- Email: [email protected]
Compurer crimes and disasters now on database
SEPT - OCI"
TIlE COMPUTER IAW AND SECURITY REPORT
3 CLSR
may emerge is collected, and retained, in an admissible form. This sort of liaison should also serve to avoid any difficulty if a complaint is made to the SFO sometime after an inquiry is launched by the victim. It is to be hoped that we can achieve a situation where criminal investigators will be able to take over a computer fraud investigation carried on their civil counterparts as smoothly as one member of a relay team taking over the baton from another.
I would hope that it could be seen as a point of reference by those institutions who suffer a computer fraud of significant proportions. This line of communication is fundamental to the efficient running of the investigation if what starts as a loss turns into a crime.
Conclusion
The address of the Serious Fraud Office is Keysign House, 421-9, Oxford Street, London W l .
Mark Tantum Serious Fraud Office
The SFO is a new office and, like any toddler, will take some time to find its feet in the computer fraud world. However,
INlOtION COMPUTER CRIMES AND DISASTERS NOW ON DATABASE Details of computer crimes and disasters going back as far as the late 1950s are available on a database recently launched by consultants Data Integrity PLC. It claims to contain the full text of all the known published accounts of such cases, many cases appearing in more than one report. According to the consultants the DI database "gives an unprecedented accurate view of what has happened to computers in the past - and makes it possible to draw reliable condusions and to make worthwhile assumptions about what could happen in the future." It was set up according to Data Integrity's Technical Director Peter Sommer, "because we found that all the statistics commonly quoted by computer security experts are just unbelievable: none of them can demonstrate that they have used reliable sampling methods, many of the data collection techniques are weak or ambiguous, they all have different definitions of what "computer crime" actually is, and the published conclusions are often not justified by the research that has in fact taken place'i "It will be many years before any computer crime statistics will be available upon which reliable conclusions can be drawn." "It is much more useful, when assessing the risk associated with particular items of hardware or software, or particular business environments, to be able to look at the total of published casesand see for yourself what has gone on before. The fuller and the more authentic the account the better. We can now do this." The database also contains (p~sumably with permission)a large number of articles about computer security, new computer developments, insurance and legal matters, and product sheets. Longer articles and books are stored in bibliographic form. Data Integrity will not make the database by itself available to external users - they insist that the material is of greatest use to people who know how to interpret it effectively. DI "sell" the database only as part of general consultancy services. The sources used to compile the database include the national and trade press, specialist newsletters and on-line databases, from the UK, USA, Europe, Japan and Australia. Interestingly Mr Sommer is better known by his pen-name of Hugo Cornwall, under which he wrote the notorious Hacker's Handbook and DataTheft. At the time publication of the book attracted many critics. Data Integrity is a computer security consultancy and claims to be completely independent of links with manufacturers, software houses, management consultancies and insurance interests. For more information and a demonstration contact Keven Cox. Tel: 01 222 3312.
14
TIlE COMPUTER IAW AND SECURITY REPORT
3 CLSR
may emerge is collected, and retained, in an admissible form. This sort of liaison should also serve to avoid any difficulty if a complaint is made to the SFO sometime after an inquiry is launched by the victim. It is to be hoped that we can achieve a situation where criminal investigators will be able to take over a computer fraud investigation carried on their civil counterparts as smoothly as one member of a relay team taking over the baton from another.
I would hope that it could be seen as a point of reference by those institutions who suffer a computer fraud of significant proportions. This line of communication is fundamental to the efficient running of the investigation if what starts as a loss turns into a crime.
Conclusion
The address of the Serious Fraud Office is Keysign House, 421-9, Oxford Street, London W l .
Mark Tantum Serious Fraud Office
The SFO is a new office and, like any toddler, will take some time to find its feet in the computer fraud world. However,
INlOtION COMPUTER CRIMES AND DISASTERS NOW ON DATABASE Details of computer crimes and disasters going back as far as the late 1950s are available on a database recently launched by consultants Data Integrity PLC. It claims to contain the full text of all the known published accounts of such cases, many cases appearing in more than one report. According to the consultants the DI database "gives an unprecedented accurate view of what has happened to computers in the past - and makes it possible to draw reliable condusions and to make worthwhile assumptions about what could happen in the future." It was set up according to Data Integrity's Technical Director Peter Sommer, "because we found that all the statistics commonly quoted by computer security experts are just unbelievable: none of them can demonstrate that they have used reliable sampling methods, many of the data collection techniques are weak or ambiguous, they all have different definitions of what "computer crime" actually is, and the published conclusions are often not justified by the research that has in fact taken place'i "It will be many years before any computer crime statistics will be available upon which reliable conclusions can be drawn." "It is much more useful, when assessing the risk associated with particular items of hardware or software, or particular business environments, to be able to look at the total of published casesand see for yourself what has gone on before. The fuller and the more authentic the account the better. We can now do this." The database also contains (p~sumably with permission)a large number of articles about computer security, new computer developments, insurance and legal matters, and product sheets. Longer articles and books are stored in bibliographic form. Data Integrity will not make the database by itself available to external users - they insist that the material is of greatest use to people who know how to interpret it effectively. DI "sell" the database only as part of general consultancy services. The sources used to compile the database include the national and trade press, specialist newsletters and on-line databases, from the UK, USA, Europe, Japan and Australia. Interestingly Mr Sommer is better known by his pen-name of Hugo Cornwall, under which he wrote the notorious Hacker's Handbook and DataTheft. At the time publication of the book attracted many critics. Data Integrity is a computer security consultancy and claims to be completely independent of links with manufacturers, software houses, management consultancies and insurance interests. For more information and a demonstration contact Keven Cox. Tel: 01 222 3312.
14