When asked why he kept robbing banks, the legendary Willie Sutton reportedly replied, "Because that's where the money is."
The Willie Suttons of today have a different target. "The money today is inside the computer," said Donn B. Parker, a computer crime consultant with SRI International. "The computer has become the vault for small business."
Parker testified Thurday before a House antitrust subcommittee on how small business is threatened by the potential rise in computer crime.
"Computer crime will be a much higher proportion of business crimes over the next few years," said Parker.
Estimates on the impact of computer theft vary widely--from $100 million to $40 billion. The Justice Department and others are conducting studies to determine the scope of computer crime.
In the past, multi-million-dollar computer crimes at large companies have captured the headlines and media attention. However, today's rapid proliferation of personal computers and the desire of many small businesses to computerize their operations have combined to create a new level of opportunity for the computer criminal, Parker testified.
He said that small business is particularly susceptible to such crime because it lacks the awareness and expertise to cope with the problem.
Parker and others in the fledgling field of computer forensics were testifying in support of a bill sponsored by Rep. Ron Wyden (D.-Ore.) to establish a task force to assess how computer crime might affect small business. The bill is similar in intent, but not in scope, to legislation proposed in the last Congress that sought a federal task force to explore computer crime questions.
Experts say that the successful computer crime need not involve an actual computer manipulation of money but, rather, a simple manipulation of valuable information.
"If I were a computer criminal, I wouldn't steal a company's assets," said Peter Keen, a consultant who did not testify. "Assets are audited. I'd steal information that wasn't audited--corporate strategy memos, memos on salary raises. Then I'd turn around and sell it."
Keen said that small businesses may be particularly vulnerable to this kind of abuse because the cost of implementing effective security measures may be thought to outweigh the advantages of getting the computer in the first place.
Wyden cited the example of a small company victimized by a dismissed employe who had programmed a digital "time bomb" in the firm's computer: Six months after he left, the company's accounts receivables all vanished from the computer's memory, leaving it "with no record of who owed it money . . . despite placing advertisements in the local paper, it was forced to close its doors," said Wyden.