Another favorite is to research whatever the target company is running for external facing hardware or appliances -- perimeter firewalls, antispam devices, email gateways, and so on. They may be fully patched when you first look, but write down the version numbers and tell one of the many vulnerability services to alert you when a new patch comes out. The fastest any company patches their stuff is usually measured in days to weeks. Again, it's easy pickings. And remember, I'm not that good.
Low risk, high payoff
I'm bored by stories of how this or that company was successfully hacked and came away with a laundry list of lessons that are entirely wrong. "Company X had weak passwords, unpatched software, clueless employees" -- or fill in any other problem. "The company vows to do thus-and-thus to prevent it from happening again."
Truth is Company X can't stop it from happening again. After spending all the money it has on fixing the problem, the real, underlying issues remain: Bad guys rarely get caught. Solve that problem and you solve all the others.
There are lots of bad people in this world, people who want to hurt others, take their belongings, and enrich themselves illegally. What stops most of them is the question of how not to get caught. In the real world, if you commit a significant crime, it is likely that you'll be nabbed and face real consequences. Sure, plenty of people get away, but the vast majority of criminals conducting significant crimes are found out -- not so on the Internet.
While we're pointing fingers at problems such as inaccurate antivirus products, permeable firewalls, unpatched products, and gullible employees, we're missing what really enables Internet crime to flourish. Rob a real bank, get away with a few thousand dollars, and you'll likely be arrested and go to jail. Steal tens of millions of dollars off the Internet, and almost always walk away a rich person without any likelihood of discovery.
Fix the Internet, already
The No. 1 reason why the Internet is such a dangerous place is the lack of accountability. Solve that problem and you significantly diminish Internet crime. What blows me away, year after year, is that we can create workable solutions today. We have the protocols. We have the knowledge. We have the ability to integrate every bit of today's wild Internet into tomorrow's significantly safer Internet without missing a beat or charging more money. All we need to do is put a few bright decision makers into a room for a few weeks and tell them not to come out until the new standards are created.
I'm not lying or exaggerating when I say it's truly that easy. Anyone who tells you different is overly complicating the problem and being blinded by decades of battling the odds.
It slays me that we're losing hundreds of millions of dollars to Internet crime every year. My parents' computer is not safe. My kids' computers are not safe. The companies that have my credit card information and medical information are not safe. And we could change it in a day instead of pointing fingers at each other and acting like there's nothing we can do.
I've been writing this exact same column topic for nearly five years, and I write this same message at least two or three times a year. My fear is that in another ten years, I'll still be doing it.
This story, "Everything is hackable -- and cyber criminals can't be tracked ," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.