Interesting People mailing list archives
IP: DoJ security handwave - "The hackers are coming! The hackers are coming!"
From: Dave Farber <farber () cis upenn edu>
Date: Wed, 20 Jan 1999 01:58:02 -0500
Date: Tue, 19 Jan 1999 18:28:40 -0800 From: mech () eff org (Stanton McCandlish) I find this ironic in light of the clear message our DES Cracker victory just sent - again - to the DoJ/FBI. http://www.wired.com/news/news/technology/story/10605.html <begin excerpt> US Attorney General Janet Reno unveiled a program today to establish a new command center to fight "cyber attacks" against the nation's critical computer networks. The $64 million center would reportedly unify existing federal computer security efforts to investigate computer penetrations of banks, the military, and other core systems. But computer security experts sharply criticized Reno's plan as short-sighted, noting that she is deflecting responsibility for a very serious situation away from software vendors and the widespread lack of education about basic computer security safeguards. [...] "Perhaps this is a con game," said Peter Neumann, principal scientist with the computer science lab of SRI International, a research and consulting company. "You put out a system with miserable protection and hope that someone breaks it" Neumann said. "Then you can ask for millions of dollars more to perform further palliative protections, rather than getting to the core of the problem - significantly ratcheting up the security of the infrastructure." [...which would require yielding to industry pressure on the crypto front...] Neumann linked the Justice Department's current concerns on cybercrime to the government's ongoing efforts to implement mandated "key recovery." Under that scheme, law enforcement would be given access to the secret keys that would decrypt encrypted information online. Federal officials have promised that such keys, potentially worth hundreds of millions of dollars, would be stored in secure facilities. "The real irony of all this is that we are being told that there are no undue risks in key-recovery crypto systems," Neumann said. "If our infrastructure is this bad, how can anyone hope to protect what is perhaps most critical, namely, the crypto keys!" he said. [end excerpts.] The article also recounts that the main focus of the DoJ effort will be to simply track down the crackers (or try to). Operation Sundevil II, anyone? A related article at http://www.wired.com/news/news/politics/story/15643.html continues: [begin excerpts] [...] National Infrastructure Protection Center. NIPC is designed to fend off threats to the nation's banks, transportation networks, power and water resources -- and [...] military networks. By employing the collective muscle of several intelligence and law enforcement agencies, NIPC (pronounced "nip-see") can conduct investigations that would normally be beyond the scope of a single agency. [...] Security experts warn that there is a clear distinction between kids that crack Web sites for fun and cyber terrorists trying to cause serious damage. But for Michael Vatis, an associate director of the FBI who's serving as NIPC's director, the distinction is irrelevant. [....] Vatis would not comment on any case under investigation by NIPC. Chameleon [a teenage hacker suspect] wasn't as reticient, however. In his account on the computer security site AntiOnline, he said that the FBI had been watching his house, tapping his phone, and monitoring his Internet connections for months. [...] When fully staffed, NIPC will employ 125 at the FBI headquarters in Washington, and another 300 to 400 around the country. The center will also run a multimillion dollar computer system that will house a massive national infrastructure security database. [...now for the ironic part...] The center will also serve as the nation's security adviser, instructing both government and private institutions on security and software purchases, according to Vatis. [... we now return you to the scary stuff...] "We need to be able to communicate in real time with other agencies and we need to be capable of sophisticated analysis and display of information," [...] In practice, [their e-forensics] process would involve installing surveillance sensors on high-profile Web sites that are commonly targeted by crackers. That information could be stored and later analyzed. [...] But [one hacker/security consultant] accuses Washington of indulging in unwarranted hysteria. "There are two [Internet] buzzwords in government right now: pedophile and terrorist. "And any law or any measure taken against these two groups seems be condoned by the public," he said. "It's the '90s equivalent of McCarthy's stand against communism. We need to distinguish between hackers and cyber terrorists." [End excerpts] Let the witch hunts begin. -- Stanton McCandlish mech () eff org http://www.eff.org/~mech Program Director, Electronic Frontier Foundation voice: +1 415 436 9333 x105 fax: +1 415 436 9333 ICQ: 16631335 PGPfone: 204.253.162.21 ICQ Pager: http://wwp.mirabilis.com/16631335#pager
Current thread:
- IP: DoJ security handwave - "The hackers are coming! The hackers are coming!" Dave Farber (Jan 19)