[ISN] Policy change makes it harder to track hackers, NASA official says

From: InfoSec News (isnat_private)
Date: Fri May 04 2001 - 02:56:00 PDT

  • Next message: InfoSec News: "[ISN] [defaced-commentary] NEC USA Defaced"

    http://www.govexec.com/dailyfed/0501/050301td.htm
    
    By Drew Clark
    National Journal's Technology Daily
    May 3, 2001
    
    A late-term change in the Clinton administration's approach to
    prosecuting cybercrime has made it much more difficult for NASA to
    track and prosecute hackers who attempt to penetrate its computer
    networks, a NASA network-protection office official said Monday.
    
    "NASA lost 90 percent of its ability to track and pursue [suspected
    computer] intruders because of changes in policy" by the Justice
    Department, said Stephen Nesbitt, director of operations in the
    computer-crimes division of NASA's network and advanced technologies
    protection office.
    
    According to Nesbitt, over the last year-and-a-half, the Justice
    Department's Computer Crime and Intellectual Property section began
    prohibiting federal agencies from electronically monitoring the
    actions of hackers who break into their systems. Under federal
    wiretapping statutes, system administrators of private computer
    networks may do such monitoring, but law enforcement officials are
    normally prohibited from doing so without a warrant.
    
    An official in the computer-crime section denied that there had been
    any change in policy. "We have always urged caution in terms of
    accepting the fruits of system monitoring" by federal agencies, said
    Phil Reitinger, deputy chief of the section. But he conceded that the
    agency's advice to federal agencies has changed with advances in
    "hacker tradecraft."
    
    Nesbitt said that NASA was barred from posting "banners" on their
    computer networks as a virtual "no trespassing" sign. Courts generally
    have ruled that such banners provide federal agencies with the consent
    they need to engage in electronic monitoring. But the Justice
    Department said NASA could no longer do that unless it posted a banner
    on every one of its 65,000 computer network connections.
    
    Nesbitt attributed the changes to the late-1999 departure of Scott
    Charney, former section chief, and his replacement by Marty
    Stansell-Gamm.
    
    Speaking at a conference called the "International Summit on Cyber
    Crime" sponsored by the National Institute for Government Innovation,
    Nesbitt called on participants--largely local law enforcement
    officials dealing with cyber crime--to urge support for legislation
    against cyber crime that would restore such self-defensive
    capabilities to Web site operators and government officials.
    
    "Law enforcement's job is to remove the threat," said Nesbitt. He said
    that NASA had worked for many years to cultivate a reputation as an
    agency that aggressively goes after hackers, and was worried that the
    policy change would undermine its tough-on-computer-intruders
    reputation.
    
    Speaking about the change in policy by the Justice Department, Nesbitt
    said that "different people do things different ways" and that "no one
    wants to make bad case law" or to force a lawsuit that could result in
    a negative ruling for the Justice Department.
    
    The policy change came at the same time that the Clinton
    administration was trying to balance privacy and security concerns in
    its anti-cyber crime legislative proposal. Some elements of the
    proposal were incorporated into legislation introduced by Sen. Orrin
    Hatch, R-Utah, and Sen. Charles Schumer, D-N.Y., but it never passed
    the House.
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Fri May 04 2001 - 15:00:25 PDT