Re: [ISN] Cops see little hope in controlling computer crime

From: mea culpa (jerichoat_private)
Date: Sat Aug 08 1998 - 00:55:14 PDT

  • Next message: mea culpa: "[ISN] Upside: Down the Toliet 8.5.98 -- Hackers Go Pro"

    Reply From: Chris Wilson <cmw32at_private>
    > Cops see little hope in controlling computer crime
    This title strikes me as rather inappropriate. They're not trying to
    control computer crime generally, just crime against themselves - attacks
    on the [In]justice Department.
    > Invisible criminals Law enforcement officers say one of their biggest
    > challenges paradoxically remains knowing when a crime is committed. 
    Because of the nature of cyber crime, the definition of where a crime has
    been "committed" needs to be reviewed. A crime is actually committed in
    two places at once, the location of the cracker and the location of the
    victim. While this may seem obvious to us, it seems that it wasn't to the
    "journalist" who wrote the piece. God, I hate bad journalism.
    Mea Culpa, can I make a request that perhaps you might be able to filter
    off some of the really poor stuff you receive?
    > According to the DOJ's Charney, the number of cases involving encrypted
    > data climbed from three percent in 1996 to seven percent in 1997. If that
    > trend continues, he said, the only tactic left for law enforcement is to
    > increase its surveillance capabilities. 
    Maybe Mr Charney can tell me what on earth the connection is between
    encryption and the break-ins to the DOJ's computers? The teenage crackers
    arrested earlier this year as part of the "most sophisticated attack" on
    military computers ever (if I recall correctly the agency's own remarks at
    the time) didn't use encryption. I very much doubt whether encryption has
    EVER been involved in an attack on government computer systems.
    > "If privacy advocates get their way on encryption," said Charney, "they
    > may not be happy." 
    > With no way to read into encrypted electronic documents, he added, the FBI
    > and others will have to rely on capturing the evidence at the source. "And
    > that could really decrease privacy."
    This must be a mistake. If I understand correctly then "capturing evidence
    at source" means logging all packets going into or out of the Government's
    computers (unless of course the Government is going to take on the noble
    but impossible cause of trying to fight all crime on the Internet, not
    just crime against itself, by monitoring everything).This is what most
    major banks do anyway, for their own protection, and it's what the
    Government ought to have been doing in the first place if they cared about
    security. I don't see what impact this has on the privacy of Internet
    However, my main point is this: if privacy advocates DON'T get their way
    then we will all be sorry. Crackers are penetrating the Internet and other
    networks more and more all the time. There is no defence against them
    because no computer security is perrfect any more than perfect physical
    security exists (although an electronic equivalent of Alcatraz is maybe
    not impossible). Another point to consider is that it is considerably
    easier to keep people (or information) INSIDE than it is to keep them (it)
    outside. Breaking into Alcatraz would be an awful lot easier than breaking
    out of it.
    The best we can hope for (in the absence of any complete solution) is to
    protect ourselves with security, and security requires encryption. Even
    the meager encryption we are allowed to export for use in password files
    on Unix systems can be cracked in a few days in most cases. (Incidentally,
    Windows password files are worse). With a $200,000 machine, the EFF
    cracked an encrypted DES message in 2.5 days. Communications using DES are
    not secure, because a cracker with a $20,000 machine could probably crack
    the encryption key which protects ALL your data in 25 days and you
    wouldn't even know that he can now read all your documents, past, present
    and future.
    > Luck, or a trend? It's too early to tell, but Gardner, for one, seems
    > positive on the FBI's ability to prosecute. "If we know about it," she
    > said, "we can usually prosecute it." 
    That doesn't sound very reassuring to me. How often has the FBI "known"
    incorrect "facts"? And what happened to "innocence until proven guilty"?
    Ciao, Chris.
       ___ __     _  
     /'__// / ,__(_)_ Wilson <Chris.Wilsonat_private>
    / (_ / ,\/ _/ /_ \ Webmaster/SysAdmin/Timelord/BOFH/Programmer
    \__//_/_/_//_/___/ "1998 isn't MCMXCVIII. The Romans would have used MIIM"
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:44 PDT