FC: In SF this week; WashPost on counting hackers

[Declan McCullagh <declan () well com>]

[Just checked into my hotel... I will be in SF this week for the tax
advisory commission meeting. --DBM]


> From: Paul McMasters <Pmcmasters () freedomforum org>
> To: "Declan McCullagh (E-mail)" <declan () well com>
> Subject: Counting hackers
> Date: Mon, 13 Dec 1999 08:39:40 -0500
>
> Declan,
>
>       Your readers might be interested in this item from Vernon Loeb's
> "Back Channels" column in this morning's Washington Post:
>
> http://search.washingtonpost.com/wp-srv/WPlate/1999-12/13/068l-121399-idx.ht
> ml
>
> -pkm
>
> HACKING ABOUT: In his 1997 book "Corporate Espionage," Ira Winkler, a former
> analyst and computer expert at the National Security Agency, wrote that
> there were probably fewer than 200 "computer geniuses" in the world who
> could actually find software vulnerabilities and another 1,000 hackers
> talented enough to take the geniuses' findings and use them to attack
> computer networks. 
> Another 35,000 to 50,000 "clueless" hackers just take attacks that have
> already been published on the Internet and fire away. 
> Winkler updated his estimates in a recent interview, saying there are now
> probably 500 to 1,000 computer "geniuses" out there capable of finding
> vulnerabilities in operating systems, 5,000 talented hackers and 100,000
> "clueless" cybergeeks hacking around. 
> For anybody in charge of securing large data systems, it's not a pretty
> picture. But the good news, from a U.S. intelligence perspective, is that 60
> or 70 of those computer geniuses--and possibly more--work for the CIA, the
> National Security Agency and the Defense Department. They are on top of most
> major known vulnerabilities, Winkler said, and presumably have identified
> others that no one else knows about. 
> The CIA and the NSA "don't lack brainpower--they have lots of PhDs in
> computer science," said Winkler, who now runs his own company, the Internet
> Security Advisors Group in Severna Park, Md. 
> The problem, he says, is that many of those PhDs are doing other things
> besides developing information warfare strategies. "It's not that hard at
> all," Winkler said. "The process of finding bugs--it's just a matter of good
> software testing."



--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------