Poor evidence taking lets off hackers

Few companies have the proper audit trails in place to get convictions against hackers, according to security firm NTA Monitor.

The company claims that its research shows firms failing to maintain log files adequately - and in some cases not bothering to switch the logs on at all.

Roy Hills, technical director at NTA Monitors, said companies do not turn on their logs because traffic gets monitored elsewhere, and because it uses up too much disk space.

"Other companies do log, but don't keep the records long enough," he added.

"I've seen several huge corporations where the log files are overwritten every 30 minutes. If they were attacked, there would be no record of what had happened.

"Then there are the people who are logging but not getting it right - like storing the information on public folders that hackers can access and easily cover their tracks."

Companies also forget time synchronisation, said Hills. A serious incident is likely to involve several different systems, but companies cannot piece together what has happened if they are unable to track from one log to another.

The Home Office is to review the existing Computer Misuse Act to see if it still provides enough protection against hackers and other problems.

But Hills said: "Most companies won't be able to supply the evidence needed to secure convictions, meaning criminals will get off scot-free despite any change in law."