http://www.afp.gov.au/publica/platypus/mar98/users.htm Users told: Report all hacks The incidence of unauthorised computer intrusion is growing at a rapid rate - at least as fast as the Internet. Worse, the growing number of sophisticated and automated hacking tools available through the Internet make it easier for even relatively inexperienced Internet users to become computer hackers. The AFP's Computer Crime Unit is staffed by five federal agents in Melbourne, two in Sydney and two in Perth. The AFP, which does not hold statistical data on hacking, plans to develop a database of intrusions across Australia. By James Riley, The Australian The incidence of unauthorised computer intrusion is growing at least as fast as the Internet. Yet most attacks appear to go unreported, an Australian Federal Police (AFP) computer crimes specialist has said. Worse, the growing number of sophisticated and automated hacking tools available through the Internet was making it easier for even relatively inexperienced Internet users to become computer hackers, said Federal Agent Byron Collie of the Computer Crime Team. Speaking at the Australian Unix Users Group annual conference and exhibition in Brisbane last week, Mr Collie said that hacking appeared to be on the increase, but there was also a growing and welcome awareness in the industry of the need for stringent security measures for companies connected to the public telephone network. "Particularly in the case of Internet connectivity, it really isn't an issue of if you will get probed, it is an issue of when," Mr Collie said. The AFP has focused specifically on computer-related crimes since 1988, when a US investigation was referred to Australian law enforcement agencies after it was discovered that hackers in Melbourne had attacked a number of US Government sites. The AFP's Computer Crime Unit is staffed by five agents in Melbourne, two in Sydney and two in Perth. Mr Collie urged users to report hacking attacks, even minor ones, as the report might shed light on related AFP investigations. Companies should also consider Brisbane-based AusCERT (Australian Computer Emergency Response Team) a channel to report incidents, as the organisation had a close liaison with the AFP. The body of knowledge built up by such reports helped authorities better understand how hackers operated, Mr Collie said. "We would ask that people report even low-level probes, because we want to be able to put that into some kind of statistical database," he said. The AFP, which does not hold statistical data on hacking, was planning to develop a database of intrusions across Australia. "One of the reasons we talk at these conferences is that it puts a face to the name of the AFP, and we can encourage people to talk to us," Mr Collie said. "We're happy to talk to people [about specific intrusions], but we're not a computer security consultancy." Mr Collie said that just a few years ago hacking had been the work of a small, closed community of computer users who used bulletin boards to pass information among each other. But the Internet now allowed for a free flow of hacking knowledge through Internet relay chats, news groups and download sites. "There are far more sophisticated tools available on the Internet than ever before," he said. "There are automated tools out there that have been developed by the more experienced intruders which allow less experienced intruders to get into systems that they ordinarily wouldn't be able to." In the event of an unauthorised intrusion, Mr Collie said it was of the utmost importance that companies maintained thorough documentation and reports of precisely what an intruder did and which parts of a system were entered. This would give authorities the best chance of collecting suitable evidence to present to a court. It was also important for companies to prepare an impact statement of the intrusion, estimating the costs involved, whether through downtime, damage to data, or adverse publicity and damage to reputation. "What we try to get across to the courts is the impact that these intrusions can have on a company - something that is often very difficult to quantify," Mr Collie said. "One of the biggest problems is the unknown." © The Australian, September 9, 1997 BACK TO MARCH 1998 PLATYPUS