Hacker attackers
by Michele Petry
BIO AND CONTACT INFO
Are you doing all you need to do to guard against hackers? How great is the risk of computer hacks? The federally funded Computer Emergency Response Team (CERT) reported that attacks are up sharply. In 1998, 3,734 were reported. The number increased to 9,859 in 1999 and more than doubled during 2000. The number of successful, reported computer attacks for 2000 was 21,756.
To ensure that your institution is prepared to react to an incident efficiently, make sure your staff knows who is responsible for cyber security and how to reach them. The following steps will help you document an incident and assist federal, state, and local law enforcement agencies in their investigation (be sure to act in accordance with your organization's polices and procedures):
- Preserve the state of the computer at the time of the incident by making a backup copy of logs, damaged or altered files, and files left by the intruder.
- If the incident is in progress, activate auditing software and consider implementing a keystroke monitoring program if the system log on the warning banner permits.
- Report the attack to the National Infrastructure Protection Center (NIPC) or CERT Coordination Center If you have reported the incident, consider authorizing the release the incident information to law enforcement. This will provide an excellent synopsis of what happened.
The NIPC Incident Report Form is located at:
http://www.nipc.gov/incident/cirr.htm
The CERT/CC Incident Report Form is located at - Document all losses your organization suffered as a result of the incident. These could include the
- estimated number of hours spent in response and recovery. (Multiply the number of participating staff by their hourly rates.)
- cost of temporary help
- cost of damaged equipment
- value of data lost
- amount of credit given to customers because of the inconvenience
- loss of revenue
- value of any "trade secret" information
- Contact law enforcement and
- provide incident documentation
- share information about the intruder
- share any ideas about possible motives
Filing a SAR
Banks who have experienced an attack or suspect any improper access to their computer systems, are also required to file a SAR, in accordance with guidance issued by the FDIC. If a reportable offense is detected, a financial institution should check Box 37r, marked "Other," and describe as completely as possible in Part VII, the narrative section of the SAR, the nature of the illegal or suspicious activity.
Contact Information
To initiate an investigation, contact your local FBI office or the appropriate federal, state, or local law enforcement agency. To report an incident, call the NIPC Watch and Warning Unit at 202-323-3205. For further information, see the NIPC home page: http://www.nipc.gov.
First published on BankersOnline.com 4/30/01