[ISN] Most computer hacking an 'inside job'
isn at c4i.org
Wed Apr 27 01:24:02 EDT 2005
InfoSec in London
26 Apr 2005
The vast majority of computer hacking is done by current and former
employees, according to the Metropolitan Police.
In a panel session at this year's InfoSecurity Europe conference,
Detective Inspector Chris Simpson of the Metropolitan Police Computer
Crime Unit told delegates that one of the first steps in any
investigation is to check employee details.
"In the vast majority of cases we investigate the culprits are current
or former employees," he said.
"They are not hacking into systems using flaws in software. Instead
they are using flaws in the security procedures of the company to
carry out their attack."
Simpson added that electronic crime is definitely on the rise and
outlined the main threat vectors.
Online organised crime is originating predominantly from eastern
Europe, while the biggest spammers are found in the US, China and
Germany. Script kiddies are predominantly from the US, Canada or
Britain and their numbers are on the rise thanks to the popularity of
virus creation kits.
Meanwhile the Crown Prosecution Service (CPS) is gearing up for more
"We have come to the conclusion that computer crime is here to stay,"
said Ester George, policy advisor to the CPS.
"Computers now touch almost every case, hacking or otherwise. The
convergence of phones and PDAs is increasing this."
George cited two non-hacking events where computers were crucial to
the case. In one a man went berserk and attacked passers by, claiming
diminished responsibility. But his internet logs showed that he'd been
researching his likely sentence online before carrying out the
In the other case a child was brought into hospital and died of
pneumonia. The parent was charged after internet logs showed that
sites had been visited that identified factors in catching the
To prepare for this, the CPS has set up a training scheme which
teaches barristers how to handle high-tech cases. To date 110
prosecutors have attended the course.
More information about the ISN