[ISN] Study Makes Less of Hack Threat

From: InfoSec News (isnat_private)
Date: Fri Nov 15 2002 - 03:18:19 PST

  • Next message: InfoSec News: "[ISN] Updated C4I.org page"

    http://www.wired.com/news/politics/0,1283,56382,00.html
    
    By Noah Shachtman
    Nov. 14, 2002 
    
    Despite the panting about "cyberterrorists," and despite the scare 
    mongering about venomous hackers preying on fragile federal networks, 
    attacks on government computer systems are declining worldwide, 
    according to a recently released report. 
    
    In the United States, reported intrusions into government networks 
    fell from 386 in 2001 to 162 in the first 10 months of 2002. 
    Worldwide, such attacks have declined by about a third -- from 2,031 
    last year to a projected 1,400 today. 
    
    The report, from the British firm mi2g, comes just a day after the 
    U.S. Justice Department indicted Londoner Gary McKinnon for breaking 
    into military and NASA systems -- and the U.S. Congress approved a 
    $903 million bill for beefing up computer security. 
    
    "As we move forward in our war against terrorism, it will be as 
    important for us to secure cyberspace as it will be for us to secure 
    the homeland against malicious attack," Rep. Nick Smith (R-Mich.) said 
    after the passage of the Cyber Security Research and Development Act. 
    
    To many in the computer security world, mi2g's numbers show just how 
    craven these sorts of statements are. 
    
    The government hacking figures are like the "similar and consistent 
    drop in violent crime statistics. Despite these facts, politicians 
    have been claiming the public was under siege. Here we go again," 
    wrote Oxblood Ruffin, founder of the Hacktivismo online action group, 
    in an e-mail. "Threats will always be exaggerated because that's how 
    one strip mines civil liberties. This is the real battleground." 
    
    The anti-terrorist USA Patriot Act, signed into law by President Bush 
    last October, makes it easier than ever for federal authorities to pry 
    into e-mail, phone conversations, voice messages -- even Web surfing 
    paths. It also punishes unauthorized computer access with up to five 
    years in jail. 
    
    This year's decrease in government intrusions has occurred while the 
    overall level of hacks worldwide has risen, from 31,322 in 2001 to 
    64,408 so far this year. That doesn't surprise Lawrence Walsh, editor 
    of Information Security magazine. 
    
    "Most of the attacks today are made by unsophisticated 'script 
    kiddies' using off-the-shelf tools. What's the incentive for them to 
    go after government systems?" Walsh asked. "There are more rewards 
    available from attacking small- and medium-sized businesses -- like 
    credit card information and financial data. And these networks are 
    typically not as well-defended." 
    
    Others in the computer security arena are reluctant to draw too many 
    conclusions from the report. 
    
    Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems 
    to be relying solely on hacks that have been publicly documented. 
    
    But the government is "increasingly reluctant to admit to the world 
    that they've been hit," he said. 
    
    Marquis Grove, editor of the Security News Portal, added in an e-mail, 
    "Their statistics are basically worthless. Mi2g doesn't have a crystal 
    ball or inside information from the U.S. government sources." 
    
    Even if the report only counts the most obvious attacks against 
    government networks, it does convey an important message, hackers 
    noted. 
    
    "There is no such thing (as cyberterrorism), currently. And I do not 
    ever see such things taking place in the near future or distant 
    future," Lilac Echo, who runs the security website WBGLinks, wrote in 
    an e-mail. "Though it makes for good print, it's pure fiction. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 05:58:51 PST