Adelaide, Feb 15 Asia Pulse - Most computer hacking is carried out from within, the head of the national information security testing body said today.
Australian Information Security Evaluation Program (AISEP) manager Anne Robins said that with increasing computer and Internet access around the world, information security risks were a virtually limitless problem. "We really don't know enough about the structure to know what traps exist," Ms Robins told an electronic warfare conference in Adelaide. "We don't know how much trouble we might be in, there's no formal structure that could even attempt to coordinate a national approach to looking at this type of infrastructure."
Ms Robins said there had been many recent publicised cases of hackers attacking computer systems and websites from the outside, but breached security from within seemed to be a bigger problem. "Federal police and consulting agencies estimate 30 to 80 per cent of computer crime is carried out by employees in their own networks," she said.
"We have spent an awful lot of time putting locks on the doors but it's the people with the keys that are causing the problems." Ms Robins said there had been a steady rise in the amount and complexity of computer crimes both in Australia and overseas in the past year, including credit card frauds and hacks on financial institutions. She said a much-publicised case from last year in which Citibank was defrauded out of millions of dollars via computer had lowered public and shareholder confidence in the bank, which was probably why more such attacks were not being reported.
"I think the fact we haven't seen any other announcements from the big banks is not because they are no longer being attacked but because they're not willing to reveal attacks," she said. Ms Robins said the recent spate of so-called "denial of service" attacks, which temporarily blocked consumer access to popular United States websites such as Amazon.com and Yahoo! was an example of the growing organisation of computer crimes.
"There is a real fear that this is going to move to Australia and we are right to be concerned that we are not going to know how to protect against such an attack," she said. Ms Robins said government, industry and consumers had to work together to fight such attacks and had to be pro-active in putting in security measures rather than waiting for attacks then trying to stop them.
Web under attack