Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

UK law lets hackers get away with it

From: InfoSec News <isn () c4i org>
Date: Wed, 7 Nov 2001 03:27:21 -0600 (CST)
http://www.computing.vnunet.com/News/1126671

By Andy McCue 
06-11-2001

Companies are failing to track down and prosecute hackers because they
find it too expensive and difficult to investigate attacks. Security
experts claim that UK firms are prepared to write off losses of up to
50,000 because of the difficulty getting a conviction.

"Primarily it depends on whether the damage suffered is equal to or
less than the value of an investigation," said Nigel Layton, chief
executive of UK security consultant Quest.

"And in the UK, most companies do not think it is worth pursuing for
less than 50,000, although if there is harm to the company's
reputation they may choose to pursue it more vigorously."

According to Layton, there are simple things that users can do to help
preserve evidence in case of a breach, but justifying the cost before
an incident is difficult.

"Maintaining log files so they can be used for investigative purposes
is useful but hard to justify before the act," he added.

Layton said the government's controversial National Hi-Tech Crime Unit
has worked with his company on a couple of investigations involving
his clients, though none have yet gone to court.

Quest has this week launched a service in the UK in conjunction with
US-based Internet Crimes Group (ICG) to help companies tackle
cyber-criminals.

Cameron Craig, ex-FBI white collar crime specialist and president of
ICG, claims the high levels of redundancies across the hi-tech sector
are likely to lead to an "explosion" of cyber-crime, as disgruntled
ex-employees use knowledge of corporate networks for criminal
activity.

The service combines bespoke software with what it calls "traditional
sleuthing techniques", and ICG claims a 66 per cent success rate in
the US.

Earlier this year a survey by KPMG of 1250 chief executives and chief
information officers in large public and private companies found 83
per cent of those that suffered security attacks did not pursue legal
action.

This was put down to weak legislation, a lack of evidence, and some
cases being settled out of court.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: