Financially Motivated

I l @ ve RuBoard

Most crime is financially motivated. Financial motives, need or greed, are very powerful. The computer has become just one more tool available to these criminals. There has been a growing trend of attacks for financial gain accomplished by selling the information acquired or extorting the victim organization. Many hackers start with criminal intent and find computer systems an easy way to achieve their goals. Some are paid by third parties to compromise an organization's systems, or to acquire information. Others may cause damage expecting to be hired to fix the damage. A sudden financial need can cause an individual to become involved in activities in which he would not otherwise engage. The impersonal nature of computer crimes gives many criminals a sense of security that they won't be caught.

Personal Profit

Financial profit has long been a motive for computer crimes. Hackers embezzle from their employers and steal information to sell to competitors . More recently, electronic theft of credit card numbers has become common and identity theft, the process of stealing enough personal information to impersonate someone financially, is on the rise. Financial crimes of all kinds are increasing online. The computer and the computer networks have become a vehicle for common crime.

Two Cisco Systems accountants were sentenced to 34 months in prison on charges of computer fraud for issuing almost $8 million in Cisco stock to themselves .

As part of their scheme, Geoffrey Osowski and Wilson Tang exceeded their authorized access to computer systems at Cisco in order to access a system used to manage stock option disbursals. They then used that access to identify control numbers to track authorized stock option disbursals and create forged forms authorizing disbursals of stock. They faxed the forged forms to the company responsible for issuing Cisco stock, and had the stock sent to their personal brokerage accounts.

They transferred a total of over 200,000 shares of stock before being caught. ^[24]

^[24] "Former Cisco Systems, Inc. Accountants Sentenced for Unauthorized Access to Computer Systems to Illegally Issue Almost $8 Million in Cisco Stock to Themselves," U.S. Department of Justice Press Release , 26 November 2001.

Damage to the Organization

Many attacks are focused on damaging the organization. This can be anything from vandalizing its website to destroying critical business data. Organizations are selected by outsiders because of their public image or perceived image or by disgruntled employees or dissatisfied customers. In most cases, these attacks have little lasting effect on the organization; occasionally, they are devastating to the victim.

A British Internet service provider, Cloud Nine, went out of business after being hit by a crippling security attack. The denial of service attack was so bad the ISP said it would have to rebuild its network, but its CEO, Emeric Miszti, said that the disaster cover insurance it held was insufficient to cover the rebuild.

Effectively, the attacks have put the company completely out of business.

The ISP tightened its firewalls after the initial attack. "What followed was first a Firewall password brute forece attack resulting in successful hash and destruction of the firewall," the company said in an online post.

Speaking to the UK's The Register , a dejected Mr. Miszti said, "This is terrorism ” pure and simple. I never want to relive the last seven days again. We still don't know who's behind it ” nor do we know who's next ." ^[25]

^[25] Richardson, Tim, "Cloud Nine Blown Away, Blames Hack Attack," The Register , 22 January 2002.

I l @ ve RuBoard