130 likes | 266 Views
Revealing the attack. Arve Føyen, Advokat. Simonsen Føyen Advokatfirma DA. and when to report …………. 20.10.2004. Overview. The development of our case Is the case typical? What can the company do? Conclusion. The development of our case.
E N D
Revealing the attack Arve Føyen, Advokat Simonsen Føyen Advokatfirma DA and when to report ………….. 20.10.2004
Overview • The development of our case • Is the case typical? • What can the company do? • Conclusion
The development of our case • The systems asministrator discovers that a lot of damage has been done • Teh attack seems to come from one of the emplyees’ computers • The employee pleads innocent, even though he was at home and logged onto thkrough the VPN at the time • All hacker tools are found onthe computer, and have been there for some time • There are traces of a Trojan/back door on the computer
Is our case typical? • ”Back doors” like a VPN connection from a home computer are a new phenomenon, found incresingly often • The hackers usually use ”minste motstands vei” – the easiest way • Direct attacks are the most comon • Networks are a weak point • Social hacking • Corruption
What can the company do? • Nothing – try to repair the damage • Private persecution – internal case • Report to the police • Make sure it doesn’t happen again learning by making mistakes
1. Do nothinbg • The damage is done – so let’s make the best out of it ” • Consequences • No protection – no reaction against the hacker, or internally in the company • ”Cleaning up” deletes all evidence and important traces
Private persecution • Strprl. § 176 – catching someone redhanded: ”fersk gjerning eller ferske spor” • The police can use methods that in other cases would violate provacy • Private persecution – no alternative • Companies do npt want publicity
Report to the police • The only way to try the case • The company must be prepared for publicity • The company must live with the result, even if the case is not brought to court
Should one always report computer crime? • What to gain? • Allmennprevensjon – general prevention • Greater chance to reveal crime • Risks • Exposing security holes • Inspiration for other hackers? • Negative publicity
Report cont. • What is best for the company? • What is in the interest of the customers? • Consider the employees and the working environments
Prevent the same from happening again • Learning from your mistakes is as important as preventing them • Do not delete evidence and traces • Information about steps taken for protection must be part of the media strategy (how to tackle the press) • Remeber: Too much information may weaken information security
Conclusion • Companoes must learn to live with the threat to security • Important for the security work, also tp be on the alert in case of damage ( ”uhellet er ute”)
Spørsmål? • Vi i Simonsen Føyen hjelper dere gjerne! • Arve Føyen • arve.foyen@simonsenfoyen.no • 21 95 55 96/918 19 962