“All this talk of fifteen-year-old kids vandalising the Web is a
smoke screen behind which real, professional crackers are pleased
to take cover, security expert Mark Rasch revealed during testimony
before a Senate hearing on Internet security earlier this
week.”
“Info tech companies may be fairly willing to report a nuisance
attack such as the recent DDoS campaign, where no company assets
are compromised. But Rasch believes that serious, compromising
attacks are rarely reported to the authorities.
This is because such companies, which own nothing of substance
but are valued principally according to the information they
possess, depend heavily on consumer confidence. A prosecution and
trial, Rasch observes, would make public the security vulnerability
that was exploited, hence the company’s hopelessly inadequate
security measures, he implied.
An info tech company will typically lose between ten and one
hundred times more money from shaken consumer confidence than the
hack attack itself represents if they decide to prosecute the case,
he estimated. …because it is to a company’s advantage to suffer
in silence, the real malicious hacking, which would involve the
compromising of crucial data and intellectual property by rivals
tech firms, and probably represents the lion’s share of online
criminal activity, is kept as a closely-guarded, dirty little
secret.”