Most Hacks Are Inside Jobs by Daniel Rubin, Medill News Service February 9, 1999, 3:35 p.m. PT FBI director urges encryption keys to protect businesses from internal sabotage. WASHINGTON -- The greatest threat to the security of American companies' computer networks isn't an outside hacker, FBI Director Louis Freeh told a group of business leaders Tuesday. It isn't a foreign intelligence agency, either. Employees or former employees who have an ax to grind with their bosses or who sell corporate information for cash are the greatest sources of stolen corporate secrets and data, Freeh said at a meeting of the U.S. Chamber of Commerce. "Disgruntled former employees and dishonest, greedy employees are a serious danger," Freeh said. "It is an area of critical vulnerability for us." Freeh said that such internal threats justify the Clinton administration's efforts to require encryption "keys" for law enforcement officials. These keys could unlock encrypted corporate data that might have been sealed by a disgruntled employee. "It is the equivalent of someone locking your house from the inside and keeping the key," Freeh said. Privacy Concerns Privacy groups, as well as several coalitions of high-tech firms, have opposed this type of key or other access to encryption software. The issue is tied to opposition to export controls on encryption software. "What we are looking for is a more balanced policy," said Dave McCurdy, president of the Electronic Industries Alliance, prior to Freeh's speech. "We are seeking a relaxation of export controls." While Freeh focused on internal threats, the conference dealt mostly with external threats to corporate computer security and trade secrets. Representatives from firms ranging from Cisco Systems to Coca-Cola attended. Jeffrey Moss, who is known in computer hacking circles as Dark Tangent, talked about the ease of obtaining hacking software over the Internet. "A few years ago, these programs were traded among hackers like baseball cards," said Moss, who runs a computer network security-assessment service. "Now anybody who can search Yahoo can get these things." As a computer security consultant, Moss now hacks into corporate systems to test network defenses. He said he has failed to crack a system only once, and that system belonged to a bank. "The biggest problem is that people don't even know their own networks," said Moss. "If the people who built the network are gone, then new people won't know what it looks like." -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:40 PDT