ransom. WorldCom, The New York Times and others have had holes exposed in their Web security, leading to unwanted intruders. Thirty-eight percent of the respondents said their Web sites have been broken into over the past year, and 21 percent said they were not sure. Eighteen percent reported some sort of theft of transaction information, such as credit card numbers or customer data, or financial fraud. Seventy percent of organizations reported online graffiti, usually the simplest and least damaging type of attack. A graffiti hacker replaces the Web site's front page with his or her own text and, sometimes, offensive pictures. Companies are also seeing problems from within. Seventy-eight percent said their employees abused Internet privileges, including downloading pornography or pirated software. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Apr 08 2002 - 03:02:20 PDT