Study Makes Less of Hack Threat

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/politics/0,1283,56382,00.html

By Noah Shachtman
Nov. 14, 2002 

Despite the panting about "cyberterrorists," and despite the scare 
mongering about venomous hackers preying on fragile federal networks, 
attacks on government computer systems are declining worldwide, 
according to a recently released report. 

In the United States, reported intrusions into government networks 
fell from 386 in 2001 to 162 in the first 10 months of 2002. 
Worldwide, such attacks have declined by about a third -- from 2,031 
last year to a projected 1,400 today. 

The report, from the British firm mi2g, comes just a day after the 
U.S. Justice Department indicted Londoner Gary McKinnon for breaking 
into military and NASA systems -- and the U.S. Congress approved a 
$903 million bill for beefing up computer security. 

"As we move forward in our war against terrorism, it will be as 
important for us to secure cyberspace as it will be for us to secure 
the homeland against malicious attack," Rep. Nick Smith (R-Mich.) said 
after the passage of the Cyber Security Research and Development Act. 

To many in the computer security world, mi2g's numbers show just how 
craven these sorts of statements are. 

The government hacking figures are like the "similar and consistent 
drop in violent crime statistics. Despite these facts, politicians 
have been claiming the public was under siege. Here we go again," 
wrote Oxblood Ruffin, founder of the Hacktivismo online action group, 
in an e-mail. "Threats will always be exaggerated because that's how 
one strip mines civil liberties. This is the real battleground." 

The anti-terrorist USA Patriot Act, signed into law by President Bush 
last October, makes it easier than ever for federal authorities to pry 
into e-mail, phone conversations, voice messages -- even Web surfing 
paths. It also punishes unauthorized computer access with up to five 
years in jail. 

This year's decrease in government intrusions has occurred while the 
overall level of hacks worldwide has risen, from 31,322 in 2001 to 
64,408 so far this year. That doesn't surprise Lawrence Walsh, editor 
of Information Security magazine. 

"Most of the attacks today are made by unsophisticated 'script 
kiddies' using off-the-shelf tools. What's the incentive for them to 
go after government systems?" Walsh asked. "There are more rewards 
available from attacking small- and medium-sized businesses -- like 
credit card information and financial data. And these networks are 
typically not as well-defended." 

Others in the computer security arena are reluctant to draw too many 
conclusions from the report. 

Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems 
to be relying solely on hacks that have been publicly documented. 

But the government is "increasingly reluctant to admit to the world 
that they've been hit," he said. 

Marquis Grove, editor of the Security News Portal, added in an e-mail, 
"Their statistics are basically worthless. Mi2g doesn't have a crystal 
ball or inside information from the U.S. government sources." 

Even if the report only counts the most obvious attacks against 
government networks, it does convey an important message, hackers 
noted. 

"There is no such thing (as cyberterrorism), currently. And I do not 
ever see such things taking place in the near future or distant 
future," Lilac Echo, who runs the security website WBGLinks, wrote in 
an e-mail. "Though it makes for good print, it's pure fiction. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.