Pro-active measures need to be taken to bring down high tech crime rates, according to detective acting inspector Peter Wheeler from Melbourne's Computer Crime Squad, following today's release of the 2004 Australian Computer Crime and Security Survey.
The survey, conducted by AusCERT and various law enforcement bodies, showed that losses due to computer related crimes had increased.
Public and private organisations reported an average loss of AU$116,000 each in last financial year, marking a 20 percent increase in total losses from the year before.
Wheeler attributes the increase to a number of factors including greater use of technology within the general community, improved capabilities of those wanting to exploit technology and the "failure of businesses to adopt appropriate security processes".
However, Wheeler says that the results of the survey need to be taken in perspective to the number of respondents participating.
"The sample size for this group was quite small and there could be a variety of explanations for the results. It is difficult to determine which are valid and which are speculation," said Detective Wheeler.
The survey showed that there had been an increase in the number of attacks experienced by respondent organisations that harmed the confidentiality, integrity or availability of network data or systems; 49 percent of respondents in 2004 compared to 42 percent in 2003.
Wheeler says the sophistication of the attacks has also increased; a factor that, he says, continues to test the capabilities of high tech law enforcement.
"Sophistication of attacks is also a relevant issue and will continue to be an aspect that is challenging for law enforcement," he said.
A NSW Computer Crime Team detective inspector, Bruce van der Graaf, said an increase in the use of malicious code, or malware, was testament to the growing sophistication of attacks.
"In terms of sophistication - certainly there is a continuing trend in malware to have dangerous payloads. Of concern is the use of remote access malware and keyloggers with a fraud payload which threatens confidential financial data," he said.
Graaf adds that all computer users should be taking preventative measures against attack.
"We would encourage all users to take precautions in this area, including keeping their operating system patched, using firewalls, virus checking and spyware checking," he said.
According to Wheeler, the inability of some organisations to take these measures is a major obstruction to preventing high tech crime.
"There is a concern about the existence of systems that have unpatched and unprotected software vulnerabilities or misconfigured operating systems, applications or network devices," he said. "Clearly there is a greater need for the application of more stringent security counter-measures."
Wheeler said that reactive policing is "certainly" an aspect to high tech crime investigating, yet he states that there should be more proactive counter-measures.
"There needs to be more focus on the proactive aspect and education so that businesses and individuals can become aware of their responsibility to implement processes and conduct themselves online in such a way as to minimise their exposure to becoming a victim", he said.
Although the detectives remained tight-lipped about the Computer Crime Squad's counter crime initiatives, Detective Wheeler said that the training of high tech crime officers is a big issue for policing organisations as their working environment "evolves rapidly".
"The competencies of police involved in this unique discipline of criminal investigation is increasing and there are some highly skilled police members in all jurisdictions within Australia," Wheeler said.
He added that ongoing training is necessary for high tech crime investigators, to "keep pace with technological changes".
Detective Graaf said law enforcement is responding to the increase in high tech crime, with such collaborative policing measures as the development of the Australian High-Tech Crime Centre. However, he also predicts that the online community can expect a rise in computer crime in the short term.
"There will continue to be increasing victimisation of both the critical infrastructure sector and the rest of the online community," he said. "In particular home users should now consider themselves a target (even dialup customers) and take strong pro-active steps to protect their confidential data from theft and misuse."
"Security through obscurity is no longer an option," he said.