“Good evening ladies and gentleman, my name is Will and I’ll be your hacker this evening.”

With that, former Canadian military intelligence officer Will Lorimer got cracking on a live demonstration showing how easy it is for a company’s essential data to be compromised by an intruder or a disgruntled employee.

The attack on a simulated Linux server — which took Lorimer mere minutes to penetrate — was demonstrated last week at the Alastair Ross Technology Centre during the official introduction of two new proposed computer security certificates to be offered through the University of Calgary’s faculty of Continuing Education.

“A lot of companies think because they are small, they won’t be a target,” said Lorimer, a senior security consultant with JAWZ Inc. who cut his chops on electronic warfare and intelligence in the Canadian military.

Lisa Dempster, Business Edge
Will Lorimer of JAWZ Inc., which will provide content for new security certificate programs offered by U of C.

“Many don’t realize the need for security until they’ve been broken into, and they realize just how much it’s going to cost them.”

JAWZ Inc. is providing content for the new e-security certificate programs, which include a computer security architect certificate and a computer security technician certificate course. Earlier this year, the Toronto-based company pulled out of a planned $1.5-million e-security centre to be built at the technology centre in University Research Park, but is supplying instructors and curriculum for the information security courses.

Tom Keenan, dean of the Faculty of Continuing Education, said the new courses will help make Calgary a world-class centre in information security. The courses will prepare future information technology specialists to deal with cyber-terrorism, hacking, risk assessment and firewall/intrusion protection, he added.

“Security has moved front and centre in business,” said Keenan.

“Not protecting your infrastructure in terms of information and security is going to be a new form of malpractice. A few years from now, just as doctors are accused of malpractice, information security or information technology people who don’t protect their infrastructure are going to be accused of that.”

Experts estimate up to 80 per cent of all hack attacks are perpetrated by company insiders. Web sites of large companies such as Yahoo and eBay Inc. have fallen victim to hackers, while others have had their Web sites sites defaced or targeted by other forms of electronic graffiti.

Lorimer demonstrated how it takes just a few seconds for a hacker to gain the information he or she needs to penetrate a system and hit a motherlode of credit card or social insurance numbers, payroll details and other highly sensitive files. If an intruder can crack the administrative or supervisor password, “they have absolute control of the system,” he warned.

Getting in and out of a system quickly before detection is paramount, but usually not before the hacker poaches some company intelligence.

“In the military, it’s not enough to take the hill, you have to consolidate your position. It’s the same with a hacker,” Lorimer added, noting hackers often set up dummy accounts or add themselves to an administrator’s system for easier future access.

Meanwhile, the federal government is also investing in computer security learning by funding a new project to design, test and market an affordable online training course on computer crime awareness.

The $200,000 funding for the project, announced earlier this month, is through the federal Office of Learning Technologies at Human Resources Development Canada.

The program is designed to help systems analysts, police investigators and corporate security members better deal with computer and Internet crime.