xxviii Malicious Coders
hacker threat should be considered in terms of past and potential future
damage. Although current losses due to hacker attacks are significantly
smaller than losses due to insider theft and sabotage, the hacker problem is
widespread and serious. One example of malicious hacker activity is that
directed against the public telephone system (which is, by the way, quite
common; the targets are usually employee voice mailboxes or special “inter-
nal-only” numbers allowing free calls to company insiders). Another com-
mon method is for hackers to attempt to gather information about internal
systems by using port scanners and sniffers, password attacks, denial-of-ser-
vice attacks, and various other attempts to break into publicly exposed sys-
tems like file transfer protocol (FTP) and World Wide Web (WWW)
servers. By implementing efficient firewalls and auditing/alerting mecha-
nisms, external hackers can be thwarted. Internal hackers are extremely dif-
ficult to contend with, since they have already been granted access.
However, conducting internal audits on a frequent and recurring basis will
help organizations to detect these activities.
Malicious Coders
Malicious code refers to viruses, worms, Trojan horses, logic bombs, and
other “uninvited” software. Although it is sometimes mistakenly associated
only with personal computers, such types of malicious code can attack
other platforms. The actual costs that have been attributed to the presence
of malicious code most often include the cost of system outages and the
cost of staff time for those who are involved in finding the malware and
repairing the systems. Frequently, these costs are quite significant.
Today, we are subject to a vast number of virus incidents. This fact has
generated much discussion on the issues of organizational liability and
must be taken into account. Viruses are the most common case of mali-
cious code. In today’s modern computing platforms, some form of antivi-
rus software must be included in order to cope with this threat. To do
otherwise can be extremely costly. In 1999, a virus named Melissa was
released, with devastating results [15]. The Melissa virus caused an esti-
mated $80,000,000.00 in damage and disrupted computer and network
operations worldwide.
Melissa was especially damaging, as viruses go, because its author had
deliberately created the virus to purposely evade existing antivirus software
and to exploit specific weaknesses in corporate and personal e-mail soft-
ware, as well as server and desktop operating systems software. Melissa
infected e-mail and propagated itself in that infected state to 50 other e-
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
