These are amusing articles with good guys, bad guys and a touch of
technology (watch out Tom Clancy), but mostly they serve to be a wake-up
call to corporate America about the complacency with which they have
regarded computer security. 24% of corporations have no procedures for
safeguarding proprietary data. (p. 60) Last March more than 40% of the
more than 400 companies surveyed reported; 30% of these were accomplished
despite a firewall. (p.58-59) The FBI estimates that 95% of computer
attacks go undetected.(p.59) (Of course, there is a mind-boggling
mathmetical inequality of trying to match up how 95% of the attackees are
in the dark, yet 40% of the other survey are reporting break-ins. Ah,
statistics.)
These break-ins are creating havoc, both by netting cold cash (Russian
hackers hit Citibank in 1994 for $10 million via illegal transfers)
(p.64), but also in losing corporate secrets, intellectual property and "A
new concept - downstream liability- is emerging in computer law. Say a
hacker exploiting XYZ's lax security invades its network and uses it as a
springboard to disrupt computer operations at other companies. If the
other companies' damages are substantial, they might seek to hold XYZ
liable." (p.60-61)
On the heroes and villians end of things the articles include a profile of
hackers who hack for good, truth and justice - all guys, all military or
NSA. The recommended book is "Secrets of a Super Hacker."(p. 66) Perhaps
we should add a week or so to the course and practice some of these
techniques. Might make us eminently employable.
If anyone's interested, I can get the articles in the PAM box on
Tuesday...
Serena Fenton
fents@ils.unc.edu