Accessibility links

Breaking News

United States: Survey Shows Attacks On Computer Systems Increasing

Washington, 11 March 1998 (RFE/RL) -- A new survey says that attacks on U.S. computer systems has increased 22 percent since 1996 and now involves six out of every 10 American businesses, government agencies, universities and private organizations.

The survey was the second of its kind conducted by the Computer Security Institute (CSI) -- a private American computer firm -- in cooperation with the U.S. Federal Bureau of Investigation.

CSI sent out questionnaires to more than 500 U.S. businesses and government agencies, asking about computer security breaches in 1997. Respondents were permitted to remain anonymous in order to protect their company's business and reputation.

Some of the results were surprising.

For example, 64 percent of the respondents said their computer systems had been breached multiple times despite security measures and other efforts to prevent such attacks.

According to the survey, part of the problem is that many of the attacks originate from the Internet where the source of intrusions are harder to trace and more difficult to anticipate. The survey noted that the number of companies who had been attacked via the Internet rose from 17 percent in 1996 to 54 percent in 1997.

But the survey also found that 89 percent of the respondents believe the intrusions came from someone inside the company such as a disgruntled employee or a former employee. The next most likely source of attacks, say respondents, came from independent hackers and domestic competitors.

This is a major change from last year's survey where foreign governments and competitors were named as the most likely suspects of cyber attacks against U.S. computer systems.

In terms of financial losses -- only 16 percent of the respondents provided an actual dollar amount. Of that 16 percent, the survey noted a dramatic range in losses -- from 50 dollars in computer repairs to 25 million dollars in stolen research. Overall, the survey calculated a total amount of 136 million dollars in financial losses.

Experts say the problem is only going to get worse before it gets better.

Richard Power of CSI says: "We're looking at what crime will be like in the 21st century. Crime is going digital because more and more commerce is going to be done online."

But not only businesses are at risk.

Last week, U.S. Deputy Defense Secretary John Hamre acknowledged to reporters that unknown hackers had launched a coordinated assault on at least 11 military U.S. computers in February, just as America was preparing for possible deployment to the Persian Gulf.

Hamre called the intrusions "the most organized and systematic attack the Pentagon has seen to date."

Hamre said the although the attacks breached systems that contained unclassified information such as payroll and personnel records, he still considers the matter to be "a very serious, long-term problem."

He added that the Defense Department had begun working closely with the Justice Department in order to track down and punish the individuals believed responsible for the attacks.

Last fall, a U.S. presidential commission studying ways to protect America's electronic networks concluded that the U.S. has a growing number of cyber vulnerabilities, some of which could seriously threaten U.S. national security.

The commission recommended that the government develop a broad program of public awareness and education about cyber threats, revise current laws regarding infrastructure protection and cyberterrorism, increase federal spending on the issue, and seek more cooperation between the public and the private sectors in identifying and prosecuting offenders.

But according to the CSI survey, the hardest part will be gaining the full cooperation of private companies and businesses.

Only 17 percent of the respondents admitted that they had reported the attacks to the authorities.

Why? More than 80 percent feared adverse publicity that would harm their business and said they wanted to try and handle the problem themselves.