Report: Internal cyberattacks more common

A new report finds that most of the Justice Department’s cybercrime-related prosecutions have centered less on external attacks, such as worms and viruses, and more on internal threats and authentication problems.

The report, “Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006,” tracks cybercrime prosecutions from 1999 to 2006. It states that on average, a cybercrime attack caused $3 million in damages. Most attacks occurred on home or laptop computers that organizations did not sanction.

The report was authored by information technology security analyst firm Trusted Strategies and commissioned by systems software developer Phoenix Technologies.

“Most of the attacks where big damage is done all come from users that obtain a valid user ID and password,” said Bill Bosen, founding partner of Trusted Strategies. Such intrusions could occur intentionally when users — such as disgruntled employees — take advantage of their privileges for abuse or unintentionally via user error, such as poorly storing information or accidentally exposing it.

Keren Cummins, public-sector vice president at Phoenix, said secure authentication could be a possible solution for as much as 85 percent of reported crimes.

“A very significant number of these crimes would have been prevented if device identity and user identity verification was present,” she said.

Although Cummins said she does not believe that the report indicates a trend in how criminals commit cybercrimes or how DOJ handles them, it does offer a good indicator of the scope of the threats that you would find by flipping through CNN.

“It characterizes the worst that can happen,” she said. “While it may not be a great predictor of the likelihood of a crime, it’s a good predictor of what could happen.”