The extent of rising concerns about protecting valuable corporate data from computer hackers was underlined yesterday when 160 companies attended an Internet security conference in Dublin.
The keynote address, delivered by a reformed hacker, disclosed several ways in which confidential data can be very simply accessed, manipulated and stolen. Mr Robert Schifreen said the average British company with more than 1,000 employees will be hacked once every four months, at a cost of around £7,000 to rectify. These figures are often underestimated owing to the reluctance of companies to admit their systems are vulnerable.
Using any Internet-connected PC, hackers can arrive at the "front door" of most companies' corporate information by way of the remote log-in service, Telnet. By keying in `telnet companyname.com' (or whatever the relevant Internet address is) the hacker may be prompted to proceed, unless they receive a deterrent message from the company's protective firewall. One multinational chemicals company has admitted to receiving speculative Telnet approaches about six times a day.
In 1984 Mr Schifreen employed a similar method to hack into British Telecom's dial-up information service, Prestel, and gain high-level access. Here he found the password of the Duke of Edinburgh, Prince Philip, and viewed his personal files, including email. After reporting this to the media, Mr Schifreen was arrested and charged with forging the password. At the time there was no legislation against hacking in place in Britain and three years - and an appeal to the House of Lords later - Mr Schifreen was acquitted on the basis what he had done was legal. This led to the introduction of the Computer Misuse Act, 1990, in Britain.
Hackers, who tend to be amateurs, will often tamper with text on company websites - take the recent example of the CIA which was described as the Central Stupidity Agency on its homepage. However the real problems arise when the damage is malicious. For example, charges could be changed in an online price list, undermining the competitive advantage of the business which is completely unaware of the alteration.
Surprisingly, between 60 and 70 per cent of computer misuse is estimated to be conducted by employees within a company. According to Mr Schifreen, who was addressing the conference organised by Inflo, a network security distribution company, such occurrences can be avoided by remaining permanently vigilant. "You have to become paranoid, that's what IT security is about. It is crucial to look for threats everywhere; they don't call me rent-a-crack for nothing." He recommends IT managers invest in quality intrusion detection software and employ checks to ensure the integrity of email messages. Simple protective measures include ensuring remote dial-in laptops do not store valuable company database information.
