POWER OF ONE, THE

ASEE Prism, Apr 2004 by McGraw, Dan

A single cyber-thief can steal millions worldwide with a few clicks of a keyboard, but engineering schools are coming up with ways to fight back.

In March of 1831, a man named Edward Smith robbed the first bank in the United States. Using a duplicate set of keys, Smith walked into City Bank on Wall Street on a Sunday, and walked out with $245,000. He was arrested later in the week and spent four years in jail for his heist.

In May 2001, the FBI arrested two young Russian men for robbing the Nara Bank of Los Angeles and the Central National Bank of Waco, Tex., among other businesses. Using more than 50,000 credit card numbers they scammed from hacking into financial service company computers from an operation in Chelyabinsk, the two Russians not only stole money from the banks but more than 40 other businesses across ten states, according to investigators. The FBI estimated the pair accounted for more than $25 million in financial losses to the banks, the other businesses, and American citizens. The two Russians are now serving time in federal prisons.

From Jesse James to Butch Cassidy and the Sundance Kid to John Dillinger, the romantic notion of the bank robber has long been a part of American lore. But the case of the young Russians underscores the fact that modern-day thieves are more likely to be sitting in front of a computer, halfway around the world at that. The keys that rob a bank now lie on the keyboard of a hacker working to break down the computer code protecting the operating systems of businesses and banks.

"It used to be that an individual involved in robbing a bank or some other business could do a limited amount of damage," says Ralph Merkle, professor of computing at Georgia Tech, and director of the school's Information security Center. "But now, with a replicating computer program, one person could rob all the banks on the planet. A small handful of people can cause huge economic damage. It's not that there are more evil people in the world, it's just the use of the computer has had a leveraging effect on crime."

Information security - whether providing government agencies with protection against terrorism or private corporations the tools to prevent costly attacks -has become of paramount importance in this country and abroad. Engineering schools are responding to the need by providing research and programs to combat the threat of computer crime, which started as prankish hacking and has now emerged as a huge problem for law enforcement agencies.

The National security Agency (NSA) has designated 50 colleges and universities-including Georgia Tech -as Centers of Academic Excellence in Information Assurance. The programs these schools are providing are diverse. Some focus on computer-aided forensics, others on terrorist hacking into infrastructure like electrical grids; and still others concentrate on preventing cyber thievery in private industry. The programs are interdisciplinary, utilizing faculty from engineering and computer science in conjunction with experts in business, law, ethics, and political science.

Quantifying the damage from computer crime is difficult. Identity theft, credit card fraud, damage from viruses and worms, child pornography, stolen laptops, hacking into the Department of Defense - all these offenses can be lumped into the computer crime category. That some private companies are reluctant to report some computer crime, fearing the exposed vulnerabilities might encourage more attacks and hurt stock prices, complicates matters.

According to a survey conducted by California-based Computer security Research Lab in conjunction with the FBI, the number of intrusions into networks has increased every year for the past five. The average financial loss to companies reporting an intrusion was $2.7 million. The Tower Group Inc., a computer industry research firm, estimates identity theft costs the banking industry $1 billion a year. Incredibly, the research firm said that 10,000 identity theft victims had had home loans taken out in their names to the tune of $300 million.

Some put the tag at worldwide losses from computer crime at $30 billion every year. Others say it is double that. Government and private business have gotten the message and are starting to invest in the security of their systems. Infonetics Research estimates that spending on security in the U.S. private sector will grow from $4.5 billion in 2003 to $8 billion in 2007.

"We are just looking at a totally different kind of criminal," says Sushil Jajoclia, professor of information technology and engineering and director of the Center for secure Information Systems at George Mason University in Virginia. "We have criminals trying to steal money, we have insiders corrupting software systems, but we also have nationstates and terrorists looking to bring our networks down, from telephone systems to electric grids to airplane traffic."

Jajodia estimates that 80 percent of the 800 students studying information technology at George Mason are concentrating on information assurance. If software design was the hot major in the nineties, information assurance might be the major of choice in the new millennium. After creating the Internet world in the nineties, U.S. engineers are now increasingly working toward making that world safer.