A recent string of massive data breaches at corporations such asSony and Citigroup as well as high-profile hacks of governmentwebsites, including the CIA's, have put state and local cyber crimewatchdogs on high alert.
Ohio law enforcement officials and Internet security specialistssay the successful attacks on ultra-secure websites will challengeidentity thieves and other hackers to step up their efforts.
A snapshot of data breaches in Ohio shows more than 25,000private records from school districts, hospitals, retirementbenefits firms and others have been hacked, stolen or inadvertentlyleaked so far this year, according to San Diego-based Privacy RightsClearinghouse.
The Ohio victims were among more than 22 million people who havehad their records exposed this year through online securitybreaches, according to the organization.
It's difficult to measure the full breadth of the problem becausemost states don't have mandatory reporting requirements.
Ohio law requires companies to notify consumers within 45 days ifpersonal information "that may reasonably cause a material risk ofidentity theft or other fraud" is breached.
Still, companies rarely report data breaches unless they'recompelled to do so.
Some companies come forward because of the size of the breach orbecause it has already become public, said Mike Prusinski, seniorvice president at Life-Lock, a Tempe, Ariz., Internet security firm.
"You only hear about organizations losing hundreds of millions ofpieces of information when they have to come forward, and it's a PRnightmare for them," Prusinski said. "But there are people beingimpacted by data breaches every day who never know it's takingplace."
Beefing up online security is key to battling increasinglysophisticated cyber attacks, experts say, but there is no panacea.
"When hackers set their sights on something, they certainly canget into it," said Scott Campbell, director of technology at MiamiUniversity's School of Engineering and Applied Science. "No site isimmune to hacking."
Combating such crime is a "constant challenge" because hackingtools, or software programs designed to penetrate secure networks,have become increasingly sophisticated and widely available, saidAllan Buxton, a forensic computer specialist at the Bureau ofCriminal Identification and Investigation in the Ohio AttorneyGeneral's Office.
"Fifteen or 20 years ago, the people who did these acts wrotetheir own tools and maintained their own tools, and when theydecided to stop or got caught, those tools vanished," Buxton said."Today, it's a bit of an industry. You have people selling tools forhacking, and then you have other people who build and maintain andredevelop the tools."
Buxton described the battle between law enforcement and cybercriminals as an escalating war that has led the Ohio bureau to seeknew recruits. The 17-member bureau plans to hire five new staffersto assist state and local police agencies in investigating computercrimes.
In addition to sophisticated software, the seemingly constantintroduction of new wireless devices has made it increasingly moredifficult to track cyber criminals, Buxton said.
"You don't have to be sitting at a computer connected to theInternet anymore in a library or your own home, where all yourrecords are," Buxton said. "You could be on a laptop, or tabletcomputer or cellphone with the proper software and commit that crimeacross a mobile or wireless network from halfway across the world."
Compounding the problem is an emerging new breed of hackers whohave been inspired by such groups as Lulz Security. Lulz is apolitically motivated group of so-called "hactivists" who havelaunched attacks against PayPal, Visa and other financialinstitutions in protest of those companies stopping donations toWikiLeaks.
They're known for boasting of their accomplishments on Twitterand other social networking sites, where the group attractsattention from the very people who are likely to try to emulatethem, said Miami University's Campbell.
Earlier this week, FBI agents search the house of a Hamilton teenafter interviewing him about his suspected connection to Lulz, butno charges have been filed.
"The bad guys create these tools, but anybody can run it,"Campbell said.
Campbell thinks the number of data breaches will continue toclimb and that breaches are already more pervasive than most peoplethink.
"I spend a fair amount of my time checking logs and looking forpeople trying to hack into" the university network, he said. "I had300 or 400 people just trying to guess passwords to some of myservers. That's just a typical event. Fortunately, nobody got in."
Комментариев нет:
Отправить комментарий