Network nuisance Featured

5:57am EDT June 30, 2003
The motives of computer network hackers are varied, but in any case, they can wreak havoc on your business operations.

Chris Deibler, senior security consultant with Vigilant Minds, a network security consultant, says the motives of hackers can range from financial gain or efforts to gain access to additional computing resources to revenge by a customer or former or current employee. Or, it might be the simple challenge of overcoming a network's security measures.

Special Agent Tom Grasso of the FBI's Pittsburgh field office says 70 percent of intrusions come through the Internet, while 30 percent come through an internal system.

Regardless of the motivations of a hacker, invasions can be costly. According to Grasso, 85 percent of respondents to a recent FBI survey reported some security breach of their computer networks in the previous year. Nearly two-thirds -- 64 percent -- lost money as a result of hackers breaking into their networks.

Surprisingly, only a minority of businesses that experience a hacking incident report it to law enforcement. According to Grasso, just 35 percent of those who experience a hacker attack on their network report it. And businesses, for the most part, aren't compelled to report hacking incidents unless there is an imminent threat to an individual or property, says Jim Singer, a lawyer with Pepper Hamilton in Pittsburgh.

Grasso says most don't report hacking incidents because they fear the investigation will disrupt their business, or that if the case reaches the courts, the company might be exposed to unfavorable publicity. They fear that servers or hard drives will be confiscated as evidence, says Grasso, but adds that the FBI will do everything it can to allow a business to function as normally as possible.

"If you're a victim of hacking, we'll work with you to make it as painless as possible," says Grasso.

Damon Hacker, a computer forensics expert with SS&G Technology Inc., says businesses victimized by hackers make several common mistakes. Often, they fail to involve experts in the process of prevention and in recovery of information after a hacking incident, and they don't move quickly enough after an incident and thus lose critical information.

Says Hacker: "A lot of this information goes away quickly." How to reach: Vigilant Minds, www.vigilantminds.com