Gardai investigating hacking incidents say the most difficult part of their job is getting businesses to report them. The Computer Crimes Investigation Unit (CCIU) has averaged three reports a year since 1991, says Detective Sergeant Paul Gillen.
Garda suspicions about under-reporting seem to be con- firmed by the KPMG Information Security Survey, 1998. Over 1,000 organisations in Ireland and Britain responded to questionnaires, and 409 stated they had experienced a security loss in the previous 12 months. Of these, only 54 per cent had a system of formal reporting of security incidents and of these, only 55 per cent had taken action against of- fenders.
The Garda is concerned businesses are not protecting their information properly. Companies should treat it as a physical asset and protect it in the same manner they would protect buildings and equipment, says Detective Sergeant John Finan of CCIU.
"Perhaps the problem is that businesses don't perceive it as a huge problem and unfortunately it may take a disaster until they recognise it as one," he says.
There have been no convictions for computer hacking in Ireland. "Tracing people can be very difficult. Anonymity on the Internet is fairly easy and unless incidents are reported while they're happening, they can be very difficult to trace," says Det Sgt Gillen.
The Criminal Damage Act of 1991 is the law used to prose- cute hackers. "It creates an of- fence of unauthorised access to a computer system, which is hacking, or damage to data, meaning adding or altering, corrupting, erasing or moving from one storage medium to an- other," he says. A planned new fraud bill may include additional computer-related crimes.
Computer hacking will continue to rise in Ireland, "until it becomes socially unacceptable to businesses and they realise it's not just a bunch of kids out to have a bit of fun. Even a kid out to have a good time can do a ferocious amount of damage," says Det Sgt Gillen. One recent incident cost an Irish company in the region of five figures.