Re: [ISN] Policy change makes it harder to track hackers, NASA official says

From: Jay D. Dyson (jdysonat_private)
Date: Fri May 04 2001 - 15:44:08 PDT

  • Next message: InfoSec News: "[ISN] Secrecy News -- 05/02/01"

    -----BEGIN PGP SIGNED MESSAGE-----
    
    On Fri, 4 May 2001, InfoSec News wrote:
    
    > According to Nesbitt, over the last year-and-a-half, the Justice
    > Department's Computer Crime and Intellectual Property section began
    > prohibiting federal agencies from electronically monitoring the actions
    > of hackers who break into their systems. Under federal wiretapping
    > statutes, system administrators of private computer networks may do such
    > monitoring, but law enforcement officials are normally prohibited from
    > doing so without a warrant.
    
            Law enforcement agencies (such as the OIG) typically *don't* do
    such because many in their ranks don't have the technical expertise.  And
    those who do are highly overworked as it is.  Instead, they rely on
    regular non-LEA admins to do the monitoring and fork over their logs.
    
    > Nesbitt said that NASA was barred from posting "banners" on their
    > computer networks as a virtual "no trespassing" sign. Courts generally
    > have ruled that such banners provide federal agencies with the consent
    > they need to engage in electronic monitoring. But the Justice Department
    > said NASA could no longer do that unless it posted a banner on every one
    > of its 65,000 computer network connections.
    
            So *THAT'S* what that mess was all about.  Nobody within NASA ever
    bothered explaining the rationale of pushing for such widespread banner
    implementation while they totally ignored common exposures and
    vulnerabilities across all centers.  Nice to know what the reasoning was,
    though it would have made more sense to simply *secure* the sites rather
    than run around and force everyone to put up a ridiculous banner that had
    about as much stopping power as a sheet of tissue.
    
    > "Law enforcement's job is to remove the threat," said Nesbitt. He said
    > that NASA had worked for many years to cultivate a reputation as an
    > agency that aggressively goes after hackers, and was worried that the
    > policy change would undermine its tough-on-computer-intruders
    > reputation.
    
            Rubbish.  LEAs do not function as proactive agencies.  They are a
    *exclusively* reactive and only respond after a threat has been made an
    act.  LEAs only step in *after* something's been blown to from here to
    Toledo.  Even then, they only take notes while the affected parties are
    left to pick up the pieces on their own.  They don't issue advisories
    (NASA policy prohibits *everyone* involved in an investigation from making
    public the nature of an intrusion), nor do they provide any meaningful
    assistance in preventing a recurrence of the intrusion.  If they were
    truly tasked to "remove the threat," then they should be focusing on those
    two simple actions rather than trying to convince other branches of
    government to push through "tougher laws."
    
    - -Jay
    
      (    (                                                          _______
      ))   ))   .- "There's always time for a good cup of coffee" -.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) |    = |-'
     `--' `--'  `---------- "Si vis pacem, para bellum." ----------'  `------'
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    
    iQCVAwUBOvMirNCClfiU/BIVAQEtFwQAr0ZQIys06lYPq4s9k7JpjowERf//S7Wf
    HhMhtFga5hQV7MnPWq/pD+9Ojo+kBIzAKf2SiX4KM9OCucN/SRja/ISU/5FVN4qF
    jvj6hnlohM/UApGsoMm7FUbEQYa1P8SMIKkU31HlcpvPKwlrXVAl+e/bJMH/6e8g
    Fu0w2txIeXs=
    =U5jw
    -----END PGP SIGNATURE-----
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Sun May 06 2001 - 23:53:42 PDT