Cyber crime is rife and on the increase, learns Steven Philippsohn, but who's to blame?
The Art of Deception
By Kevin Mitnick
John Wiley pounds 19.95
Hacking is the prime criminal activity of the 21st century. It is used by criminal organisations, terrorists, political activists and business competitors. Although there are occasional instances of hacking to demonstrate the vulnerability of operating systems, it is usually a means to intimidate, injure and damage society and business.
A CSI/FBI Computer Security Survey in 2002 reported that the most serious losses were caused by theft of information or financial fraud. On retail sites especially, hackers can access competitors' trade secrets as well as customers' data, which can be used to purchase goods. Indeed, credit card losses in the UK increased by 53% in the two years to August 2002 and now total about pounds 430 million.
As Kevin Mitnick points out in this book, his surveys show that most organisations have been victims of security breaches. Indeed, Mitnick, who has considerable experience in obtaining unauthorised access to computer systems (he served a prison term as a result), produces a comprehensive guide that graphically demonstrates the pivotal role humans play in devising and preventing a security attack on a commercial organisation.
He leaves no doubt that there is serious cause for concern over the simplicity of such attacks and how they expose the vulnerability of the most sophisticated security systems. Reading the book, one feels that even if all awareness training and detailed checklists are followed scrupulously, it will have little effect on the increase in hacker attacks, which, according to a DTI report in April 2002, have tripled in the past two years.
Mitnick's expertise lies in being able to explain in straightforward language how a sophisticated security system works and how simple it is to use technical and non-technical means to circumvent the system. Even though Mitnick recognises that hacking is used by the criminal and terrorist elements of our society, he does not give anything more than a partial solution to the growing cancer that has been caused by the lack of effective response to hacking.
One remedy is to deter the hacker by cutting off his financial supply and rendering the punishment effective - admittedly, this has its difficulties. Perhaps most importantly, though, action needs to be taken against those who have benefited from hacking, or those who have shut their mind to the hacker's activities and are, as a result, equally accountable.