Don’t Forget the Hackers… January 23, 2008

A few years ago there were a lot of executives talking about network security. Now, most of them had no idea how to get it, but they were concerned because they were reading lots of stories of break ins and data loss. Unless my ears are letting me down, I don’t hear the same urgency anymore. I was reading the MIT technology newsletter the other day and I came across an article on hackers that were extorting money by shutting down a utility overseas. Click here for a copy of the article. I was intrigued for two reasons… The first is that I continue to read articles where hackers are successfully causing drama, and the second is that they attacked a utility. One of the big fears in the U.S. has been a terrorist attack on a large utility that would deprive millions of people from electricity or natural gas.

I guess the definition of terrorist might soon include hackers, or maybe the hackers are indeed already terrorists. I am sure many people think this could never happen to them. They walk around with rose colored glasses thinking that bad guys could never hold them hostage. Although I think we are getting better with data and network security all the time, the truth is that a clever and knowledgeable hacker can pretty easily penetrate any normal company. The reason they would get paid dearly for this work can be found in the recent settlement that TJ Maxx’s parent company is being forced to pay. Read this article from the main stream press in Tennessee. With a penalty this high, perhaps $40M, for losing customer data, it is easy to see why a criminal sort might think it worth while to steal a few million records and then sell them back.

I attended an FBI briefing on computer security one time and was VERY impressed with what the FBI had put in place to combat this kind of crime. They were professional and smart and strangely, I did not expect that of the government. After being impressed, I started listening to some of the statistics they were throwing around and was pretty intrigued to hear that they believe that hackers breaching companies and then getting paid was probably much more prevalent that they public knows. The reason is that to admit it publicly is embarrassing so management often finds that the extortion is a cheaper way out.

If I could draw a curve for you that showed the increasing sophistication of the security tools we have versus the ability of hackers to penetrate organizations, I would guess that security is slowly winning. The problem is there was a big gap to begin with so there is still lots of room for bad guys to exert their will. The dirty underbelly of the hacker world is filled with people that have control of huge botnets (squads of co-opted computers that do the hackers bidding.) It would be unwise for security to be too far from your radar. I always remember what I was taught in the early days of my learning about network security – the only safe computer is one disconnected from the net and buried six feet deep in concrete…

Note to reader – the picture of Bill Gates getting ready to be processed into the pokey is just my twisted humor when thinking about bad guys.

Scott

Share This Story, Choose Your Platform!

About the Author: Addison Price