Re: [ISN] FBI Needs Victim's Cooperation to Nab Comp Crooks

From: mea culpa (jerichot_private)
Date: Wed Oct 07 1998 - 14:45:43 PDT

  • Next message: mea culpa: "[ISN] Several Infowar Articles from Will Rodger"

    Reply From: Anonymous
    > Seattle's FBI office is in line for a high-tech upgrade - a team of
    > agents specially trained to counter a troubling trend, the rise of
    > computer crime.
    I heard *precisely* this same story in 1986, only the FBI techno-thinktank
    was then named as being in Chicago.  And for the past 12 years, it's still
    painfully apparent that the FBI is little more than the Keystroke Kops. 
    > Prosecutors and computer-security experts are concerned about one big
    > obstacle: a pattern of silence on the part of many computer-crime
    > victims.  One prosecutor even likened the situation to rape, with
    > victims worried about being re-victimized if they go public. 
    And that is a valid concern.  All too often, the FBI will tell
    computer-crime victims that there's nothing they can do; that they have
    more pressing concerns; that the financial damage isn't enough to warrant
    an investigation; and that the next time they're hit with yet another bout
    of harassment from their tormentors, they should "just ignore it." 
    Generic gripes?  I think not.  That is what happened to me in 1997.
    > Experts cite several reasons for the reluctance, including fear of
    > drawing attention to weaknesses that might attract other attacks,
    > liability questions, a perception that law enforcement isn't up to the
    > task and relatively light sentences when offenders are caught.
    All concerns are valid.  My experience alone more than amply proves it.
    > Even so, Seattle's new unit is part of a larger national effort to boost
    > confidence in law enforcement's ability to fight computer crime.  The
    > unit would add 11 agents to the regional office, plus about a half-dozen
    > non agent technical analysts with a computer-science background.
    If they learned about computers and networks in any school save for the
    School of Hard Knocks, they are clueless.  Technically competent, yes, but
    they couldn't find a tree in the forest.
    > Officials at FBI headquarters in Washington, D.C., say their proposed
    > 1999 budget includes $11.6 million to cover the cost of the new Seattle
    > squad as well as five similar Computer Analysis and Response Teams
    > around the country.  Funding comes in part from money freed up from Cold
    > War-era counterintelligence activities. A handful of big cities,
    > including New York, San Francisco and Washington, D.C., already have
    > such squads.
    Give me five hardcore hackers and five million dollars and I guarantee
    we'd have a more sophisticated, more effective and more newsworthy team.
    > The Seattle unit could also be called upon as part of a larger response
    > to cyberterrorists intent on pulling off the electronic equivalent of
    > the World Trade Center bombing.
    *rolling eyes*  Not the "digital Pearl Harbor" schtick AGAIN!
    > -- In 1994, criminals operating in several countries hacked into the
    > Citibank Cash Management System that is used for functions such as wire
    > transfers. They attempted 40 transfers totaling $10 million. 
    Four years is a LONG time ago in technological terms.
    > -- Late last year, authorities in this country and Israel arrested three
    > teenagers who are suspects in a series of intrusions into Department of
    > Defense and other government agencies' computers. 
    Those were glorified scriptkiddies who also happened to be media whores.
    They were begging to get caught!
    > "Roughly two years ago, the FBI had 100 pending (computer intrusion)
    > investigations. . . . Today, we have over 500," says Ken Geide, section
    > chief for the Computer Investigations and Operations section of the
    > National Infrastructure Protection Center, based in Washington, D.C. 
    And it's spit in the ocean, people.
    > Computer-crime statistics are scarce. For example, the most current
    > figures, from fiscal 1997, show that the number of FBI arrests increased
    > 950 percent from the previous year.  That's not terribly meaningful,
    > though, because the number of arrests jumped from four to 42.
    The reason the statistics are scarce is because most Law Enforcement
    agencies don't recognize computer intrusion as a crime and thus refuse to
    investigate.  You get 0wn3d in this world and you are _on_ your own.
    Don't expect J. Edgar's boys to so much as lift a finger to help you out, 
    in spite of this latest bout of media whoring.
    > In a similar vein, findings from a 1998 survey conducted jointly by the
    > FBI and Computer Security Institute indicate that computer crime is on
    > the rise.
    And how many millions did they waste to find out that PAINFULLY OBVIOUS
    > Given this trend, Prosecutor Schroeder thinks it's good news that the
    > local FBI office has been designated to receive a computer-crime squad.
    Too little, too late.  Too typical.
    > He recounts a case from the mid-1980s when an 18-year-old on the Eastside
    > got into at least 50 companies' computers - and only four complained to
    > police. 
    They're citing stuff from the 1980s??  They're really having to scrape the
    bottom of the barrel on this one.
    > The federal fraud-and-abuse computer statute was shaped in part by a
    > 6-year-old Seattle case, Schroeder recalls. In that case, two young Puget
    > Sound area men hacked their way into the computer system maintained by
    > U.S. District Court, and downloaded an encrypted password file. 
    I'm actually surprised.  I'd think a U.S. District Court would leave their
    password file lying around in plaintext.  Puh-LEEZE!  Grabbing /etc/passwd
    is child's play!  Strobe any machine with phf on it, invoke uname and cat
    /etc/passwd.  That's not exactly hacking!!
    > Then, the duo got into a Boeing supercomputer, which had the ability to
    > decrypt the courthouse password file, Schroeder says. That move gave
    > them "superuser" status in the courthouse system, meaning they could
    > read, alter or delete any file in the system.
    That's pretty simple stuff.  What's next?  Are we going to see a movie
    about these guys whistling redbox tones into the phone sometime soon??
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:51 PDT