Roanoke Times Copyright (c) 1995, Landmark Communications, Inc. DATE: WEDNESDAY, October 25, 1995 TAG: 9510250067 SECTION: BUSINESS PAGE: B-8 EDITION: METRO SOURCE: Associated Press DATELINE: DETROIT LENGTH: Long
``It's extraordinarily widespread,'' David Carter, a criminal justice professor at Michigan State University in East Lansing who conducted the survey, said Tuesday.
The mail survey of 500 security directors of major corporations was conducted from June through August. Of the 150 that responded, 148 - or 98.6 percent - said their companies had been victims of computer-related crimes. Of those, 43.3 percent said they had been victims at least 25 times.
Release of the study comes as more companies are exploiting cyberspace for commercial purposes. Businesses ranging from Hollywood studios to hardware stores are advertising on the World Wide Web portion of the Internet. Banks are devising ways for consumers to transact business on-line. Just Monday, an alliance of 13 companies announced a venture that would enable television broadcasters to transmit data to home computers.
The most common crimes and misdeeds reported in the survey were credit card fraud, telecommunications fraud, employee use of computers for personal reasons, unauthorized access to confidential files, and unlawful copying of copyrighted or licensed software.
Computer security consultant Patricia Fisher of Janus Associates in Stamford, Conn., said the findings were in line with what she has seen in ferreting out abuse of corporate computer systems.
``What we're seeing is it's such a riskless crime,'' she said. ``If you're computer literate, you can find ways to steal or misuse information without being caught.''
While problems with hackers breaking into computers from outside a company appear to be on the rise, most computer crimes are committed by staff and contract workers, the survey found.
Companies mistakenly believe hackers are their biggest threat because of the extensive news coverage they have received, Fisher said.
``Seventy-five to 80 percent of everything happens from inside. There's more opportunity because you're right there on the site. And there may be more motivation if you're unhappy with what's going on.''
Steven Bellovin, a network security researcher for AT&T, said corporations should not only worry about employee-caused cybercrime. There also have been cases of corporate computer professionals stealing confidential information from competitors' computers.
``When I see how easy it is for hackers to get into many computer systems, I have to assume professionals can do just as well,'' he said.
Carter said 96.6 percent of the corporations reported problems with telecommunications fraud.
``We're seeing everything from simply stealing telephone credit card numbers to entry into computers and manipulating billing,'' he said.
Credit card numbers, for company telephone or banking accounts, often are stolen and sold outside the company.
Fisher said employees of a large corporation were running their own telecommunications business with the company computer. They were only discovered when the company noticed unusually large phone bills.
Cellular phones also are a big source of corporate security headaches, Carter said. The phones emit a signal containing the billing code, which can be picked up with computer-driven sensory equipment.
The survey found the largest reported increases, in addition to cellular fraud, were in theft or attempted theft of confidential client information, trade secrets, new product plans and descriptions and product pricing information, in the introduction of computer ``viruses'' to computers, and in unauthorized access to confidential data.
Carter said a surprising finding was the extent of reported computer misuse by employees seeking to gain an advantage over co-workers through sexual harassment, threats and political maneuvering.
For example, security directors reported cases of employees sending phony computer messages directing co-workers to do unnecessary tasks, thereby diverting them from work that might impress the boss.
``People are becoming pretty creative about it,'' Carter said.
The British Banking Association in London estimates the cost of computer fraud worldwide at about $8 billion a year. But Carter said it is virtually impossible to estimate precisely how much money businesses are losing to computer abuse and fraud.
He said many victims are reluctant to prosecute, and fear publicity.
SURVEY FINDINGS
Here are the most common computer-related abuses reported by the security directors and the percentage who reported problems:
Credit card fraud, 96.6.
Telecommunications fraud, 96.6.
Personal use of company computers, 96.
Unauthorized access to confidential files, 95.1.
Cellular phone fraud, 94.5.
Unlawful copying of software, 91.2.
-Source: Michigan State University|
by CNB