Hacking-Economic Espionage Aksana Chornenkaya, Sherin Hassan, & Meagan Moore
Goals of Presentation • Explain how cyber hacking and economic espionage has evolved over the past century • Examples of hacker groups • Examples of victims of hacking and economic espionage • Acts and Regulations • Prevention
Importance • Importance to accounting students and business professionals. • Huge threat to companies, domestic and global. • Growth of technology and reliance on information-based systems.
What is a Hacker? “A person who finds weaknesses in a computer system and exploits it.” “Someone involved in the exploration of technology.”
Hacker Groups • Warelords • Midwest Pirates Guild • 414’s • Legion of Doom • Many more…….
Computer Fraud & Abuse Act • Until it was passed, breaking into computer systems was not an illegal or criminal act. • Passed by Congress in 1986 • Hacking IS a CRIME!!!!
Operation Sundevil • Operation Sundevil - 1990 • Secret Services began raiding and arresting hackers • Involved in credit card theft, telephone and wire fraud
Evolution of Hacking • DOS attacks • Viruses • Malware - Worms
Types of Hackers • Black Hat Hackers – Malicious • White Hat Hackers – Ethical hackers • Grey Hat Hackers
Effects of Hacking on a Co. • Misappropriation of assets • Inventory theft • Insider trading • Credit card fraud • False invoices • Revenue misstatement • Expense account abuse
Importance for Accountants • Accountants must be aware of the threats • Internal auditors must develop processes and controls to prevent hacks • Must work with external auditors to identify security controls • Advances in technology increased opportunities for fraud
Motivation for Economic Espionage • Fierce competitive pressures • Improvements in eavesdropping technology • Weakest link: Employees
Most Publicized Cases • Toshiba vs. Lexar • Davis vs. Gillette • Reuters vs. Bloomberg
Economic Espionage Act • Passed in 1996 • Failed to curtail the problem • Companies were reluctant to seek prosecution
Ways to Reduce Hacking and EE • SOX Section 404 • Proactive and reactive approach • Strong internal auditing department • Strong IT controls • Physical access controls • Employee training
In Conclusion Companies that implement strong IT controls, physical access controls, nondisclosure agreements and background checks make it harder for hackers or employees to breach systems and acquire proprietary information.