BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh
BBCi CATEGORIES   TV   RADIO   COMMUNICATE   WHERE I LIVE   INDEX    SEARCH 

BBC NEWS
 You are in:  Sci/Tech
Front Page 
World 
UK 
UK Politics 
Business 
Sci/Tech 
Health 
Education 
Entertainment 
Talking Point 
In Depth 
AudioVideo 


Commonwealth Games 2002

BBC Sport

BBC Weather

SERVICES 
Monday, 29 April, 2002, 08:28 GMT 09:28 UK
Employees seen as computer saboteurs
computer keyboard, Eyewire
Worst computer incidents blamed on employees
test hello test
By Mark Ward
BBC News Online technology correspondent
line
Digital cameras, MP3 players and handheld computers could be the tools that disgruntled UK employees use to sabotage computer systems or steal vital data, warn security experts.

The removable memory cards inside the devices could be used to bring in software that looks for vulnerabilities on a company's internal network.

The innocent-looking devices could also be used to smuggle out confidential or sensitive information.

The dangers disgruntled employees posed was highlighted by a survey showing that almost half of the most serious security incidents businesses suffered last year were caused by company workers.

Inside edge

The figures were revealed in the Department for Trade and Industry's annual Information Security Breaches report, which was released at the InfoSec trade show at London's Olympia.

It showed that 48% of large companies blame their worst security incident on employees.

By contrast, the 2001 edition of the survey showed that 75% of those questioned named external hackers and criminals as the biggest threat to security.

Kevin Mitnick, AP
Mitnick used trickery to get vital info
Incidents include everything from virus outbreaks, browsing inappropriate pages using company computers, committing fraud or cracking corporate computer systems from the inside.

One way that unhappy employees might try to damage computer systems is by smuggling in programs on devices such as digital cameras, handheld computers and MP3 players.

"Internal hacking is really happening," said Michael Longhurst, principal security consultant for Luxembourg-based SecureWave.

Mr Longhurst said because digital cameras, MP3 players and handheld computers swapped information with a PC they could be used for nefarious purposes.

The memory cards used by digital cameras and some MP3 players have storage capacities of hundreds of megabytes - more than enough to store hacking programs that can be used to look for vulnerabilities on internal networks.

Disgruntled employees could easily load hacking software on to the memory card for their digital camera at home, transfer the software on to a PC at work and let it run loose, said Mr Longhurst.

Many companies were now installing software that watches for computers doing things on an internal network they should not be doing.

Loose lips

Employees can be a security hazard in other ways too.

Workers unfamiliar with computers or who blithely open files attached to e-mail could kick off virus outbreaks or inadvertently aid hackers trying to get access to an organisations internal network.

telephone headset, BBC
Some hackers target customer service staff
Customer service staff at call centres can also cause security headaches for companies if they are not trained to spot or deal with people who call and try to extract information about passwords and customer accounts.

"Hacker Kevin Mitnick has gone on record to say that that he rarely used technology," said Chris Pick of security firm Pentasafe. "Instead, he used social engineering to get the information he needed."

Mr Pick said the Human Firewall Council had been created to advise companies on the best way to educate staff about security.

Properly educated staff will choose passwords that were hard to guess, knew to be suspicious of unsolicited e-mails bearing attachments and refused to divulge confidential information, he said.

You can hear more about computer security on Go Digital on the BBC World Service.

See also:

16 Apr 02 | Sci/Tech
Web attacks on the rise
08 Apr 02 | Sci/Tech
Computer crime 'soaring'
24 Mar 00 | Business
Outdoing the hackers
29 Oct 98 | Sci/Tech
Hacking usually "an inside job"
27 Jul 01 | Scotland
Sharp rise in company fraud
Links to more Sci/Tech stories are at the foot of the page.


E-mail this story to a friend

Links to more Sci/Tech stories