[ISN] Crime online

From: InfoSec News (alerts@private)
Date: Mon Jul 24 2006 - 00:33:10 PDT


http://www.tulsaworld.com/BusinessStory.asp?ID=060723_Bu_E1_Crime3066

By JOHN DOBBERSTEIN 
World Staff Writer
7/23/2006 

State businesses, law enforcement officials and other groups are
trying to stop hackers and cyber terrorists.

In a small, dimly lit computer lab at the Mid-Continent Tower, Gavin
Manes and his examiners look for signs of greed and crime.

It doesn't involve fancy lasers, ultraviolet lights or brushes.  
They're looking for digital fingerpints -- hidden computer data that
might reveal a misdeed that cost a business thousands or millions of
dollars.

"We frisk that computer and we find everything. What are your
employees doing, not necessarily to steal something from you, that may
still cost you money eventually?" said Manes, president and founder of
Digitical Forensics Professionals Inc. in Tulsa.

Oklahoma businesses are working closer than ever with authorities and
private firms to thwart hackers, data thieves, malicious code
spreaders and cyber terrorists.

Oklahoma has some obvious targets: The state's aerospace industry,
with more than 40,000 jobs, has close ties with the military.  
Oklahoma's oil and gas industry has been rejuvenated, and community
leaders are pushing development of high-tech firms.

Incidents do happen. In 2003, the Tulsa World reported that Tulsa
police got word from the FBI, via an informant, that hackers might be
scanning wireless networks of local financial institutions, looking
for system weaknesses.

Authorities cited a Web site listing banks and large retail businesses
that did not encrypt their wireless data.

Oklahoma is also a part of the national picture.

Organized crime figures from the former Soviet Union are threatening a
variety of businesses in the United States, especially the control and
accounting systems of the energy sector, said Sujeet Shenoi, a
University of Tulsa computer science professor and national expert on
cyber security.

Terrorists have also discussed using computers to steal money from
businesses to fund their operations, he said.

The number of system intrusion investigations handled by Oklahoma
City's FBI bureau has doubled in the past year, said James Adams, FBI
supervisory agent in Oklahoma City and leader of the state's cyber
crime prevention efforts. He declined to release specific numbers
about intrusions.

Additional agents and analysts were deployed in several cities --
including Oklahoma City -- to assist in investigations of intellectual
property crime, the FBI said in June.

Federal agents have also been holding monthly cyber-awareness
presentations for businesses and industries in Oklahoma, Adams said.

"The threat is out there, every day," Adams said in an interview. "The
vulnerabilities to systems, from hardware to software, are known to
the bad guys. There's proprietary, personal and financial information,
and those are the things they want to obtain and exploit.

"It takes everyday vigilance to protect those systems."

Nationally, cyber crime is a sensitive, under-reported problem for
businesses, according to a Computer Security Institute/FBI survey in
2005.

Virus attacks continued to be the greatest source of financial losses,
totaling $42 million in 2005. But unauthorized access to systems
showed a dramatic increase last year, when such access and theft of
proprietary information cost $30 million in losses.

Utility, transportation and telecommunications companies spend the
most, per employee, for computer security. Eighty-seven percent of the
organizations surveyed -- including governments and private businesses
-- conducted security audits in 2005, up 5 percent. But only a quarter
of those responding said they have cyber insurance.

The survey warned that passwords, biometrics, anti-virus software and
intrusion detection systems "cannot totally reduce an organization's
risk of computer security breaches" and the associated financial
losses.

One good sign, the survey said, is that financial losses declined
dramatically in 2005, to $130 million among 639 organizations willing
to esimate losses. That's down from $141 million in 2004 among 269
organizations.

In Oklahoma, the number of Internet crime complaints in Oklahoma
spiked to 1,862 in 2005, up from 643 complaints in 2004, according to
a database compiled by the Internet Crime Complaint Center.

Seventy-five percent of the complaints involved auction fraud or
nondelivery of merchandise or payment.

The database is a cooperative effort between the FBI and National
White Collar Crime Center.

Tony Whitledge, former director of the IRS Electronic Crimes Unit,
said the corporate focus on securing data is an evolution, and
sometimes a business "has to get beat up pretty bad" for executives to
pay attention.

