[ISN] Most computer hacking an 'inside job'

From: InfoSec News (isn@private)
Date: Tue Apr 26 2005 - 22:24:02 PDT


http://www.vnunet.com/news/1162718

Iain Thomson 
InfoSec in London
vnunet.com 
26 Apr 2005

The vast majority of computer hacking is done by current and former
employees, according to the Metropolitan Police.

In a panel session at this year's InfoSecurity Europe conference,
Detective Inspector Chris Simpson of the Metropolitan Police Computer
Crime Unit told delegates that one of the first steps in any
investigation is to check employee details.

"In the vast majority of cases we investigate the culprits are current
or former employees," he said.

"They are not hacking into systems using flaws in software. Instead
they are using flaws in the security procedures of the company to
carry out their attack."

Simpson added that electronic crime is definitely on the rise and
outlined the main threat vectors.

Online organised crime is originating predominantly from eastern
Europe, while the biggest spammers are found in the US, China and
Germany. Script kiddies are predominantly from the US, Canada or
Britain and their numbers are on the rise thanks to the popularity of
virus creation kits.

Meanwhile the Crown Prosecution Service (CPS) is gearing up for more
computer crime.

"We have come to the conclusion that computer crime is here to stay,"  
said Ester George, policy advisor to the CPS.

"Computers now touch almost every case, hacking or otherwise. The
convergence of phones and PDAs is increasing this."

George cited two non-hacking events where computers were crucial to
the case. In one a man went berserk and attacked passers by, claiming
diminished responsibility. But his internet logs showed that he'd been
researching his likely sentence online before carrying out the
attacks.

In the other case a child was brought into hospital and died of
pneumonia. The parent was charged after internet logs showed that
sites had been visited that identified factors in catching the
infection.

To prepare for this, the CPS has set up a training scheme which
teaches barristers how to handle high-tech cases. To date 110
prosecutors have attended the course.



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Apr 27 2005 - 22:03:15 PDT