Information Security News mailing list archives
Cracker Jacked!
From: William Knowles <wk () C4I ORG>
Date: Mon, 6 Nov 2000 18:03:43 -0600
http://www.zdnet.com/intweek/stories/news/0,4164,2650218,00.html By Rory J. O'Connor, Interactive Week November 5, 2000 8:23 PM ET The most noteworthy aspect of the computer intrusion against Microsoft in late October may be that, in this case, someone might actually be caught and charged with the crime. If not, Microsoft will simply have become the latest, albeit high-profile, victim of a legion of crackers and other computer criminals who, for the most part, perform their perfidy with impunity. Despite the investment of millions of dollars in federal and state law enforcement efforts, the number of open computer crime cases at the Federal Bureau of Investigation is growing far faster than the agency can solve them. While many of the crimes are still in the nuisance category, the imbalance between cop and cracker appears likely to continue until a number of significant changes occur on both the enforcement and prevention fronts. "When you talk law enforcement, they really are behind the power curve," said Frank Cilluffo, director of the information assurance task force at the Center for Strategic and International Studies, a Washington, D.C., think tank. While some experts said authorities stand a reasonable chance of nabbing the Microsoft crackers because the attack was amateurish, there are thousands of other computer crimes for which nobody has or likely will be caught. Even as the FBI is warning against the Internetwide spread of political cracking attacks in the Middle East, computer crime remains a long step ahead of efforts to fight it. "There's been an avalanche of cases because the Internet has mushroomed in the past four or five years," said Christopher Bubb, New Jersey's deputy attorney general, the state's chief computer crime prosecutor. "To the extent that law enforcement is dealing with it, we're doing it in a reactive mode, trying to assess the greatest threats, deal with them and try to catch up." The FBI was unable to provide an official for interview by our deadline. Also, a spokeswoman at the agency said she could neither discuss pending investigations - there are 1,200 of them - nor provide any figures on how many had been closed or how many convictions had been won. But in repeated congressional testimony this year, both FBI Director Louis B. Freeh and his top cybercop Michael Vatis, director at the National Infrastructure Protection Center, said the load is getting bigger all the time and asked Congress for millions of dollars in additional funds. "We are falling further behind," Freeh told a Senate subcommittee in February. Security experts, industry executives and law enforcement agents said there's plenty of blame to go around, from an inherently insecure infrastructure to industry's mistrust of law enforcement to ill-trained and ill-equipped police and federal agents. Scott Blake, who leads a squad of former white-hat hackers - dubbed the Razor Team - at Houston security firm BindView, said the biggest problem facing trackers of cybercriminals is that the Internet is suited to covering their tracks. "We've mostly been successful at catching people who aren't very good or who made a mistake along the way," he said. And that's only for the crimes law enforcement agencies know about. Corporate leaders, in many instances, simply never tell the outside world they've been victimized, to avoid spooking investors or customers. "Sometimes, if at the end of the day a company feels that it's just a nuisance attack, maybe they'd rather just ignore it," said Harris Miller, president of the Information Technology Association of America. That reluctance to expose a breach unless it's too big to be ignored has also created an air of mistrust between law enforcement and industry. Some companies fear that information they provide the FBI, for example, could wind up in the hands of their competitors or even the public through press briefings or Freedom of Information Act requests. Now, nine months after Attorney General Janet Reno proposed a formal alliance and after two high-level meetings with industry and government leaders in April and June, the framework for the Information Sharing Analysis Center is almost finished, Miller said. His organization is "the facilitator" of the plan to overcome the dialogue problem. The secret service, the other major federal law enforcement agency with computer crime jurisdiction, called industry cooperation the most important ingredient in successfully fighting computer crime. "It's getting a little better because they're starting to realize there's a benefit to working with law enforcement," said agent Keith Schwalm, one of the agency's primary electronic crime investigators. Still, companies are wary. "There is not always confidence in the private sector to work with the FBI and the NIPC, because they are afraid the regulatory hammer could come down, and because they're afraid of the potential for leaking," Cilluffo said. Fighting computer crime requires good cops who are skilled with computer technology. At the FBI, which has the largest single force of cybercops, there are 192 such special agents in its field offices, along with 120 others employed in various posts at the NIPC. That includes some people dispatched from other federal agencies, including the Central Intelligence Agency, the Department of Defense and the National Security Agency. State law enforcement agencies, often the first line in the cybercrime fight, have it much harder. "It's very expensive on every level - the equipment is expensive, the personnel are expensive, the training is expensive," Bubb said. Law enforcement agencies also tend to lose trained officers to the private sector, which can offer far better compensation packages. No matter how good the agency, it must still deal with the swamp that is international cooperation, where mistrust, national pride and complex treaties abound. And that may be one of the chief roadblocks in solving the Microsoft case, said GartnerGroup security analyst Bill Spernow, who has trained about 5,000 law enforcement officials, including some in the FBI. Spernow said the Microsoft intruder's immediate trail leads back to a server in St. Petersburg, Russia. The FBI maintains an office in Moscow, he said, and "their relationships with the Russian authorities are probably being exploited to the max," he said. In many cases, U.S. investigators face reluctant assistance from authorities in other countries because they do not have the same stake in catching an intruder. In some cases, such as Onel de Guzman, the Filipino suspected to be responsible for the Love Bug virus, no local laws covered computer crime. The Microsoft intruder may not be Russian, security experts emphasized. A knowledgeable cracker will make use of a server in a difficult-to-track region, such as Algeria, Iraq or Russia, and launch an attack from it. Even when an intruder can be tracked, few law enforcement agencies have the trained personnel or financing to engage in a long-term, forensic investigation to produce the evidence to convict someone. "Law enforcement in general is behind the eight ball. The FBI is attempting to get up to speed, but is nowhere near where it needs to be," Spernow said. Even when it's close to home- a cracker defaced the FBI's Web site in February. So far, nobody's in the slammer for that one. "It's a pending matter," the spokeswoman said. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Cracker Jacked! William Knowles (Nov 08)