Cracker Jacked!

[William Knowles <wk () C4I ORG>]

http://www.zdnet.com/intweek/stories/news/0,4164,2650218,00.html

By Rory J. O'Connor, Interactive Week
November 5, 2000 8:23 PM ET

The most noteworthy aspect of the computer intrusion against Microsoft
in late October may be that, in this case, someone might actually be
caught and charged with the crime.

If not, Microsoft will simply have become the latest, albeit
high-profile, victim of a legion of crackers and other computer
criminals who, for the most part, perform their perfidy with impunity.

Despite the investment of millions of dollars in federal and state law
enforcement efforts, the number of open computer crime cases at the
Federal Bureau of Investigation is growing far faster than the agency
can solve them. While many of the crimes are still in the nuisance
category, the imbalance between cop and cracker appears likely to
continue until a number of significant changes occur on both the
enforcement and prevention fronts.

"When you talk law enforcement, they really are behind the power
curve," said Frank Cilluffo, director of the information assurance
task force at the Center for Strategic and International Studies, a
Washington, D.C., think tank.

While some experts said authorities stand a reasonable chance of
nabbing the Microsoft crackers because the attack was amateurish,
there are thousands of other computer crimes for which nobody has or
likely will be caught. Even as the FBI is warning against the
Internetwide spread of political cracking attacks in the Middle East,
computer crime remains a long step ahead of efforts to fight it.

"There's been an avalanche of cases because the Internet has
mushroomed in the past four or five years," said Christopher Bubb, New
Jersey's deputy attorney general, the state's chief computer crime
prosecutor. "To the extent that law enforcement is dealing with it,
we're doing it in a reactive mode, trying to assess the greatest
threats, deal with them and try to catch up."

The FBI was unable to provide an official for interview by our
deadline. Also, a spokeswoman at the agency said she could neither
discuss pending investigations - there are 1,200 of them - nor provide
any figures on how many had been closed or how many convictions had
been won. But in repeated congressional testimony this year, both FBI
Director Louis B. Freeh and his top cybercop Michael Vatis, director
at the National Infrastructure Protection Center, said the load is
getting bigger all the time and asked Congress for millions of dollars
in additional funds.

"We are falling further behind," Freeh told a Senate subcommittee in
February.

Security experts, industry executives and law enforcement agents said
there's plenty of blame to go around, from an inherently insecure
infrastructure to industry's mistrust of law enforcement to
ill-trained and ill-equipped police and federal agents.

Scott Blake, who leads a squad of former white-hat hackers - dubbed
the Razor Team - at Houston security firm BindView, said the biggest
problem facing trackers of cybercriminals is that the Internet is
suited to covering their tracks.

"We've mostly been successful at catching people who aren't very good
or who made a mistake along the way," he said.

And that's only for the crimes law enforcement agencies know about.
Corporate leaders, in many instances, simply never tell the outside
world they've been victimized, to avoid spooking investors or
customers.

"Sometimes, if at the end of the day a company feels that it's just a
nuisance attack, maybe they'd rather just ignore it," said Harris
Miller, president of the Information Technology Association of
America.

That reluctance to expose a breach unless it's too big to be ignored
has also created an air of mistrust between law enforcement and
industry. Some companies fear that information they provide the FBI,
for example, could wind up in the hands of their competitors or even
the public through press briefings or Freedom of Information Act
requests.

Now, nine months after Attorney General Janet Reno proposed a formal
alliance and after two high-level meetings with industry and
government leaders in April and June, the framework for the
Information Sharing Analysis Center is almost finished, Miller said.
His organization is "the facilitator" of the plan to overcome the
dialogue problem.

The secret service, the other major federal law enforcement agency
with computer crime jurisdiction, called industry cooperation the most
important ingredient in successfully fighting computer crime.

"It's getting a little better because they're starting to realize
there's a benefit to working with law enforcement," said agent Keith
Schwalm, one of the agency's primary electronic crime investigators.

Still, companies are wary. "There is not always confidence in the
private sector to work with the FBI and the NIPC, because they are
afraid the regulatory hammer could come down, and because they're
afraid of the potential for leaking," Cilluffo said.

Fighting computer crime requires good cops who are skilled with
computer technology. At the FBI, which has the largest single force of
cybercops, there are 192 such special agents in its field offices,
along with 120 others employed in various posts at the NIPC. That
includes some people dispatched from other federal agencies, including
the Central Intelligence Agency, the Department of Defense and the
National Security Agency.

State law enforcement agencies, often the first line in the cybercrime
fight, have it much harder.

"It's very expensive on every level - the equipment is expensive, the
personnel are expensive, the training is expensive," Bubb said.

Law enforcement agencies also tend to lose trained officers to the
private sector, which can offer far better compensation packages.

No matter how good the agency, it must still deal with the swamp that
is international cooperation, where mistrust, national pride and
complex treaties abound. And that may be one of the chief roadblocks
in solving the Microsoft case, said GartnerGroup security analyst Bill
Spernow, who has trained about 5,000 law enforcement officials,
including some in the FBI.

Spernow said the Microsoft intruder's immediate trail leads back to a
server in St. Petersburg, Russia. The FBI maintains an office in
Moscow, he said, and "their relationships with the Russian authorities
are probably being exploited to the max," he said.

In many cases, U.S. investigators face reluctant assistance from
authorities in other countries because they do not have the same stake
in catching an intruder. In some cases, such as Onel de Guzman, the
Filipino suspected to be responsible for the Love Bug virus, no local
laws covered computer crime.

The Microsoft intruder may not be Russian, security experts
emphasized. A knowledgeable cracker will make use of a server in a
difficult-to-track region, such as Algeria, Iraq or Russia, and launch
an attack from it.

Even when an intruder can be tracked, few law enforcement agencies
have the trained personnel or financing to engage in a long-term,
forensic investigation to produce the evidence to convict someone.
"Law enforcement in general is behind the eight ball. The FBI is
attempting to get up to speed, but is nowhere near where it needs to
be," Spernow said.

Even when it's close to home- a cracker defaced the FBI's Web site in
February. So far, nobody's in the slammer for that one. "It's a
pending matter," the spokeswoman said.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".