Author: Peter Lilley
ISBN No: 0-7494-3874-6
Review date: 16/12/2025
No of pages: 290
Publisher:
Year of publication:
Brief:
Hacked, Attacked and Abused - Digital Crime Exposed. Expert Advice on how to make your computer system secure, by Peter Lilley (Kogan Page, 2002).
In the Digital Age, it pays to be paranoid. That’s a paraphrase of the end of one chapter of Peter Lilley’s new book on digital crime – Hacked, Attacked and Abused. Mr Lilley’s background lifts this book above an alarmist trawl through internet hacking and fraud cases that have reached the public domain. His previous book Dirty Dealing, on money laundering, was reviewed in our February 2001 edition. That he has turned to hacking of digital systems shows how any investigator and preventer of fraud cannot avoid computers. What’s more, computers are the business of any organisation’s security manager – as Lilley points out, there are inherent risks in giving staff access to data on computer. Yes, if your computers are hacked (whether by an angry employee or intruder – we’ll come to that), the technological response is to make sure that holes in security are plugged. But you also have a business crisis on your hands, and security issues that a pre-computer age security manager would recognise – satisfying customers, recovering stolen funds and information, acting on suspicions that insiders are involved. If you only have time to skim the book, concentrate on the eight-page preface. Lilley reviews the risks in the Digital Age – the internet is a Pandora’s box, grasped by everyone from terrorists to money launderers; we can spy, and be spied upon, every click of our PC; computers, mobile phones and so on are changing our lives at a drastic rate and law enforcers are not keeping up with the hackers and criminals. ‘It continually strikes me that we do not realise the fault lines that we tread on each day when entrusting our communications, personal details, confidential material or whatever else to technology.’
<br><br>
In the Digital Age, crime will change beyond recognition, Lilley argues: ‘Technology is an ideal forum for crime,’ he writes. It leaves no traces, it can be anonymous, and there’s no customs controls to cross. To take away $10m you need (Lilley assures us he has no personal experience of doing this) two heavy suitcases. To steal that money digitally, you just move the figure one and seven zeroes from one place in cyberspace to another. This has profound implications for the financial world. If you or I bank over the internet, by phone and e-mail, where does that leave a bank’s Know Your Customer procedures’
<br><br>
That said, he is sceptical of ‘information warfare’ – enemies striking at a nation in some kind of ‘electronic Pearl Harbor’. He points out that the 9-11 attackers used the most basic of tools; and why go to the trouble of hacking into a computer network if you can steal someone’s laptop? As for threats from within, Lilley agrees that staff can pose a big risk, but warns against ignoring the dangers from outside. He lists some basic principles – vet all staff, and anybody who can access your systems, including associates and contractors. Monitor what you are doing – yesterday’s effective control may not be so today – and have a written policy.Don’t forget physical security (something Lilley could have made more of, as he points out that we use more paper these days, though we are supposed to be in a paper-less age). One useful point of his is ID badges – do they have a photo, name and employee number? If staff wander around with the badge still on, after work, someone who really wanted to could remove it or take down the details.There’s a formidable 20-page chapter of check-lists to deal with risks – staff, hardware, home computers – and how to handle an incident. A full third of the book is appendices – a handy glossary, useful websites, and cyber-laws worldwide, including the 2001 Council of Europe Convention on Cybercrime.
It’s not difficult to find examples of governments and suppliers of technology who don’t understand these risks, or react too late, and Lilley quotes many from Microsoft down. Hence there’s a depressing theme through the book of even the hackers who have been caught having a short prison term, or no prison at all. Lilley is good at showing us the speed of change – and how security people have to keep up as much as anybody else.
Thanks to the internet you can go on a worldwide shopping spree with someone else’s credit card, break into a bank’s security system, plan a demo in another country and hack into the Pentagon. So points out Yvonne Jewkes, lecturer in criminology at the University of Hull, and editor of a book out soon from Willan Publishing, called Dot.cons – crime, deviance and identity on the internet. Chapters cover policing and surveillance in cyberspace, prostitution on the internet, identity theft, cyberstalking, and digital counter-cultures. The 256-page paperback costs £18.99. ISBN 1-84392-000-X.
