Security: Case Study -- On-Line Crime (Part 1)
In February 1995 Jennifer Lawton, cofounder and CEO of NetDaemons Associates, in Boston, received a disturbing phone call from an Internet service provider. The man on the phone accused Lawton of breaking into several Internet sites. Flabbergasted, Lawton told the man he was crazy. She couldn't believe that any of the 14 employees at NetDaemons, which outsources computer-network support and is also an Internet security consultant, could be hacking into other people's sites. But when Lawton and her partner, cofounder and chief technical officer Christopher Caldwell, took a look, their worst fears were confirmed: someone had broken into their system and, from there, launched attacks on several computer systems, including those of some of their clients.
For the next six months, Caldwell dealt with the repercussions of the break-in. His investigative work, in cooperation with the Secret Service, would eventually help put a ring of eight hackers in jail. The hackers had been on a rampage, stealing credit-card numbers and cellular-phone IDs and then selling the information over computer bulletin boards. NetDaemons was only one of several places hit.
At the time of the break-in, NetDaemons was using a minimum of security: free software, downloaded from the Internet, which was run monthly to check for break-ins. Ironically, Caldwell was considering beefing up security when the hackers struck. Chastened by the break-in, Lawton and Caldwell promptly spent $5,000 on a firewall, a piece of software installed on their local area network (FireWall-1 from CheckPoint Software Technologies; contact CheckPoint at email@example.com or call 800-429-4391 for information). The firewall acts as a protective gateway to the external world. Now NetDaemons takes its own computer security as seriously as it tells its clients to take theirs.
"A lot of small companies try to cheap out by using free software," says Lawton, speaking from experience. In addition to putting all the companies NetDaemons does business with at risk, cutting corners cost Lawton and Caldwell thousands of dollars' worth of lost hours spent restoring client sites and working with the Secret Service (10 hours a week for several months). Considering those costs, Lawton now thinks investing in a firewall is well worth it, even for her small, $1.5-million company. Before their arrest, the hackers continued to try to break in and were stopped by the firewall each time.
Lawton and Caldwell now use the incident to stress to their clients why firewalls are so essential. "When I talk to my clients about security, I talk about downtime," says Lawton. "An hour of downtime can cost thousands of dollars." The break-in gave NetDaemons the push it needed to take security seriously. "We took some of our own medicine," Lawton concedes. -- Sarah Schafer