Computer Crime Research Center


Internet ushers in cyber crime age

Date: May 26, 2004
Source: ABC Online
By: Peter McCutcheon

KERRY O'BRIEN: For all its benefits, the arrival of the Internet has also ushered in the dark age of cyber crime.

Chief executives of some of America's largest corporations last week expressed their frustration with the technology industry for selling software vulnerable to hackers and fraudsters.

And today, an Australian-wide survey of 240 of our biggest public and private institutions has revealed a crime wave that's already cost them well into the millions.

Despite increased efforts to secure its systems, the number of effective electronic attacks on Australian business is on the rise.

Peter McCutcheon reports.

ALASTAIR MacGIBBON, AUSTRALIAN HIGH TECH CRIME CENTRE: It's a bit like an arms race in many respects, who can be on top of the issue?

GRAHAM INGRAM, AUSCERT: The problem is at the same time that we're making advances, we seem to be losing the battle.

PETER McCUTCHEON: Australian business and consumers are becoming increasingly addicted to the Internet.

But this growing dependency has its drawbacks, with a new report revealing the Internet is growing faster than our ability to protect it.

GRAHAM INGRAM: The Internet was never designed to be secure.

The Internet was a research tool developed by academics for academic research.

People have been plugging in commercial aspects to this and then bolting on security at the end.

PETER McCUTCHEON: Graham Ingram runs the Australian Computer Emergency Response Team, or AusCert, an independent computer security body based at the University of Queensland.

For the third consecutive year, AusCert has assisted federal and state police forces in attempting a national stocktake of cyber crime.

The results this year suggest a worrying trend is developing, with a marked increase in the number of effective electronic attacks and the cost this is having on business, up an average of 20 per cent.

GRAHAM INGRAM: Viruses, trojans, a whole range of things are now assaulting corporate Australia in ways that we've never seen before and the survey brings that out.

PETER McCUTCHEON: So why is this happening?

Well, quite simply the Internet's expansion over the past decade has given priority to functionality over security, and criminals are now taking up the opportunities presented.

ALASTAIR MacGIBBON: We would expect criminals to exploit every avenue that they can and by the fact that they continue to exploit those avenues means they're obviously getting what they want.

PETER McCUTCHEON: The vulnerability of the Internet has been exposed particularly in the past six months, with the emergence of more sophisticated scams, known as phishing.

Unlike other cyber threats, they undermine a business by targeting their online customers.

GRAHAM INGRAM: So we now have a new aspect to deal with that we hadn't had before, which is the consumer.

PETER McCUTCHEON: In this recent spam email users are urged to click on a site to find out about a cyclone warning, little knowing that this will download a so-called trojan or spyware - a secret program AusCert suspects is designed to monitor Internet browsing to find out passwords for online banking.

GRAHAM INGRAM: The mums and dads out their are highly vulnerable and that's not going to change in the near future.

PETER McCUTCHEON: So after years of being urged to go online, consumers are now being warned, to be careful.

ALASTAIR MacGIBBON: We need to reach out to the public through fora such as this to educate them to have anti-virus software, to have firewalls, to have anti-spam software, to update that software on a regular basis.

PETER McCUTCHEON: But is this expecting too much of the consumer?

PROFESSOR BILL CAELLI, QUEENSLAND UNIVERSITY OF TECHNOLOGY: The problems that come in are simply outside the end users control.

PETER McCUTCHEON: Software and communications expert Professor Bill Caelli says consumers are being unfairly blamed.

The true culprit, he says, is our operating systems.

PC's originally were never designed for banking, government transactions and online health.

PROFESSOR BILL CAELLI: It's like saying, let's use a Holden as a tank, because we've got plenty of Holdens.

All we have to do is simply stick a gun on top of a Holden and call it a tank.

Well, I'm sorry, we can't do that with a PC.

You can't just simply say we'll make a PC into a secure transaction system.

PETER McCUTCHEON: Professor Caelli believes a short-term solution could involve adding the pin pad we use for EFTPOS transactions to our home PCs.

PROFESSOR BILL CAELLI: Two things happen with a pin pad.

The pin goes in correctly and you're agreeing to what's on the screen and this is a high-trust element.

PETER McCUTCHEON: Another problem identified by AusCert is the plethora of new software that is potentially vulnerable to hackers.

And businesses often don't have the time or resources to install protective patches.

GRAHAM INGRAM: Certainly the vulnerability is in the software, the numbers and the frequency and the significance are increasing.

PETER McCUTCHEON: Eventually, Professor Caelli argues, governments may be have to legislate to force software developers to introduce minimum security standards.

PROFESSOR BILL CAELLI: Left to the private sector, nothing will happen.

Very simple.

How many car companies voluntarily put seat belts into their cars when they weren't required?

PETER McCUTCHEON: The Federal Government says information technology is changing too rapidly to make regulation effective.

But, in the recent budget, it allocated $50 million over the next four years for new initiatives for protecting critical IT infrastructure.

IT security and public confidence in the Internet is understandably an issue of enormous sensitivity.

And the High Tech Crime Centre says although there are concerning aspects to this survey, the benefits of new technology should not be overlooked.

ALASTAIR MacGIBBON: We're looking at a very high take up rate in this country of technology and that's a very good thing and I think we need to keep all of this in perspective.

PETER McCUTCHEON: Do you think we could get to the situation where the cost of securing particular an Internet-based system outweighs any benefits you get from doing business online?

GRAHAM INGRAM: I would agree with that.

The only problem is that we're hooked.

There's no turning back even if we wanted to.

So that, perhaps, is the ultimate dilemma.

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-02 03:27:22 - Very nice blog. Milen
2004-05-29 00:04:35 - Very interesting, informative artice. I... Teri
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo