jump to navigation

No chance of getting caught November 26, 2012

Posted by Mark Hillary in Current Affairs, Internet.
Tags: , , , , , ,
add a comment

A computer hacking group caused losses totalling millions to financial service companies such as Mastercard and PayPal according to this news report of an ongoing case at Southwark Crown Court.

What is striking about the case is that the defendants believed in the concept of safety in numbers – if many people made an attack together then it would be far harder for the law enforcement authorities to prosecute individuals – and there was no gain to be made from the attacks. It was really just a protest.

This stemmed from actions such as making anti-piracy statements, or organisations that had failed to support Wikileaks and therefore became targets for the hackers.

Taken more broadly there is a very serious risk for any business here that the tabloid news coverage fails to mention.

If a company can so easily be prevented from trading by loosely affiliated hacking groups with a very low chance of them being caught and punished then there is a serious commercial risk. Any business stating a view on piracy or freedom of information that upsets someone can be targeted easily. Even crude methods such as flooding a website with hits or messages can take down and disrupt a business.

Information security has long been an integral part of the business strategy for companies such as retailers taking online orders, but it seems now that almost any firm engaging in any online transactions needs to take this seriously – or face a sudden loss of business if they attract the attention of hackers.

Hacking

 

Photo by Miria Grunick licensed under Creative Commons

Hackers attack the Euromillions lottery October 29, 2012

Posted by Mark Hillary in Current Affairs, Internet.
Tags: , , , , , , , , , , , , , , , , , , ,
add a comment

Hackers attacked the French site for the Euromillions lottery last weekend. Visitors to the site hoping for a flutter found messages in both French and Arabic warning them of the evils of gambling – with a hacking group called ‘Moroccanghosts’ claiming credit for the attack.

Clearly a group of hackers with an ideological objection to gambling thought that the most effective way to get their message across would be to destroy the Euromillions website. But is this just the start of a wider trend?

During the Occupy demonstrations various hacking groups took pleasure in flexing their muscles by vandalising the websites of companies they had an issue with – usually a particular complaint such as tax avoidance. If a company were perceived to be dodging tax by shunting profit and loss around the world so tax could be paid in the most favourable locations then it would be fair game for an attack.

It’s now a serious risk for any company, even those who pay their taxes and look after their employees, because it doesn’t need to be ideologically disgruntled hackers that destroy an online corporate footprint – it could be rival firms or governments who want to cause maximum damage to the reputation of an organisation.

This has all led to IT security becoming a considerably more complex area than just a few years back where the focus was on virus and worm control. Now, industrial espionage doesn’t need to be performed by spies wearing black jumpers and carrying tiny cameras – if a corporate system is not secure, hackers can just go straight in through the virtual front door.

And even now, the law offers scant protection in this area. Of course it remains illegal to mount a hack on a corporate website, but when the attack can be launched from anywhere, can be automated, can be masked through various anonymous hops around the world, it’s one area of business where hoping for the law to help is no real protection at all.

Fingers crossed

 

Photo by Jaina licensed under Creative Commons

When is an outsourcing contract not a contract? July 23, 2012

Posted by Mark Hillary in Current Affairs, Government, IT Services, Outsourcing.
Tags: , , , , , , , , , ,
add a comment

The Olympic games is almost with us and as the sport has yet to being the media is trawling through every negative angle they can find. The latest is the failure of security firm G4S to supply enough guards on time – leading to the need for the games organising committee to use more police and army personnel than ever expected.

The Chief Executive of G4S has apologised profusely and admitted that the situation is a shambles – in his own words, but was his company really to blame?

When outsourcing goes wrong it is not always the supplier at fault. The London Organising Committee (LOCOG) for the games originally specified that 2,000 guards would be required. This is what G4S had always been planning for.

Only a couple of months ago this figure changed to around 10,000 guards – plus all the volunteers and other military personnel that were expected to also help. So the scope of the contract changed by at least 500% with a very short lead-time.

Nobody wants to explore this in too much detail right now – the games are upon us this week so the post-mortems will take place once it is all over, but it looks like a classic outsourcing dilemma. The client suddenly needs to ramp up and will offer an enormous bonus to the service provider, but if the provider felt any doubt about their ability to scale up so quickly then the honourable thing to do would have been to refuse the change in the scope of the contract.

All will be revealed once the games are over…

Wenlock

Phoot by Ken Jon Bro licensed under Creative Commons

 

Optimism for the future of sourcing November 23, 2011

Posted by Mark Hillary in IT Services, Outsourcing.
Tags: , , , , , ,
add a comment

There has been an air of optimism in the IT service provider community recently, quite at odds with what we all read in the press on a day-to-day basis. It seems that there is still a lot of work to be done in the international outsourcing community.

Partly, this is driven by the global nature of the market. Economies such as China and Brazil are becoming huge consumer cultures and growth there is creating a need downstream for more and more IT services – to support the retailers, logistics firms, and other industry sectors all experiencing strong growth.

But this optimism remains tempered by a sense of foreboding, that the IT services industry has to change if it is to grow and succeed in the long term. There is an emergence of some important new markets, being driven by what might be termed ‘mega-trends’ in society – trends that go beyond the geographic alone.

While some service firms can only hope for a recovery in retail or banking, it’s going to be these mega-trends that really shape the future of the industry.

First, the ageing population in developed ‘western’ societies. By the middle of this century it is estimated that fewer than half of all Germans will be economically active. The majority will be either elderly or children, neither contributing to government finances. So how can a developed country like Germany continue to expect economic growth at the same time as maintaining the existing social welfare standards – all with fewer people working and contributing to the economic welfare of the nation?

Second, sustainability is back on the agenda. European governments have been implementing a system of carbon reduction commitments that will force companies to audit and reduce their carbon use. This push from government will change corporate culture across the entire European region – and beyond.

Third, international terrorism is not going away just yet. We need better security systems that are smarter, and yet still affordable.

These three major trends are going to change the shape of IT services in future. But how many executives on the buy or sell side of the outsourcing equation have considered just how much their own marketplace might change this coming century?

Madrid 11 M

Cyber-crime doesn’t (always) pay July 29, 2011

Posted by Mark Hillary in Internet, IT Services.
Tags: , , , , , , , , , , , , , , , , , , ,
add a comment

If you have read the book ‘A few kind words and a loaded gun’ by former bank robber Noel ‘Razor’ Smith, you will understand how far the world has come from the days of blaggers charging into a bank branch with a shotgun and making off with a stack of cash.

Smith laments the amount of security measures attached to the movement of cash that now makes simple bank robberies almost impossible, and he notes that anyone carrying out such a crime today would be a fool. Cyber-crime offers the chance for greater riches without ever going near a gun.

All you need is a computer and some nous and you can commit various types of crime without ever leaving home. Fraud, organised crime, electronic espionage, IP theft, terrorism, activism, and even warfare can call fall under the wider label of cyber-crime and all can be perpetrated without much risk if you know how to cover your online tracks.

This all means that is it harder than ever to protect your company from criminals because there are now so many ways in which an attack can take place. Publishers may lose content to online thieves. Activists or terrorists may target your brand for attack with such tools as the dreaded denial of service attacks. Insiders can raid your company funds and misappropriate assets. The list goes on.

But the real point is that crime has now become virtual and hidden in the shadows. Mastering the technical skills of computer networks and the smooth-talking social engineering required to get passwords from the unwary now gives any unscrupulous hacker the keys to the vault.

Are we really prepared for this new era of crime?