You Can Lose Assets in NANOSECONDS
Matrix: The Magazine for Leaders in Education, Sept, 2000 by Alan Dessoff
Former NASA Cyber Cop Warns Of Internet Dangers
Cybercrime is the name of the new game in law enforcement and colleges and universities are as vulnerable to it as other institutions. Unfortunately, there's no simple way they can guard against it and protect their information assets.
That was the disquieting message delivered by Thomas Talleur at the National Association of College and University Business Officers' 21st Century Executive Symposium in Washington, D.C., earlier this year. "While you're doing wonderful things on your university system, stuff is going on behind the scenes," Talleur said. "The implications from deliberate cyber misbehavior directed at businesses, not-for-profits, and government is staggering."
Talleur should know. As the top "cyber cop" of the National Aeronautics and Space Administration, he created and ran the law enforcement unit that investigated organized criminal cyber attacks against NASA's communications networks. Early this year, he joined KPMG LLP, the accounting, tax, and consulting firm, to help companies detect, and prevent fraud and white-collar crime.
"We used to worry about things like guys stealing out the back door of the warehouse," Talleur said. "Then we moved on to regular white-collar paper-based fraud. The big thing today is the Internet, which runs on digital telephony devices you use in your universities. Now, you can lose assets in nanoseconds."
Universities "will share data with everybody in the world, but what you share can be exploited against you," Talleur warned. "The more you open up to share, the more vulnerable you make yourself." There is no privacy in cyberspace, he emphasized. "What you touch electronically touches you. Whatever you do when you are hooked up to a network, somebody else is seeing it," he said.
Thefts of intellectual property are a major problem facing colleges and universities, Talleur said, and they may not know when it happens. The current modus operandi of organized cyber criminals, he explained, is to break into a network server, steal the data they want, and leave no sign that they were there. "Think about the data you put on a network server that shouldn't be there. Educational institutions are notorious for that. If you keep your intellectual property on an Internet server at your university, you risk losing it. If you post it out there and someone steals it, it's gone," Talleur said.
Wiretapping in cyberspace is against the law but it goes on anyway, Talleur said, along with other cyber crimes including trafficking in illegal material, like child pornography, extortion schemes, sales of inside information, and misuse of an organization's resources. Computers are used as "weapons of attack, instrumentalities in the commission of crime"--for example, when a bookkeeper maintains two sets of books electronically. "Those are the kinds of things going on in cyberspace today," Talleur said. "It's an electronic OK Corral out there. You just don't see it because it's transparent."
It's not just teenage hackers who break into computer systems, Talleur said, although "they are the ones you read about in the paper because they are the only ones law enforcement technologists can catch." But most cyber-fraud is "organized criminal misbehavior," and it can cause expensive problems for higher-education institutions, Talleur said. "If your master password is given out, your university is going to be billed for millions of dollars," he said. "Could this happen to you? It sure could." Think about "your downstream liability for having Internet Gateways," he urged. "If someone downstream is victimized because you are used as a conduit point of attack, what is your liability?"
Cyber criminals often exploit default configurations in operating systems, Talleur said. "This ought to be a flag to folks in universities," he said. "Never take a computer out of a box and just put it up on the network and have it offer services. That's what a lot of people do at universities. Bad guys run a scanner to look for the services you are running on your network." Just run the services you really need, Talleur advised.
There's no easy, single fix to Internet security problems, Talleur said. Security requires staff training, legal policy, and awareness. Changing the perceptions of computer users can help. "Make people understand their personal responsibility" to protect information, Talleur said. Also, "have a banner on your system that tells people you have no expectation of privacy and the contents of your data stream are subject to theft. If you don't do that, you're subject to civil litigation."
Sometimes a university's systems administrators and information technology personnel--"the people you trust"--can be "your worst advisers," Talleur said, because "their talent is to set up services and not to understand how they can be exploited." So use their advice cautiously, he said.
And remember, he said, that "all these new and emerging technologies are going to cause more problems. It's going to get worse before it gets better."
Most Recent Reference Articles
- ARAB EUROPEAN RELATIONS - Dec 22 - Russia Denies Selling Missile System To Iran
- EGYPT - Dec 29 - Opposition Says Mubarak Blessed Israeli Attacks
- ARAB AFFAIRS - Dec 22 - Syria Will Eventually Move To Direct Talks With Israel
- ARAB AFFAIRS - Dec 30 - GCC Denounces Massacre
- ARAB ISRAELI RELATIONS - Israel Issues An Appeal To Palestinians In Gaza
Most Recent Reference Publications
Most Popular Reference Articles
- Credit card debt on college campuses: causes, consequences, and solutions
- 9 questions to ask your new lover: what you were afraid to ask, but always wanted to know
- How Tyler Perry rose from homelessness to a $5 million mansion
- Rejoice anyway - Zephaniah 3:14-20, Philippians 4:4-7 - Living by the Word - Column
- Living by the word
Most Popular Reference Publications
Content provided in partnership with
Presented by American Express