http://www.wired.com/news/politics/0,1283,56382,00.html By Noah Shachtman Nov. 14, 2002 Despite the panting about "cyberterrorists," and despite the scare mongering about venomous hackers preying on fragile federal networks, attacks on government computer systems are declining worldwide, according to a recently released report. In the United States, reported intrusions into government networks fell from 386 in 2001 to 162 in the first 10 months of 2002. Worldwide, such attacks have declined by about a third -- from 2,031 last year to a projected 1,400 today. The report, from the British firm mi2g, comes just a day after the U.S. Justice Department indicted Londoner Gary McKinnon for breaking into military and NASA systems -- and the U.S. Congress approved a $903 million bill for beefing up computer security. "As we move forward in our war against terrorism, it will be as important for us to secure cyberspace as it will be for us to secure the homeland against malicious attack," Rep. Nick Smith (R-Mich.) said after the passage of the Cyber Security Research and Development Act. To many in the computer security world, mi2g's numbers show just how craven these sorts of statements are. The government hacking figures are like the "similar and consistent drop in violent crime statistics. Despite these facts, politicians have been claiming the public was under siege. Here we go again," wrote Oxblood Ruffin, founder of the Hacktivismo online action group, in an e-mail. "Threats will always be exaggerated because that's how one strip mines civil liberties. This is the real battleground." The anti-terrorist USA Patriot Act, signed into law by President Bush last October, makes it easier than ever for federal authorities to pry into e-mail, phone conversations, voice messages -- even Web surfing paths. It also punishes unauthorized computer access with up to five years in jail. This year's decrease in government intrusions has occurred while the overall level of hacks worldwide has risen, from 31,322 in 2001 to 64,408 so far this year. That doesn't surprise Lawrence Walsh, editor of Information Security magazine. "Most of the attacks today are made by unsophisticated 'script kiddies' using off-the-shelf tools. What's the incentive for them to go after government systems?" Walsh asked. "There are more rewards available from attacking small- and medium-sized businesses -- like credit card information and financial data. And these networks are typically not as well-defended." Others in the computer security arena are reluctant to draw too many conclusions from the report. Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems to be relying solely on hacks that have been publicly documented. But the government is "increasingly reluctant to admit to the world that they've been hit," he said. Marquis Grove, editor of the Security News Portal, added in an e-mail, "Their statistics are basically worthless. Mi2g doesn't have a crystal ball or inside information from the U.S. government sources." Even if the report only counts the most obvious attacks against government networks, it does convey an important message, hackers noted. "There is no such thing (as cyberterrorism), currently. And I do not ever see such things taking place in the near future or distant future," Lilac Echo, who runs the security website WBGLinks, wrote in an e-mail. "Though it makes for good print, it's pure fiction. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 05:58:51 PST