http://www.indystar.com/articles/7/195545-9937-223.html By Norm Heikens norm.heikens @ indystar.com November 18, 2004 Computer security isn't improving fast enough to prevent hackers from causing ever more mayhem -- or ultimately ward off the likely rise of organized cybercrime, a Purdue University expert said at an IUPUI-sponsored conference Wednesday. Computer professor Marc Rogers, speaking to about 110 participants -- most of whom are involved in corporate or government information technology -- warned that many companies doubt they'll be targeted by people wanting to steal information or damage their systems. But the individuals now tormenting systems personnel will seem like Boy Scouts compared to the expected increase in organized cybercrime, Rogers predicted. "If we don't have our house in order before that happens, we're in for a world of hurt," said Rogers, who worked more than a decade in law enforcement before joining Purdue. "The criminals realize we're moving much too slow." Monday was a landmark for information-technology workers. It was the effective date for a provision in the federal Sarbanes-Oxley Act of 2002 requiring corporations to make their information secure. But few are in compliance, Rogers said at the forum at Indianapolis University-Purdue University Indianapolis. Assistant U.S. Attorney Steve DeBrota also advised companies to erect thick firewalls. Among the biggest problems are the highly sophisticated hackers in Eurasia -- sometimes former Soviet Union intelligence employees -- who have taken up identity theft, DeBrota said. They're hard to catch because they sell the information to lower-level criminals. But the problem can just as easily be an employee who steals sensitive information. He warned companies to beware of employees who set up outside e-mail accounts that can be used to send information out of the company. Other times, hackers steal information and extort a company by threatening to divulge it publicly. Few companies report such crimes, said both DeBrota and Rogers. Purdue's Rogers said one of the largest holes in cybersecurity is high-speed Internet lines, particularly those hooked to homes. Companies work hard to secure their own systems, then open themselves to trouble when employees log in from homes, where their computers may be infected with viruses. Malfeasance is growing as the world wires itself together. "Everybody is potentially our neighbor now," Rogers said. Hoosiers who think cyber-attacks happen elsewhere should think again. Quoting common attitudes, Rogers said, "We're little Indiana. Why would anyone want to hack into our system?" Participant Jack Osborne said the speakers confirmed what he hears and reads elsewhere. Osborne, a computer technician at the Indianapolis electrical control maker Transportation Safety Technologies, said co-workers "get tired of hearing me say, 'This is going to happen.' " "I'm amazed the terrorists haven't entered it yet," he said. Osborne thinks his company is fairly well-protected. Yet, he added, "It's like your car. If someone wants in badly enough, they will" get in. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Thu Nov 18 2004 - 06:12:37 PST