FBI Chief's Appeal to Hackers

[InfoSec News <isn () C4I ORG>]

http://www.wired.com/news/politics/0,1283,42310,00.html

by Michelle Delio
12:25 p.m. Mar. 8, 2001 PST

Calling all nerds -- the Federal Bureau of Investigation wants you.

FBI Director Louis Freeh says the FBI badly needs the technology
community's support and assistance in "one of the bureau's most
challenging areas of investigation: cybercrime and computer security."

During a speech to the Fairfax County Chamber of Commerce in Virginia
on Wednesday, Freeh said the FBI wants to work more closely with the
technology industry and would like to establish relationships in order
to share "codes and insight into networks and computer systems."

The speech was greeted with mixed emotions by the crowd, consisting
primarily of members of Virginia's technology community.

Concerns were raised over how information shared with the FBI would be
used, and whether the FBI would understand the difference between
"cracking" and "hacking," said Mark Daniels, a consultant with
Compservices.

"Some of us wondered what the FBI's reaction would be to a report of a
security hole that was discovered by the sort of surreptitious
snooping around that some of us techies do on a regular basis,"
Daniels said.

Daniels found confirmation for his fears -- and a touch of irony --
when the FBI was "honored" later on Wednesday with a Big Brother award
from Privacy International at the Computers, Freedom and Privacy
Conference.

Big Brother awards are given out annually to government agencies,
companies and initiatives that have invaded personal privacy. The FBI
headed the list of this year's "Big Brothers" for its Carnivore e-mail
surveillance system, which was judged the "Most Invasive Proposal."

Carnivore can monitor all the information that moves through an
Internet service provider's servers.

Freeh did address privacy concerns in his speech, but only from the
standpoint of law enforcement.

He said that encryption is making it harder for the FBI to investigate
cybercrime, and also said that criminals are hiring programmers to
help protect and transmit sensitive information -- an allegation that
seemed to pique the crowd's interest.

"At least I know I'll have somewhere to go if all the dot-coms die,"
joked one person, in a note that was passed among his co-workers.

The FBI is focusing strongly on using and understanding technology,
Freeh said, noting that each graduate from Quantico -- the bureau's
training academy -- now gets a laptop along with his or her badge.

Freeh also spoke about how terrorists use e-mail and the Web to plot
and plan attacks, but said the bureau is also concerned about the
escalating numbers of computer viruses and Internet fraud cases.

He said that cybercrime can be the work of individuals as well, citing
a case of a person who cracked his way into a hospital's database and
altered a court witness' prescriptions, in the hopes of killing the
witness.

But Freeh said that the biggest problem facing the Internet as a whole
is the "astronomical" increase in denial-of-service attacks.

The FBI plans to combat these attacks by intensifying its efforts in
the FBI-hosted National Infrastructure Prevention Center.

Freeh said that nine federal agencies participate in the center's
work, both responding to attacks that are in progress and developing
measures to stop future attacks.

He did not detail what methods might be under development to prevent
other denial-of-service attacks.

The FBI sometimes seems a bit overwhelmed by cybercrime.

At a conference held last week in Florida, FBI special agent Alan
Carroll gave a speech in which he said, "We have to button up the
holes in our critical infrastructure."

According to some in attendance, Carroll sounded a bit weary when he
told the assembled crowd, "Every time someone hacks into a government
agency, organization or company, and the hacker is found and the hole
patched, it seems that another hacker springs up."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".