[ISN] Why Kevin Mitnick Worries Me

From: InfoSec News (isnat_private)
Date: Sun Jan 05 2003 - 22:57:02 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "Enterprise Information Security", Peter Gregory"

    http://www.osopinion.com/perl/story/20358.html
    
    Contributed by James Maguire
    osOpinion.com 
    January 2, 2003 
    
    The solution to the ever-growing army of intruders is to beef up our
    cybercrime-fighting forces -- exponentially. The FBI created a new
    cybercrime unit in late 2001, but it doesn't appear to be enough.
    
    Things are looking good for Kevin Mitnick. In 2000, he completed a
    five-year prison term for computer crimes; this January, 39-year-old
    Mitnick will have his probation restrictions lifted. So Mitnick,
    probably the world's most notorious hacker , is on the verge of once
    again being free to use his computer.
    
    And that's just the start. He has a new book out, The Art of
    Deception: Controlling the Human Element of Security. He has launched
    his own corporate security company, Defensive Thinking (he presumably
    knows more about this subject than most, but after so many years
    locked up, isn't he rusty?)
    
    He just got his ham radio license back, and he'll be making extra cash
    by auctioning off his PCs that were seized as evidence. He's also
    negotiating with Oscar-winning actor Kevin Spacey to co-produce
    computer security training films. In short, he looks like one happy
    (former) hacker.
    
    Kind of Cool, But...
    
    I have to admit that I enjoy seeing Mitnick do well. He has something
    of the folk hero about him, a lone PC virtuoso, nimbly cracking code
    to enter monolithic corporate networks. He's the Jesse James of the IT
    age.
    
    But something worries me about Mitnick's situation if I think about it
    for more than a few moments. His highly publicized case makes it look
    like hackers are getting caught. The specter of this hacking virtuoso
    sent off to the big house makes it seem as if there's an effective
    cybercrime-fighting force in the United States.
    
    Different Sophistication Levels
    
    As has been widely reported, computer crime is very much on the rise
    -- and law enforcement officials are no match for today's hackers.  
    Kevin Mitnick, however reformed he may be, is not the only happy
    hacker running free. There are plenty of them.
    
    The elite hackers of 2003 are more cunning than ever before. And,
    based on the fact that plenty of high-profile cybercrimes have gone
    unsolved, they are apparently also more cunning than the good folks
    who are fighting them.
    
    Peruse the news and you'll find plenty of major cases that are
    unsolved. Malicious intrusions at Western Union, Playboy.com, Egghead
    and other sites demonstrate that the black hatters are staying several
    keystrokes ahead of their pursuers.
    
    Helping the Good Side
    
    The solution to the ever-growing army of intruders is to beef up our
    cybercrime-fighting forces -- exponentially. The FBI created a new
    cybercrime unit in late 2001, but it doesn't appear to be enough.  
    Compared with the many headlines that announce new computer
    intrusions, notice how few headlines trumpet arrests.
    
    If we don't bulk up our anti-hacking forces, the fight against network
    intrusion will become that much more lopsided. In fact, it's not
    unlikely that network security will deteriorate until e-commerce and
    other Net-related activities are severely dampened by lack of user
    trust. And at that point, we'll need more than Kevin Mitnick's new
    book to help us.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 08:35:57 PST