Hackers warned to be aware of 'Matrix' tricks!

21 May 2003

Viewers of the new box office blockbuster "Matrix Reloaded" should not be tempted to emulate the realistic depiction of computer hacking, warns BCS.

Many computer experts are sufficiently concerned over the accuracy of some of the computing scenes in the film to alert young computing enthusiasts of the illegality of hacking and of the tough prison sentences that are now being handed out to perpetrators of this serious crime.

IT lawyer for the BCS Information Security Specialist Group, Charlotte Walker-Osborn comments: "The Computer Misuse Act has always had teeth, as was shown when a British hacker was sentenced recently for two years, the strictest sentence yet. The legislation currently being debated seeks to further strengthen the law in this area. The fact that in the past there have not been a high number of prosecutions under the Computer Misuse Act has generally been attributed to both a lack of reporting and insufficient resources for investigations, the second of which appears to be being addressed on an ongoing basis; the first of which will become less of an issue as prosecutions in this area become more common."

BCS members of the Scotland Yard Computer Crime Unit add "Hacking is a criminal offence contrary to the 1990 Computer Misuse Act. The Metropolitan Police are targeting and arresting those who gain unauthorised access to computer systems and Courts are increasingly handing out stiffer sentences to those convicted of these types of crime. Although Hollywood likes to glamorise hacking, and this movie would appear to be more accurate than many by showing the use of actual network mapping software, it should not be as simple as it can be made to appear. From a security point of view being pro-active in securing your network will make being the victim of a hacking incident less likely. Effective monitoring of all applications running and ensuring they are all patched to the latest version will deny the hacker an easy route of entry." Detective Constable Andy Cookson advises.

It was reported in a recent BCS study that the majority of British companies are still failing to fully address IT security risks. Many IT departments are poorly prepared to deal with the aftermath of a terrorist attack or a virus getting past their software defences.

BCS Information Security Specialist Group President Phil Phillips believes that whilst some forms of hacking are almost impossible to prevent, there are many simple things organisations can do to ensure its systems are secure: "Hackers seek to exploit well-known weaknesses in systems, operational procedures and user awareness; suppliers offer updates that can minimise many common methods of exploiting their systems but these have to be applied correctly and tested and maintained, often a difficult business challenge. Operational procedures also need to be tested for correctness and for weaknesses and maintained as business and technology evolve constantly. In the face of this rising tide of assaults on systems it is essential to recognise how and where risks can occur and to prioritise and address measures to prevent, detect and minimise the impact on your business and the people who rely on you.

"A regular, thoughtful review of your business for risks (of all types) coupled with adoption of what are often simple, obvious, protective measures can enable you to go home in the evening, comforted by the thought that the hacking events in the "Matrix" genre of films has been considered and where appropriate, addressed."

For further information please contact the BCS Press Office.