Richard Bejtlich has a new post (as of May 10) http://taosecurity.blogspot.com/
He set out a few excerpts of a 1978 book “Computer Capers” by Thomas Whiteside.
To me the most interesting excerpt(2nd):
“The difficulties of catching up with the people who have committed computer crimes is compounded by the reluctance of corporations to talk about the fact that they have been defrauded and by the difficulties and embarrassments of prosecution and trial. In instance after instance, corporations whose assets have been plundered — whose computer operations have been manipulated to churn out fictitious accounting data or to print large checks to the holders of dummy accounts — have preferred to suffer in silence rather than to have the horrid facts about the frailty of their miracle processing systems come to public attention.
Top management people in large corporations fear that publicity about internal fraud could well affect their companies’ trading positions on the stock market, hold the corporations up to public ridicule, and cause all sorts of turmoil within their staffs. In many cases, it seems, management will go to great lengths to keep the fact of an internal computer crime from its own stockholders…
The reluctance of corporations to subject themselves to unfavorable publicity over computer crimes is so great that some corporations actually seem willing to take the risk of getting into trouble with the law themselves by concealing crimes committed against them. Among independent computer security consultants, it is widely suspected that certain banks, which seem exceptionally reluctant to admit that such a thing as computer fraud even exists in the banking fraternity, do not always report such crimes to the Comptroller of the Currency, in Washington, when they occur, as all banks are required to do by federal law. Bank officers do not discuss the details of computer crime with the press… [A] principal reason for this kind of behavior is the fear on the part of the banks that such a record will bring about an increase in their insurance rates.”
It looks like today this attitude is the same as 37 years ago give or take as it is today.
Computer fraud befuddled executives in the late 70’s and I would assume since then.
Is this really what we will talk about in the next 30 years?
It is a human thinking to try and hunker down and think no one is noticing what they are doing. But that is not the case anymore – Everyone is getting attacked, and everyone needs to up their game, as the attacks are becoming more sophisticated.
We can’t just sit and hide anymore. (otherwise known as security through obscurity).
It is time for a change in methods and techniques. We must tell each other what methods work and when they don’t so that we can learn from each other.
That is how the criminals do it. They have forums and discuss what works and what does not.
Contact Us to tell us how you have been breached, and we will just give out details of breach with no corporate specific details that tells who you really are.