Report: Internal cyberattacks more common

A new report finds that most of the Justice Department’s cybercrime-related prosecutions have centered less on external attacks, such as worms and viruses, and more on internal threats and authentication problems.

The report, “Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006,” tracks cybercrime prosecutions from 1999 to 2006. It states that on average, a cybercrime attack caused $3 million in damages. Most attacks occurred on home or laptop computers that organizations did not sanction.

The report was authored by information technology security analyst firm Trusted Strategies and commissioned by systems software developer Phoenix Technologies.

“Most of the attacks where big damage is done all come from users that obtain a valid user ID and password,” said Bill Bosen, founding partner of Trusted Strategies. Such intrusions could occur intentionally when users — such as disgruntled employees — take advantage of their privileges for abuse or unintentionally via user error, such as poorly storing information or accidentally exposing it.

Keren Cummins, public-sector vice president at Phoenix, said secure authentication could be a possible solution for as much as 85 percent of reported crimes.

“A very significant number of these crimes would have been prevented if device identity and user identity verification was present,” she said.

Although Cummins said she does not believe that the report indicates a trend in how criminals commit cybercrimes or how DOJ handles them, it does offer a good indicator of the scope of the threats that you would find by flipping through CNN.

“It characterizes the worst that can happen,” she said. “While it may not be a great predictor of the likelihood of a crime, it’s a good predictor of what could happen.”


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected