The Adobe Flash Player is required to view this multimedia interactive. Get it here.

Hackers expanding their cyber efforts to steal information

Technology First hosted a day-long IT security conference at Sinclair Community College on March 11. Left to right: Larry Dukes Black Box Network Services, and Mark Flannery, Miller-Valentine Group talked during a networking break.

Ty Greenlees/Ty Greenlees Technology First hosted a day-long IT security conference at Sinclair Community College on March 11. Left to right: Larry Dukes Black Box Network Services, and Mark Flannery, Miller-Valentine Group talked during a networking break.

ENLARGE PHOTO

GE to hire 5,000 veterans, add 400 new manufacturing jobs
Updated 16 min. ago
Groundwater monitoring well offers clues to the health of local industry
7:29 a.m.
‘App economy’ job prospects booming
Updated 4 min. ago
Company builds success with high-profile masonry projects
2/11/12
Greene airport work could attract jobs
2/11/12
> More headlines

By John Nolan, Staff Writer Updated 8:10 PM Thursday, March 11, 2010

DAYTON — It isn’t enough for companies to protect their “crown jewels” — the computer repositories of sensitive business information — from cyber thieves. Corporations also need to be concerned about the inadvertent access their employees provide to company information through portable computers and handheld devices, computer security experts said Thursday, March 12.

Hackers can use those linkups to get access to sensitive information, said Rohyt Belani, president of Intrepidus Group, a New York-based risk assessment company.

Information technology professionals attending the Ohio Information Security Conference heard descriptions of various processes that cyber raiders from across the world have used to get into corporate electronic business systems. Technology First, the regional IT organization, sponsored the conference, which included workshops to provide updated information on security precautions.

Hackers often rely on trusting recipients of e-mails with innocent-sounding words to click on an attachment that lets the bad guys in, Belani said. The intruders use wording like “we need to verify your account information” or “IT password survey” to persuade recipients to provide passwords or other access information, he said.

Some hackers make visually similar copies of legitimate corporate Web sites to induce visitors to surrender access information, Belani said. A Web site with an additional domain name — the computer-identifiable cyber address — appended to it may be a bogus version intended as a trap, company officials said.

Thousands of consumers and businesses have been victimized. Industry estimates of the toll of identity theft, or loss of business-sensitive information, have run to $50 billion a year or more.

Google and Adobe were among more than 30 companies victimized in one wave of cyber attacks in January. Charter One Bank was victimized in a 2005 cyber attack that has become a case study.

Computer security processes need to be constantly updated because the bad guys figure out how to get through, or around, existing precautions, said Jim Hansen, an Intrepidus Group sales executive who was formerly a computer crimes investigator for the Air Force Office of Special Investigations.

“It’s the classic arms-race analogy,” Hansen said.

Share this article