BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific

BBC News World Edition
 You are in: Science/Nature  
News Front Page
Middle East
South Asia
Talking Point
Country Profiles
In Depth
BBC Sport
BBC Weather
Friday, 21 June, 2002, 07:51 GMT 08:51 UK
Foiling the fools and the fraudsters
Computer keyboard, Eyewire
The keyboard: Tool of choice for some criminals

Despite all the stories and scares about malicious hackers, computer criminals and destructive web worms, the biggest threat to the security of a company does not come from outside.

Instead, it is employees on the inside who are most likely to cause security breaches by inadvertently spreading viruses, defrauding their employer, wasting time on the net or downloading inappropriate material.

Figures collated by computer forensics and investigation company Vogon suggest that every year one in every 500 employees will cause or trigger a major incident, be it a virus outbreak, attempted theft or accidental data deletion.

BBC News Online attended Vogon's annual Enemy Within seminar to find out the risks employees pose and the best way to manage or investigate the use and abuse of computers.

Hidden pornography

Typically, Vogon is invited in to help a company but it also regularly receives tip-offs via its whistleblower website.

The allegations sent to this site include everything from people using fast net connections at work to download pirated software, run their own web business or to look at pornography.

Systems can be compromised through ignorance as well as intent

Kathryn Own, Vogon

Such serious allegations are not rare. Many people use their work computer to look at materials of an obscene and criminal nature.

Chris Watts, a senior investigator for Vogon, said that about 95% of the hard disks that the company scans during investigations have pornography on them.

Not all of them were illegal images, he said, but the majority broke company policies on appropriate use.

Finding facts

To avoid employees causing such problems, companies needed to spell out the rights and wrongs of computer use as people joined, said Kathryn Owen, one of Vogon's investigators.

"It's important that people sign up to these policies. Then they know that when they come to work for you that these are the rules," she said.

Computer hard disk, Eyewire
It's hard to completely erase the data on a hard disk
But employees do not just cause problems by looking at images that break laws or contravene workplace policies.

A lack of common sense can also cause huge problems.

Many computer viruses travel by e-mail and conceal their malicious payload in an attached file.

The most successful viruses trick people into opening attachments by using a teasing or salacious subject line.

"Systems can be compromised through ignorance as well as intent," said Ms Owen.

Vogon investigators tell the story of one enterprising employee at one client who tried to take apart the Magistr virus to see if it could be used to spread marketing information to customers.

His programming knowledge did not match his creativity and he triggered the virus as he was dismantling it. The result was a virus outbreak and disciplinary action.

Accident ahead

Vogon is often called in to help recover data thought to be lost when back-up files or tapes prove to be faulty or by someone deleting something they should not.

Thankfully, data on hard disks is relatively difficult to completely destroy. Vogon has developed a series of tools that help it recover supposedly lost or deleted data from hard disks.

Although virus outbreaks can cause huge disruption and be hard to clean up after, far more damage can be done by those deliberately trying to defraud their employer.

Ms Owen said that many organisations seeded their customer database with false names to ensure they knew if any rivals got hold of the list of contacts.

Vogon also investigated a company in which one employee created a duplicate set of accounts to hide evidence of embezzling and distinguished between the two using files names that differed only because one had two spaces between the words in it rather than one.

Vogon said it was relatively straightforward to recreate incriminating information that others has tried to destroy. This is done by using data from proxy or mail servers, the caches and history files of web browsers, and the slack and free space on hard disks.

See also:

09 May 02 | Science/Nature
31 Jul 01 | Science/Nature
15 Dec 00 | Science/Nature
06 Jun 01 | Business
19 Apr 01 | Science/Nature
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Science/Nature stories are at the foot of the page.

E-mail this story to a friend

Links to more Science/Nature stories

© BBC ^^ Back to top

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East |
South Asia | UK | Business | Entertainment | Science/Nature |
Technology | Health | Talking Point | Country Profiles | In Depth |