Print
Discuss
Send to friend
RSS feedsThe increasing number of criminals using the internet means that companies will have to completely rethink security practices, according to security guru Bruce Schneier.
Hacking activity has shifted over the past two or three years from being an amateur activity to one where organised crime has taken over. The two groups are very different and security officers will have to change tactics to deal with new threats.
"It used to be the hacker attacking and looking for glory, but now it's criminals looking for money," Schneier told vnunet.com.
"Forcing the criminal attacker to make a meaningless change of tactics by changing network settings doesn't work. In the language of fraud your tactic is merely a tactic, whereas hackers would look on it as a whole new challenge."
Schneier explained that the criminal classes are not hackers, but are using hacking techniques because they provide an automated way to commit fraud on a large scale. Factor in poor legislation in some countries, and online crime is booming.
He pointed to denial of service attacks as an example. These are now being used against e-commerce sites such as online gaming, gambling and pornography to extort money.
Schneier also punctured some security myths. He advised people not to bother shredding bills and mail, maintaining that thieves are not interested in stealing credit card numbers by the ones or twos when they can steal them online in the hundreds of thousands.
Politically motivated hacking is not on the rise, according to Schneier. It has remained a low-level threat and tends to increase only around specific events like the downing of a US spy plane in China two years ago.
He concluded that the change in tactics by criminals would lead to more and more online fraud and that they would always be one step ahead of the police.
"Criminals by their very nature are distributed whereas the police are an institution," said Schneier. "As such the police will always be slower to respond. Indeed most police [investigation] occurs only after a crime has happened."
See also:
UK's Security Co-ordination Centre 'cannot fulfil its remit' 26 Apr 2005Providers 'missing a sales opportunity', claim experts 26 Apr 2005Biggest threat from current or former employees, warns Met Police 26 Apr 2005All Hacking
del.icio.us
Digg this
reddit!
