A Marine friend once gave me a copy of “Murphy’s Laws of Combat.” Three laws were underlined: “The important things are always simple. The simple things are always hard. The easy way is always mined.”
Apparently, the person responsible for security at Autotote Systems never heard of Murphy. The easy way to his company’s data certainly wasn’t mined. Autotote’s betting network apparently was hacked by one of its own employeesif opening an unlocked digital door can be called that.
Forget about the script-kiddies, denial-of-service attacks and Web site defacements. New intelligent routing technology from companies such as RouteScience, and “edge delivery” and site-staging services like those from Akamai and Inktomi, make these kinds of attacks increasingly irrelevant to large organizations.
No, the real threatas demonstrated by Autototecomes from within. Most worrisome, according to Marcus Sachs, director of telecommunications infrastructure security at the White House’s Office of Cyberspace Security, is subversion of the data within electronic business processes, either to cause disruption or for personal gain.
Why is a federal cybersecurity officer worried about the protection of corporate databases?
Because money stolen from companies such as Off-Track Betting is money that can be used to sponsor terrorist and other nefarious activity. Terrorists already have used electronic fraud to finance their operations; al Qaeda appears to have used credit card fraud and identity theft to help fund its activities throughout the world
And apparently, it wouldn’t take much for them to add a company like Autotote to their list of victims. Chris Harn, a senior software engineer at the company, is alleged to have used his access to transaction information in the company’s wagering system to fix the Off-Track Betting “Pick Six” bets of a fraternity brother in October.