[ISN] Most Hacks Are Inside Jobs

From: mea culpa (jerichoat_private)
Date: Thu Feb 11 1999 - 18:43:26 PST

  • Next message: mea culpa: "[ISN] Freemail Vulnerabilities"

    Most Hacks Are Inside Jobs
    by Daniel Rubin, Medill News Service
    February 9, 1999, 3:35 p.m. PT
    FBI director urges encryption keys to protect businesses from internal
    WASHINGTON -- The greatest threat to the security of American companies'
    computer networks isn't an outside hacker, FBI Director Louis Freeh told a
    group of business leaders Tuesday. It isn't a foreign intelligence agency,
    Employees or former employees who have an ax to grind with their bosses or
    who sell corporate information for cash are the greatest sources of stolen
    corporate secrets and data, Freeh said at a meeting of the U.S. Chamber of
    "Disgruntled former employees and dishonest, greedy employees are a
    serious danger," Freeh said. "It is an area of critical vulnerability for
    Freeh said that such internal threats justify the Clinton administration's
    efforts to require encryption "keys" for law enforcement officials. These
    keys could unlock encrypted corporate data that might have been sealed by
    a disgruntled employee. 
    "It is the equivalent of someone locking your house from the inside and
    keeping the key," Freeh said. 
    Privacy Concerns
    Privacy groups, as well as several coalitions of high-tech firms, have
    opposed this type of key or other access to encryption software. The issue
    is tied to opposition to export controls on encryption software. 
    "What we are looking for is a more balanced policy," said Dave McCurdy,
    president of the Electronic Industries Alliance, prior to Freeh's speech. 
    "We are seeking a relaxation of export controls." 
    While Freeh focused on internal threats, the conference dealt mostly with
    external threats to corporate computer security and trade secrets. 
    Representatives from firms ranging from Cisco Systems to Coca-Cola
    Jeffrey Moss, who is known in computer hacking circles as Dark Tangent,
    talked about the ease of obtaining hacking software over the Internet. 
    "A few years ago, these programs were traded among hackers like baseball
    cards," said Moss, who runs a computer network security-assessment
    service.  "Now anybody who can search Yahoo can get these things." 
    As a computer security consultant, Moss now hacks into corporate systems
    to test network defenses. He said he has failed to crack a system only
    once, and that system belonged to a bank. 
    "The biggest problem is that people don't even know their own networks," 
    said Moss. "If the people who built the network are gone, then new people
    won't know what it looks like."
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:40 PDT