Useful Links: www.tomw.net.au/links

IT issues on 666 ABC Canberra Drive with Keri Phillips each Wednesday at 5:50pm

With Tom Worthington FACS, Visiting Fellow, Department of Computer Science, Australian National University

Australian Computer Crime, 22 May 2002

AusCERT, the NSW Police and Deloitte Touche Tohmatsu, have produced a report on computer crime and security in Australia:

As the only survey of its type in Australia focusing on the actual extent and nature of security incidents in this country, this year’s survey builds on the two earlier surveys conducted in 1997 1 and 1999 2 . The survey has also been adapted this year to facilitate comparison with the pre-eminent equivalent USA survey, the 2002 CSI/FBI Computer Crime and Security Survey.

The survey presents a snapshot of Australian computer crime and security trends now and in the future. In particular, the survey objectives are to heighten awareness of the broad and complex nature of computer crime and security issues and trends; to seek to understand why such trends are occurring; and to promote the use of effective prevention, detection and response strategies.

From: Executive Summary, 2002 Australian Computer Crime and Security Survey, 2002.

The key findings don't tell us anything we don't already know:

1. Consistent with global trends, the volume of computer crime and security incidents in Australia is growing rapidly. 67% of respondents suffered a computer security incident in 2002, twice the level of 1999 (and higher than the USA), and 35% of these experienced six or more incidents.
2. For the first time in Australia, the growing threat of external attack has now surpassed the threat of internal attack. 89% of Australian organisations suffering a computer security incident were attacked externally, while less than 65% were attacked internally.
3. Although Australian organisations have invested heavily in security technologies, a significant level of computer crime and abuse continues to occur.
4. 98% of respondents experienced some form of broader computer crime or abuse. The areas of greatest financial impact were laptop theft, data or network sabotage, virus and trojan infection, and computer fraud.
5. Other frequently experienced incidents of computer crime or abuse which proved more difficult to quantify included denial of service attacks, and excessive network resource consumption through external scanning.
6. The number of organisations reporting security incidents to law enforcement authorities has more than doubled to 31%, but most attacks are still going unreported to law enforcement. Pessimism regarding the apprehension of attackers is the primary inhibitor to greater reporting.
7. Australian organisations are four times more likely to respond to security incidents with criminal action rather than civil lawsuits, the reverse of the trend in the USA.
8. 43% of Australian organisations are willing to knowingly hire ex-hackers, three times more than in the USA.
9. 60% of respondents recognised changing user attitudes as the most significant barrier to improved security. Other significant barriers included managing software upgrades and bug patches in a complex IT infrastructure, and keeping up to date with fast changing security threats.
10. 70% of Australian organisations have increased their expenditure on information security over the past 12 months in response to security concerns or incidents.

From: Key Findings, 2002 Australian Computer Crime and Security Survey, 2002. (numbering of points and bold text added).

Some points:

1. Computer crime growing rapidly: While a doubling of incidents since of 1999 sounds serious, this may be due to more awareness, rather than more incidents. Also may be probing of computer security, the equivalent of rattling door handles to see if any are unlocked, rather than serious prefosessional attacks.
2. External attacks surpass internal: Employees remain a serious threat to security with 65% of organisations attacked internally. Internal attacks may be underreported due to it being easier for an internal person to cover their tracks.
3. Broader computer crime easily stopped:Much of the financial impact is eaily stopped, by for example not leaving laptops lying around, turing on the data and network security which comes with systems, chaning passwords, using virus software and traning staff to be viligant.

See also: Viruses, 20 August 2001

An intersting part of the report are the six case studies. These are usually anonomus, but the first identifies the companies concerned:

In March 2000, the Computer Crime Investigation Unit of the Commercial Crime Agency, NSW Police, investigated a sabotage attack against the GreenGrocer’s network, which made it fail on two occasions. One of the attacks involved remotely deleting operating system files and caused the site to be unavailable for five days while analysis, clean up and recovery occurred. As an e-commerce merchant, GreenGrocer’s network was critical to the company’s ability to receive orders and earn revenue, which at the time was estimated to be about $22,500 per day...

Further forensic analysis showed the perpetrator had on the first occasion telneted into the GreenGrocer’s network router and deleted critical router files, rebooted the router and caused GreenGrocer to lose its connection to the Internet. In the second attack, using the pcAnywhere application, the perpetrator remotely accessed a server and deleted critical operating system files causing the server to fail.

The perpetrator was convicted in February 2002 on two counts of damaging data in a computer, which carries a maximum sentence of 10 years imprisonment under s. 310(a) of the NSW Crimes Act 1900 but received an 18 month suspended sentence.

From: 3. Security Incident Trends, 2002 Australian Computer Crime and Security Survey, 2002.

Further Information:

• More links
• 666 ABC Canberra Drive with Keri Phillips
• Author's home page

Comments and corrections to: webmaster@tomw.net.au

Copyright © Tom Worthington 2001-2002.