http://www.zdnet.com/tlkbck/comment/321/0,7091,112597-835650,00.html Name: Lewis Z. Koch Email: lzkochat_private Location: Occupation: With much regret, I write to suggest that this column is replete with errors of fact, as well as unproven allegations. Here is just one paragraph in the story that needs to be corrected --I quote: In 1998, the Pentagon computer system - the holiest of the holy - was hacked by a ring of five Israeli and three American hackers, who picked their target because of a shared dislike of organizations. Their attack was so fierce that early reports of what was later dubbed "Solar Sunrise" caused Rep. Curt Weldon, R-Pa., to conclude that the U.S. had entered a cyberwar. The perpetrators, all under the drinking age, were caught by a phenomenal joint American-Israeli law enforcement effort. No trial date has been set yet. First, the hack was conducted by one Israeli,not five. Only two Americans youths were involved not three, both of whom were 16-year-olds from Cloverdale, California. Second, they had no "shared dislike of organizations" [what ever that is.] Third, the "hack" was not conducted against the "Pentagon" but rather a computer at a military base. As I wrote in a column in this magazine on July 4,2001, "The hack could have been totally prevented if the military had only fixed the holes and vulnerabilities in its computer systems--holes and vulnerabilities it already knew existed...The fact is the military had been provided with the fixes months prior to the hack. It simply failed to do what it was instructed to do: fix the computers." I likened this to falling asleep in guard duty, which in combat, is punlishable by a firing squad. Smetannikov writes "Their attack was so fierce that early reports of what was later dubbed 'Solar Sunrise" caused Rep. Curt Weldon, R-Pa to conclude that the U.S. had entered a cyberwar." The attack was not fierce. What concerned military authorities --for less than 36 hours -- was the possibility that the "attack" was coming from somewhere in the Middle East as the THREE hackers were using various routes to disguise where the attack was coming from and who was doing it. Rep. Weldon's hysteria aside, even the NIPC, which "celebrated" its indentification of the three hackers admitted "In the end, the Solar Sunrise invasion of military sites proved to be purely recreation."So much for entering a cyberwar. Finally, in dealing only with this one paragraph in the column, it fails to mention that the punishment handed out to the California teens was a gentle slap on the wrist and a promise that they'd never do it again. The single Israeli hacker"Analyzer" -- Ehud Tennenbaum plus four 20-year-old Israeli on lookers -- were finally identified by American and Israeli forces -- remain relatively unconcerned.Many, including Tennenbaum are considering offers from computer security companies. Finally, I found it disturbing that much of the rest of the column relied on the allegations of Charles Neal, a 20-year veteran of the FBI, who reportedly investigated Kevin Mitnick (an instance where the FBI had to be told where to go to find Mitnick), the same Neal who claimes to have ended his government work with the Mafia Boy case (another instance of where the FBI had to be told by others who the hacker was and where he lived.) Neal now works as "vice president of cybertorrism and incident response at Exodus" the article tells us. Exodus is a company who sells security. This is its claim: Exodus has the expertise to help safeguard your enterprise at every level. Exodus combines a team of leading technology experts and a wide array of leading-edge products and services to provide you with the tools, techniques, and knowledge you need to protect your business. The sad fact is that -- given the technical state of affairs -- computer security is putting your finger in the dike to hold off a river of attacks well over the flood stage. Anyone claiming to be able to "safeguard your enterprise at every level" -- would be well advised to also get a "or your money back" guarantee. Back to "Spy Vs. Spy" http://www.zdnet.com/intweek/stories/news/0,4164,2767657,00.html ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 05:58:08 PDT