Frank Abagnale, whose life was the subject of the Steven Spielberg movie, Catch Me If You Can, recently gave a keynote presentation on his life as an imposter and fraudster at the Storage Networking World conference in Grapevine, Texas. He said that the biggest security risk in any organisation is the people who work there. Abagnale also believes that technology has made fraud a lot easier.
Abagnale - now a lecturer and consultant who works extensively with the FBI and other clients - also spoke to IDG about ethics, computer crime and security risks faced by IT professionals.
Here are some excerpts from that Frank Abagnale interview:
Suppose you'd been born in 1980. How much of what you got away with 40 years ago do you think you'd be able to get away with as a 17-year-old today? It would be 4,000 times easier to do today, what I did 40 years ago, and I probably wouldn't go to prison for it.
Technology breeds crime - it always has, it always will. When I forged cheques 40 years ago, it required a $1 million printing press that required three journeymen printers to operate. I had to build scaffolding on the side of it so I could operate it by myself. There were colour separations, negatives, plates, typesetting chemicals.
Today, I sit down at a laptop, pick any company I want, go to their website, capture their logo, like American Airlines. I put it up on a cheque with a 747 in the background taking off. Fifteen minutes later, I have the most beautiful American Airlines check you've ever seen - probably 10 times better than the cheque American Airlines uses.
Forty years ago, I wouldn't know who signs American's cheques; I wouldn't know where American Airlines keeps its accounts payable account. Today, I would just call their accounts receivable, ask them for their wiring instructions. They'd tell me where they bank, on what street in what city, what their account number is.
I call back and ask for a copy of their annual report, and on page three will be the signature of their chairman of the board, the CEO, the CFO, the treasurer. I scan it onto glossy white paper, with camera-ready art - and I have the cheque. A world of too much information and the technology make it very easy to do today what I did 40 years ago.
Do you think there's much similarity between what drove you and whatever it is that drives a 17-year-old hacker today? No, mine was strictly a matter of survival. I was a kid who ran away from home at 16 and ended up in New York. A lot of people back then got into Haight-Ashbury, the hippie scene, the drug scene. No one was going to hire a 16-year-old, so I started out by lying about my age in order to secure a job.
One thing led to another and it became more of a case of people were after me, so I had to stay a step ahead of them. I don't think I was out to set any goals or to make X amount of money. I was very creative, so it became more of a game as time went on.
Is there anything we can do to make illicit computer-related activity a less attractive pursuit for young people? There are about four reasons why we have crime to begin with. One of them is, of course, that we live in an extremely unethical society. We live in a society that doesn't teach ethics at home, a society that doesn't teach ethics in school because the teacher would be accused of teaching morality.
We live in a society where you can't find a four-year college course on ethics. I have three sons who went through graduate school; only the one who went to law school had a course even offered on ethics. So today you have a lot of young people who have no character, no ethics and they find no problem in defrauding somebody or stealing from somebody or cheating somebody. Until we change that, crime is just going to get easier, faster, more global, harder to detect.
I've spent 32 years at the FBI, and I've witnessed crime only got a lot easier to do. Obviously, there's a lot less threat of being caught. When I was caught, I was just a teenager, and they sent me to prison for five years. Today, I'd probably get probation and community service; I might get 18 months and serve six months in jail. So there really is no threat of going to prison to keep somebody in line.
I really think the more technology there is in the world, the more you have to instill character and ethics. You can build all the security systems in the world; you can build the most sophisticated technology, and all it takes is one weak link - someone who operates that technology - to bring it all down. People don't like to talk about that issue, because they think it's over-simplified. But the fact is, in all my experience, that's where the problem lies. Until that changes, crime is always going to be with us.
Any thoughts on how we can bring that change about? I think you need to bring character and ethics back into schools, and you certainly need to bring it back into colleges and universities as part of a curriculum. Only about half of Fortune 500 companies even have a code of ethics or code of conduct. The ones that do have one publish it every five years on an inside page of their annual report to appease their shareholders.
So, obviously, there's no big effort out there to bring about that change. Rutgers just finished a five-year study that found that 56 percent of MBA students cheated.
There are really no con men anymore like there were in my day, because you really don't have to associate with anyone. You don't have to be well dressed and well groomed and well spoken. Everything's done on a computer; there are no witnesses. So even if you know who's doing it, you probably don't have the ability to go capture them. Chances are you have no idea what they look like; they can sit in their pajamas and commit all these crimes.
Next page: the global fight against cybercrime > >