"You take a large corporation that's aware of threats, or taken a hit,
and they will have security staff and do a pretty good job of securing
their network and resources. But take a very small business that hires
someone to put a network together, and they may not be security-aware
at all," said Whitledge, who now runs his own computer forensics firm
in Washington, D.C.

In the future, Adams said, the FBI wants to work closer with some 200
Oklahoma companies that handle government contracts.

"We want to stand next to a company that becomes victimized through a
computer intrusion," he said. "We want to locate the bad guy, and we
want to go after them.

"The efforts made by us here in Oklahoma are, hopefully, changing
things to where industry and governments feel more comfortable
contacting law enforcement."

In cyber space, the major line of defense for Oklahoma businesses is
Oklahoma InfraGard , a nonprofit partnership between the FBI and the
private sector.

Any attacks or intrusions on corporations in Oklahoma are reported to
InfraGard. The chore of extracting information from computers can be
referred to private forensics firms, or to one of the FBI's Regional
Computer Forensic Laboratories across the United States.

The labs closest to Oklahoma are in Kansas City and Dallas.

Founded in 2002, Oklahoma InfraGard has more than 400 members, the
fourth-largest chapter in the nation, Adams said. The memberships
include public and private businesses, colleges and universities, tech
companies, public utilities, police and other organizations. There are
InfraGard chapters in all 50 states.

InfraGard is an outgrowth of partnerships, the most important change
in the FBI since the terrorist attacks of 2001, FBI Director Robert
Mueller has said. Until 2003, "cyber investigations were conducted on
an ad-hoc basis."

Originally, Oklahoma InfraGard was formed so members could share vital
information intended to protect critical infrastructure, including
gas, oil, electrical, water, financial, transportation,
telecommuncation and emergency-service facilities.

Today, the group also spends time discussing, in private, security
problems facing their businesses.

Dan Biby, an InfraGard board member, said businesses are taking more
precautions.

"Firewalls, secure networks, security policies and education of
employees are all helping us thwart attacks," said Biby, who is also
president and founder of Brookside Group, a firm that helps businesses
prepare and respond to disasters.

"There's continual, 24/7, 365-day-a-year activity that must be in
place to maintain that security. And budgets are tight," he said.

David Daniels, an InfraGard board member and co-owner of a Bixby-based
Web hosting company, Internetworks, thinks businesses are taking more
initiative to protect themselves. Firewall and anti-spyware products
are going in the shopping cart with new computers.

"Two or three years ago, I heard a lot of individual clients who said
they don't care if someone else sees their stuff," Daniels said. "That
turned around two years ago, when worms took over other people's
computers and were sending out spam."

Digitical Forensics Professionals, founded in 2004, works closely with
banks, oil and gas companies and other sectors, along with local
police departments and the Oklahoma State Bureau of Investigaiton.

According to Manes, insiders with too much access to data are the
biggest liability to Oklahoma businesses. IT staff should be closely
monitored, Manes said, since they "have the keys to your kingdom.  
You've got to lock down the perimeter and look at who's getting
access."

Another mistake, Manes said, is that businesses don't enforce their
computer use policies. For example, employees who e-mail themselves
work files and information to Hotmail or Yahoo accounts at home are
taking their work outside corporate protection, he said.

Managers should also tailor their computer-use policies to the needs
of their business.

"There's a right fit for your company. And it doesn't come from going
to a Web site and downloading someone else's computer use policy in
your industry and saying, 'Bam, now I've got a policy,' " Manes said.

Cyber terrorism is another major concern for businesses.

In theory, anyone with knowledge and a satellite phone could cause
power and phone outages, adversely impact refinery operations, fire
missiles from a Navy ship or shut down FAA systems -- affecting not
just four planes, but 400 or even 4,000 at a time, Oklahoma's Joint
Homeland Security Task Force has said.

The TU Cyber Corps program has been training what it calls "elite
squadrons" of computer security experts to be the country's first line
of defense against global cyber threats. The program has received
millions of dollars in federal grants.

The Center for Information Security, which provides institutional
research, education and outreach efforts in information assurance and
forensics, is also located at the university and is the lead agency
for Cyber Corps.

TU's Shenoi said there's still a lot of room for improvement.

"If you protect the hardware and software, but not data and people,
you'll still have a problem," he said.

Copyright © 2006 , World Publishing Co



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jul 24 2006 - 00:42:52 PDT