Reply From: Chris Wilson <cmw32at_private> > Cops see little hope in controlling computer crime This title strikes me as rather inappropriate. They're not trying to control computer crime generally, just crime against themselves - attacks on the [In]justice Department. > Invisible criminals Law enforcement officers say one of their biggest > challenges paradoxically remains knowing when a crime is committed. Because of the nature of cyber crime, the definition of where a crime has been "committed" needs to be reviewed. A crime is actually committed in two places at once, the location of the cracker and the location of the victim. While this may seem obvious to us, it seems that it wasn't to the "journalist" who wrote the piece. God, I hate bad journalism. Mea Culpa, can I make a request that perhaps you might be able to filter off some of the really poor stuff you receive? > According to the DOJ's Charney, the number of cases involving encrypted > data climbed from three percent in 1996 to seven percent in 1997. If that > trend continues, he said, the only tactic left for law enforcement is to > increase its surveillance capabilities. Maybe Mr Charney can tell me what on earth the connection is between encryption and the break-ins to the DOJ's computers? The teenage crackers arrested earlier this year as part of the "most sophisticated attack" on military computers ever (if I recall correctly the agency's own remarks at the time) didn't use encryption. I very much doubt whether encryption has EVER been involved in an attack on government computer systems. > "If privacy advocates get their way on encryption," said Charney, "they > may not be happy." > > With no way to read into encrypted electronic documents, he added, the FBI > and others will have to rely on capturing the evidence at the source. "And > that could really decrease privacy." This must be a mistake. If I understand correctly then "capturing evidence at source" means logging all packets going into or out of the Government's computers (unless of course the Government is going to take on the noble but impossible cause of trying to fight all crime on the Internet, not just crime against itself, by monitoring everything).This is what most major banks do anyway, for their own protection, and it's what the Government ought to have been doing in the first place if they cared about security. I don't see what impact this has on the privacy of Internet users. However, my main point is this: if privacy advocates DON'T get their way then we will all be sorry. Crackers are penetrating the Internet and other networks more and more all the time. There is no defence against them because no computer security is perrfect any more than perfect physical security exists (although an electronic equivalent of Alcatraz is maybe not impossible). Another point to consider is that it is considerably easier to keep people (or information) INSIDE than it is to keep them (it) outside. Breaking into Alcatraz would be an awful lot easier than breaking out of it. The best we can hope for (in the absence of any complete solution) is to protect ourselves with security, and security requires encryption. Even the meager encryption we are allowed to export for use in password files on Unix systems can be cracked in a few days in most cases. (Incidentally, Windows password files are worse). With a $200,000 machine, the EFF cracked an encrypted DES message in 2.5 days. Communications using DES are not secure, because a cracker with a $20,000 machine could probably crack the encryption key which protects ALL your data in 25 days and you wouldn't even know that he can now read all your documents, past, present and future. > Luck, or a trend? It's too early to tell, but Gardner, for one, seems > positive on the FBI's ability to prosecute. "If we know about it," she > said, "we can usually prosecute it." That doesn't sound very reassuring to me. How often has the FBI "known" incorrect "facts"? And what happened to "innocence until proven guilty"? Ciao, Chris. ___ __ _ /'__// / ,__(_)_ Wilson <Chris.Wilsonat_private> / (_ / ,\/ _/ /_ \ Webmaster/SysAdmin/Timelord/BOFH/Programmer \__//_/_/_//_/___/ "1998 isn't MCMXCVIII. The Romans would have used MIIM" -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:44 PDT