Companies Should Report Cybercrime
If companies as victims of cyber crime report their cases to law enforcement agencies then a lot can be done to alleviate the crime. For it will enable the law enforcement agencies to get useful information about hostile IP addresses as well as about new types of attacks. According to Whitmore, a special agent with the 'Air Force Office of Special Investigation' in the US, the majority of organizations who fall victim to DDOS (distributed denial of service) never report their cases.
When a DDOS attack is launched, criminals gain control of computer networks called 'botnets'. As they start sending commands on them, they inundate the company's network with destructive traffic. Later they demand money from that company to stop the DDOS attack. If the company does not agree to pay, then the attackers send more traffic through more zombie computers and ask for more money. Since funds are available with banks and offshore gambling websites, the attackers choose them as favorite targets for such 'botnet extortion scams'.
David Spinks, director of information assurance at outsourcing major EDS, which manages as many as 3.5 million desktops on behalf of its customers says that the proportion of reported cases of online fraud might be much lower than 'botnet extortion scams'. For every single security breach reported there may be a hundred more existing within companies. Right now the exact number showing crime-related security flaws are not available.
As cybercrime becomes increasingly advanced and organized it is vital that companies that fall victim to such crime, take the initiative to report them. If this co-operation lacks it would not be long when cyber space would become a scary area. Industry law enforcement agencies, victims' ISPs, and support groups should all work together to build a comprehensive and effective action plan to tackle this problem.
Businesses can act effectively by deploying defenses against botnets through anti-virus software, system patches, provide for scanning of network traffic, confine employees to access only systems they need and train them in safe Internet use. Apart from this companies must maintain relationships with local law enforcement bodies and their ISPs even before a cyber attack occurs.
» SPAMfighter News - 14-09-2006