[ISN] FBI Blasts Reluctant Hackees

From: InfoSec News (isnat_private)
Date: Tue May 01 2001 - 17:43:07 PDT

  • Next message: InfoSec News: "[ISN] Microsoft tells US Air Force to bug off"

    http://www.wired.com/news/politics/0,1283,43451,00.html
    
    By Ryan Sager
    2:00 a.m. May. 1, 2001 PDT
    
    WASHINGTON -- When U.S. and international police gathered Monday for a
    cybercrime summit, they spent almost as much time complaining about
    unhelpful businesses as malicious hackers.
    
    David Townsend, a member of the FBI's technology task force, chastised
    corporations for under-reporting intrusions.
    
    "There are some big players with a significant interest in keeping
    their problems quiet," Townsend told the National Institute for
    Government Innovation's second cybercrime summit.
    
    Townsend said managers believe that admitting to a hack could hurt
    public perception, even driving stock prices down. (He quipped that
    tech shares had little room left to fall.)
    
    Kevin Mandia, director of computer forensics at Foundstone, said that
    out of 11 recent hacking incidents he handled, not one company decided
    to involve law enforcement.
    
    Robert McKoskey of MBNA, the United States' largest credit card firm,
    said: "Why would I even want to deal with law enforcement? I might
    even have some leverage with my bad guy if I don't prosecute."
    
    Another complaint: Judges aren't nearly strict enough, especially with
    juvenile hackers who run afoul of the law.
    
    Mike Clark, a defense attorney with Hamel, Bowers & Clark, said:
    "Judges give (hackers) very low sentences -- typically no more than 4
    to 11 months."
    
    While the U.S. Sentencing Commission is scheduled to send new
    guidelines dealing with cybercrime to Congress on Tuesday --
    essentially tripling sentences for fraud -- they may have little
    impact.
    
    Clark said judges use the current guidelines as "downward points of
    departure," meaning they tend to give lighter sentences than
    prescribed, on the assumption that malicious hackers are non-violent
    and don't belong behind bars.
    
    During a luncheon address, James Perry of Scotland Yard offered an
    international perspective that echoed the FBI's comments.
    
    "People talk too glibly about how public and private entities have to
    work in partnership," Perry said. "We have to acknowledge that there
    are problems."
    
    "We need some international agreements to move things along," Perry
    said, talking about the controversial cybercrime treaty being drafted
    by the United States and Council of Europe nations.
    
    Last week, an Estonian socialist said the treaty should ban "hateful"
    Web pages -- which would run afoul of the First Amendment in the
    United States.
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Wed May 02 2001 - 01:49:10 PDT