Report: Hacking Is Increasing

Computer attacks on companies were up sharply in the second half of 2001, reports a computer security corporation, which admitted it was surprised by the volume of verified cyber-assaults: At least 128,678.

"The volume of attacks on average per company is increasing about 79 percent over the six-month period of time," Riptech's chief technology officer, Tim Belcher, told CBS Radio News producer John Davidson.

"The goal would be to compromise that company's network, gain access and potentially commandeer remote systems on that company's network and use them to either gather information to disrupt the company's networks..or copy proprietary information — any number of reasons," Belcher added.

The Riptech report said that while few of the attacks detected were a "serious threat," the number should serve as a warning that "the Internet security threat is real, pervasive, and perhaps more severe than previously anticipated."

The increase, if not the number, of cyber-strikes was confirmed by the Computer Emergency Response Team (CERT) Coordination Center at Carnegie-Mellon University, a government-funded operation. It reported 52,658 security breaches and attacks in 2001, up 50 percent from the previous year. The number of computer vulnerabilities reported to CERT doubled.

The Riptech report did not include "worm" attacks — if it had, the number of attacks would be 63 percent higher.

A rival computer security company, TruSecure, said hackers' boasts of successful system penetration increased 29 percent in the fourth quarter of 2001.

Corporate computer systems are increasing vulnerable to attacks in part because companies are not using security measures readily available to them, said the Computer Science and Telecommunications Board, part of the National Research Council.

According to Riptech, more than four out of 10 companies had "critical" attacks that risked compromise their computer systems, and more than one in eight had at least one "emergency" that required some form of recovery.

"The community of hackers is getting bigger and the tools used to launch the attacks are easier to find and easier to use," said Belcher.

Most analysts have assumed that hacking attempts on an Internet site were opportunistic — the attacker is simply looking for a vulnerable system — but Riptech's study found that 39 percent of the attacks targeted a specific system or company.

The number of targeted attacks rose to 42 percent if the company had more than 1,000 employees.

"If the victim is identified in advance, the attacks are more complex," said Belcher, who admitted he thought more of the hacking was random. "That's not good."

The motivations, he added, vary, but include "political activism, industrial espionage. We have detected over the past six months cases of identity theft, financial theft."

Most of the assaults came from a small number of countries. Thirty percent of the attacks came from wthin the United States, followed by South Korea, China, Germany and France. However, Israel — including the Palestinian-controlled territories — was the leader during the second half of 2001 in terms of attacks per Internet user.

Of those attacks from the Middle East, the largest number were aimed at power and energy companies.

"Power and energy companies appeared to be more than three times more likely to suffer a significant compromise" during the six months studied, Belcher said.

©MMII CBS Worldwide Inc., All Rights Reserved